15 mins read
ISIS Metric – 2nd trap, the unexpected impact of wide-metrics-only
1. Intro
In this part we will focus on the use unexpected impact of the wide-metrics-only knob.
But before that, let’s remind ourselves that this post is part of a 3 part series about the impact of ISIS Narrow and Wide metrics:
- 1st part – in the previous post we saw the unexpected impact of using both Narrow and Wide by default
- 2nd part – in this post we will cover the unexpected impact of configuring
wide-metrics-only - 3rd part – and finally we will cover the differences between IPv4 and IPv6 related to this metric topic
2. The test topology
We will update our test topology to demonstrate the impact of configuring wide-metrics-only. We will make the following updates:
- All links have metric 1000
- R1 and R2 will be L2 routers in Area 49.001, the backbone or our network.
- R4 is a L1/L2 router in Area 49.002, the ABR.
- R3 and R5 are L1 routers in Area 49.002.
- R5 is the ASBR, redistributing external routes to ISIS.
Let’s see the ISIS configuration:
root@r4> show configuration | display set | match "protocols isis|ISIS-EXPORT|aggregate"
set policy-options policy-statement ISIS-EXPORT term L2-lo0-to-L1 from protocol isis
set policy-options policy-statement ISIS-EXPORT term L2-lo0-to-L1 from level 2
set policy-options policy-statement ISIS-EXPORT term L2-lo0-to-L1 from route-filter 17.0.0.0/24 prefix-length-range /32-/32
set policy-options policy-statement ISIS-EXPORT term L2-lo0-to-L1 to level 1
set policy-options policy-statement ISIS-EXPORT term L2-lo0-to-L1 then accept
set policy-options policy-statement ISIS-EXPORT term EXTERNAL-ROUTES from route-filter 192.168.0.0/22 exact
set policy-options policy-statement ISIS-EXPORT term EXTERNAL-ROUTES to level 2
set policy-options policy-statement ISIS-EXPORT term EXTERNAL-ROUTES then accept
set routing-options aggregate route 192.168.0.0/22
set protocols isis interface ge-0/0/1.0 level 2 metric 1000
set protocols isis interface ge-0/0/1.0 point-to-point
set protocols isis interface ge-0/0/2.0 level 1 metric 1000
set protocols isis interface ge-0/0/2.0 point-to-point
set protocols isis interface lo0.0 passive
set protocols isis level 1 wide-metrics-only
set protocols isis level 2 wide-metrics-only
set protocols isis export ISIS-EXPORT
root@r3> show configuration protocols isis | display set
set protocols isis interface ge-0/0/1.0 point-to-point
set protocols isis interface ge-0/0/2.0 level 1 metric 1000
set protocols isis interface ge-0/0/2.0 point-to-point
set protocols isis interface ge-0/0/3.0 level 1 metric 1000
set protocols isis interface ge-0/0/3.0 point-to-point
set protocols isis interface lo0.0 passive
set protocols isis level 2 disable
root@r5> show configuration | display set | match "protocols isis|TO-ISIS"
set policy-options policy-statement TO-ISIS term STATIC from protocol static
set policy-options policy-statement TO-ISIS term STATIC from route-filter 192.168.1.0/24 exact
set policy-options policy-statement TO-ISIS term STATIC from route-filter 192.168.2.0/24 exact
set policy-options policy-statement TO-ISIS term STATIC from route-filter 192.168.3.0/24 exact
set policy-options policy-statement TO-ISIS term STATIC then accept
set protocols isis interface ge-0/0/1.0 level 1 metric 1000
set protocols isis interface ge-0/0/1.0 point-to-point
set protocols isis interface lo0.0 passive
set protocols isis level 2 disable
set protocols isis export TO-ISISLet’s breakdown what is happening here:
- One impact that we already know is about the metric that is limited silently to 63 on routers R3 and R5 which are still using the defaults (both Narrow and Wide).
- On R5 we are redistributing 3 x 192.168.x.0/24 ranges. We can see these routes in the ISIS database as external and they have 160 AD.
- The requirement here is to not advertise the 3 x 192.x.0/24 routes to the L2 backbone area. Because L1 routes are not advertised to the L2 area, automatically the requirement will be met.
- Instead of advertising the 3 x 192.x.0/24 routes to the L2 backbone area we will only advertise a summarized route to the L2 backbone area: 192.168.0.0/22.
Let’s see all of this in the CLI output:
### Notice the low metric from R5 to R1, it should be 4000 but instead is 2126 instead.
### This is because R3 and R5 links are limited to max 63 metric.
root@r5# run show route 17.0.0.0/24
inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
17.0.0.1/32 *[IS-IS/18] 00:00:06, metric 2126
> to 17.8.4.1 via ge-0/0/1.0
17.0.0.2/32 *[IS-IS/18] 00:00:06, metric 1126
> to 17.8.4.1 via ge-0/0/1.0
17.0.0.3/32 *[IS-IS/15] 00:12:25, metric 63
> to 17.8.4.1 via ge-0/0/1.0
17.0.0.4/32 *[IS-IS/15] 00:00:06, metric 126
> to 17.8.4.1 via ge-0/0/1.0
17.0.0.5/32 *[Direct/0] 4d 04:19:23
> via lo0.0
### Notice the 63 metric on the ISIS database. ### More importantly, we can also see the 3 routes as External in the ISIS database:
root@r5# run show isis database r5.00-00 extensive
IS-IS level 1 link-state database:
r5.00-00 Sequence: 0x6, Checksum: 0xf9e1, Lifetime: 513 secs
IS neighbor: r3.00 Metric: 63
Two-way fragment: r3.00-00, Two-way first fragment: r3.00-00
IP prefix: 17.0.0.5/32 Metric: 0 Internal Up
IP prefix: 17.8.4.0/24 Metric: 63 Internal Up
IP prefix: 128.49.239.220/32 Metric: 0 Internal Up
IP prefix: 192.168.1.0/24 Metric: 0 External Up
IP prefix: 192.168.2.0/24 Metric: 0 External Up
IP prefix: 192.168.3.0/24 Metric: 0 External Up
V6 prefix: 2001:db88::5/128 Metric: 0 Internal Up
V6 prefix: 2001:db88:8:4::/64 Metric: 63 Internal Up
V6 prefix: abcd::128:49:239:220/128 Metric: 0 Internal Up
Header: LSP ID: r5.00-00, Length: 381 bytes
Allocated length: 1492 bytes, Router ID: 17.0.0.5
Remaining lifetime: 513 secs, Level: 1, Interface: 0
Estimated free bytes: 1140, Actual free bytes: 1111
Aging timer expires in: 513 secs
Protocols: IP, IPv6
Packet: LSP ID: r5.00-00, Length: 381 bytes, Lifetime : 1198 secs
Checksum: 0xf9e1, Sequence: 0x6, Attributes: 0x1 <L1>
NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes
Packet type: 18, Packet version: 1, Max area: 0
TLVs:
Area address: 49.0002 (3)
LSP Buffer Size: 1492
Speaks: IP
Speaks: IPV6
IP router id: 17.0.0.5
IP address: 17.0.0.5
IPv6 TE Router ID: abcd::128:49:239:220
Hostname: r5
IS neighbor: r3.00, Internal, Metric: default 63
Extended IS Reachability TLV, Type: 22, Length: 69
IS extended neighbor: r3.00, Metric: default 63 SubTLV len: 58
IP address: 17.8.4.2
IPv6 address: 2001:db88:8:4::2
Neighbor's IP address: 17.8.4.1
Neighbor's IPv6 address: 2001:db88:8:4::1
Local interface index: 357, Remote interface index: 359
IP prefix: 128.49.239.220/32, Internal, Metric: default 0, Up
IP prefix: 17.0.0.5/32, Internal, Metric: default 0, Up
IP prefix: 17.8.4.0/24, Internal, Metric: default 63, Up
IP extended prefix: 128.49.239.220/32 metric 0 up
IP extended prefix: 17.0.0.5/32 metric 0 up
IP extended prefix: 17.8.4.0/24 metric 63 up
IP address: 128.49.239.220
IPv6 prefix: abcd::128:49:239:220/128 Metric 0 Up
IPv6 prefix: 2001:db88::5/128 Metric 0 Up
IPv6 prefix: 2001:db88:8:4::/64 Metric 63 Up
IP external prefix: 192.168.1.0/24, Internal, Metric: default 0, Up
IP external prefix: 192.168.2.0/24, Internal, Metric: default 0, Up
IP external prefix: 192.168.3.0/24, Internal, Metric: default 0, Up
IP extended prefix: 192.168.1.0/24 metric 0 up
IP extended prefix: 192.168.2.0/24 metric 0 up
IP extended prefix: 192.168.3.0/24 metric 0 up
Router Capability: Router ID 17.0.0.5, Flags: 0x00
IPv6 TE Router Id: abcd::128:49:239:220
No queued transmissions
IS-IS level 2 link-state database:
### Notice the external prefixes have 160 AD:
root@r3> show route 192.168.0.0/22
inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.0/24 *[IS-IS/160] 02:36:52, metric 63
> to 17.8.4.2 via ge-0/0/3.0
192.168.2.0/24 *[IS-IS/160] 02:36:52, metric 63
> to 17.8.4.2 via ge-0/0/3.0
192.168.3.0/24 *[IS-IS/160] 02:36:52, metric 63
> to 17.8.4.2 via ge-0/0/3.0
### R1 is receiving only the summarized route:
root@r1> show route 192.168.0.0/22
inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.0.0/22 *[IS-IS/18] 02:38:40, metric 2010
> to 17.8.0.2 via ge-0/0/1.0
### And the Wireshark capture:
ISO 10589 ISIS Link State Protocol Data Unit
PDU length: 361
Remaining lifetime: 1196
LSP-ID: 0001.1100.0005.00-00
Sequence number: 0x00000015
Checksum: 0xbe94 [correct]
[Checksum Status: Good]
Type block(0x01): Partition Repair:0, Attached bits:0, Overload bit:0, IS type:1
Area address(es) (t=1, l=4)
Originating neighbor buffer size (t=14, l=2)
Protocols supported (t=129, l=2)
Traffic Engineering Router ID (t=134, l=4)
IP Interface address(es) (t=132, l=4)
IPv6 TE Router ID (t=140, l=16)
Hostname (t=137, l=2)
Type: 137
Length: 2
Hostname: r5
IS Reachability (t=2, l=12)
Type: 2
Length: 12
IsVirtual: No
IS Neighbor: 0001.1100.0003.00
Extended IS reachability (t=22, l=69)
Type: 22
Length: 69
IS Neighbor: 0001.1100.0003.00
IP Internal reachability (t=128, l=36)
Type: 128
Length: 36
IPv4 prefix: 128.49.239.220/32
IPv4 prefix: 17.0.0.5/32
..00 0000 = Default Metric: 0
.0.. .... = Default Metric IE: Internal
0... .... = Distribution: Up
..00 0000 = Delay Metric: 0
1... .... = Delay Metric: Not Supported
.0.. .... = Delay Metric: Internal
..00 0000 = Expense Metric: 0
1... .... = Expense Metric: Not Supported
.0.. .... = Expense Metric: Internal
..00 0000 = Error Metric: 0
1... .... = Error Metric: Not Supported
.0.. .... = Error Metric: Internal
IPv4 prefix: 17.8.4.0/24
..11 1111 = Default Metric: 63
.0.. .... = Default Metric IE: Internal
0... .... = Distribution: Up
..00 0000 = Delay Metric: 0
1... .... = Delay Metric: Not Supported
.0.. .... = Delay Metric: Internal
..00 0000 = Expense Metric: 0
1... .... = Expense Metric: Not Supported
.0.. .... = Expense Metric: Internal
..00 0000 = Error Metric: 0
1... .... = Error Metric: Not Supported
.0.. .... = Error Metric: Internal
Extended IP Reachability (t=135, l=26)
Type: 135
Length: 26
Ext. IP Reachability: 128.49.239.220/32
Ext. IP Reachability: 17.0.0.5/32
Metric: 0
0... .... = Distribution: Up
.0.. .... = Sub-TLV: No
..10 0000 = Prefix Length: 32
IPv4 prefix: 17.0.0.5
no sub-TLVs present
Ext. IP Reachability: 17.8.4.0/24
Metric: 63
0... .... = Distribution: Up
.0.. .... = Sub-TLV: No
..01 1000 = Prefix Length: 24
IPv4 prefix: 17.8.4.0
no sub-TLVs present
IP Interface address(es) (t=132, l=4)
IPv6 reachability (t=236, l=58)
IP External reachability (t=130, l=24)
Type: 130
Length: 24
IPv4 prefix: 192.168.1.0/24
..00 0000 = Default Metric: 0
.0.. .... = Default Metric IE: Internal
0... .... = Distribution: Up
..00 0000 = Delay Metric: 0
1... .... = Delay Metric: Not Supported
.0.. .... = Delay Metric: Internal
..00 0000 = Expense Metric: 0
1... .... = Expense Metric: Not Supported
.0.. .... = Expense Metric: Internal
..00 0000 = Error Metric: 0
1... .... = Error Metric: Not Supported
.0.. .... = Error Metric: Internal
IPv4 prefix: 192.168.2.0/24
IPv4 prefix: 192.168.3.0/24
Extended IP Reachability (t=135, l=16)
Type: 135
Length: 16
Ext. IP Reachability: 192.168.1.0/24
Metric: 0
0... .... = Distribution: Up
.0.. .... = Sub-TLV: No
..01 1000 = Prefix Length: 24
IPv4 prefix: 192.168.1.0
no sub-TLVs present
Ext. IP Reachability: 192.168.2.0/24
Ext. IP Reachability: 192.168.3.0/24
Router Capability (t=242, l=23)3. The impact of configuring wide-metrics-only
Next, let’s configure wide-metrics-only on R3 and R5L
Let’s talk about the impact:
- The 1st impact, the metric is no longer limited to a maximum value of 63, so the total metric from R5 to R1 is 4000.
- But, the unexpected impact is that the 3 x 192.168.x.0/24 routes are now internal routes with 15 AD.
- As we know, ISIS L1 routes will pass to the L2 backbone area automatically, hence also our 3 routers are passing to L2 because they are now internal.
Let’s also see the CLI output:
### First, the simple one, we can see the right metric.
root@r5# run show route 17.0.0.0/24
inet.0: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
17.0.0.1/32 *[IS-IS/18] 00:00:33, metric 4000
> to 17.8.4.1 via ge-0/0/1.0
17.0.0.2/32 *[IS-IS/18] 00:00:33, metric 3000
> to 17.8.4.1 via ge-0/0/1.0
17.0.0.3/32 *[IS-IS/15] 00:15:27, metric 1000
> to 17.8.4.1 via ge-0/0/1.0
17.0.0.4/32 *[IS-IS/15] 00:14:36, metric 2000
> to 17.8.4.1 via ge-0/0/1.0
17.0.0.5/32 *[Direct/0] 4d 03:40:14
> via lo0.0
### The ISIS database at the CLI.
### The TLVs with External/Internal information (the narrow ones) are missing.
root@r5# run show isis database r5 extensive
IS-IS level 1 link-state database:
r5.00-00 Sequence: 0x1a, Checksum: 0x51db, Lifetime: 1179 secs
IS neighbor: r3.00 Metric: 1000
Two-way fragment: r3.00-00, Two-way first fragment: r3.00-00
IP prefix: 17.0.0.5/32 Metric: 0 Internal Up
IP prefix: 17.8.4.0/24 Metric: 1000 Internal Up
IP prefix: 128.49.239.220/32 Metric: 0 Internal Up
IP prefix: 192.168.1.0/24 Metric: 0 Internal Up
IP prefix: 192.168.2.0/24 Metric: 0 Internal Up
IP prefix: 192.168.3.0/24 Metric: 0 Internal Up
V6 prefix: 2001:db88::5/128 Metric: 0 Internal Up
V6 prefix: 2001:db88:8:4::/64 Metric: 1000 Internal Up
V6 prefix: abcd::128:49:239:220/128 Metric: 0 Internal Up
Header: LSP ID: r5.00-00, Length: 291 bytes
Allocated length: 1492 bytes, Router ID: 17.0.0.5
Remaining lifetime: 1179 secs, Level: 1, Interface: 0
Estimated free bytes: 1155, Actual free bytes: 1201
Aging timer expires in: 1179 secs
Protocols: IP, IPv6
Packet: LSP ID: r5.00-00, Length: 291 bytes, Lifetime : 1198 secs
Checksum: 0x51db, Sequence: 0x1a, Attributes: 0x1 <L1>
NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes
Packet type: 18, Packet version: 1, Max area: 0
TLVs:
Area address: 49.0002 (3)
LSP Buffer Size: 1492
Speaks: IP
Speaks: IPV6
IP router id: 17.0.0.5
IP address: 17.0.0.5
IPv6 TE Router ID: abcd::128:49:239:220
Hostname: r5
Extended IS Reachability TLV, Type: 22, Length: 69
IS extended neighbor: r3.00, Metric: default 1000 SubTLV len: 58
IP address: 17.8.4.2
IPv6 address: 2001:db88:8:4::2
Neighbor's IP address: 17.8.4.1
Neighbor's IPv6 address: 2001:db88:8:4::1
Local interface index: 357, Remote interface index: 359
IP extended prefix: 128.49.239.220/32 metric 0 up
IP extended prefix: 17.0.0.5/32 metric 0 up
IP extended prefix: 17.8.4.0/24 metric 1000 up
IP address: 128.49.239.220
IPv6 prefix: abcd::128:49:239:220/128 Metric 0 Up
IPv6 prefix: 2001:db88::5/128 Metric 0 Up
IPv6 prefix: 2001:db88:8:4::/64 Metric 1000 Up
IP extended prefix: 192.168.1.0/24 metric 0 up
IP extended prefix: 192.168.2.0/24 metric 0 up
IP extended prefix: 192.168.3.0/24 metric 0 up
Router Capability: Router ID 17.0.0.5, Flags: 0x00
IPv6 TE Router Id: abcd::128:49:239:220
No queued transmissions
IS-IS level 2 link-state database:
### Those external prefixes now have the AD of an internal route:
root@r3# run show route 192.168.0.0/22
inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.0/24 *[IS-IS/15] 00:00:23, metric 1000
> to 17.8.4.2 via ge-0/0/3.0
192.168.2.0/24 *[IS-IS/15] 00:00:23, metric 1000
> to 17.8.4.2 via ge-0/0/3.0
192.168.3.0/24 *[IS-IS/15] 00:00:23, metric 1000
> to 17.8.4.2 via ge-0/0/3.0
### We can see that the external prefixes are now seen as internal and pass to the L2 backbone area, on R1:
root@r1> show route 192.168.0.0/22
inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.0.0/22 *[IS-IS/18] 02:47:06, metric 2010
> to 17.8.0.2 via ge-0/0/1.0
192.168.1.0/24 *[IS-IS/18] 00:00:03, metric 4000
> to 17.8.0.2 via ge-0/0/1.0
192.168.2.0/24 *[IS-IS/18] 00:00:03, metric 4000
> to 17.8.0.2 via ge-0/0/1.0
192.168.3.0/24 *[IS-IS/18] 00:00:03, metric 4000
> to 17.8.0.2 via ge-0/0/1.0
### If we look at the capture, Narrow metric TLV 2, 128 and 130 are missing
### Narrow metric are the only ones that carry the External/Internal information
### Wide metric TLV don't have the External/Internal information, hence all routes are now internal.
ISO 10589 ISIS Link State Protocol Data Unit
PDU length: 291
Remaining lifetime: 1196
LSP-ID: 0001.1100.0005.00-00
Sequence number: 0x00000017
Checksum: 0x57d8 [correct]
[Checksum Status: Good]
Type block(0x01): Partition Repair:0, Attached bits:0, Overload bit:0, IS type:1
Area address(es) (t=1, l=4)
Originating neighbor buffer size (t=14, l=2)
Protocols supported (t=129, l=2)
Traffic Engineering Router ID (t=134, l=4)
IP Interface address(es) (t=132, l=4)
IPv6 TE Router ID (t=140, l=16)
Hostname (t=137, l=2)
Type: 137
Length: 2
Hostname: r5
Extended IS reachability (t=22, l=69)
Type: 22
Length: 69
IS Neighbor: 0001.1100.0003.00
Extended IP Reachability (t=135, l=26)
Type: 135
Length: 26
Ext. IP Reachability: 128.49.239.220/32
Metric: 0
0... .... = Distribution: Up
.0.. .... = Sub-TLV: No
..10 0000 = Prefix Length: 32
IPv4 prefix: 128.49.239.220
no sub-TLVs present
Ext. IP Reachability: 17.0.0.5/32
Metric: 0
0... .... = Distribution: Up
.0.. .... = Sub-TLV: No
..10 0000 = Prefix Length: 32
IPv4 prefix: 17.0.0.5
no sub-TLVs present
Ext. IP Reachability: 17.8.4.0/24
Metric: 1000
0... .... = Distribution: Up
.0.. .... = Sub-TLV: No
..01 1000 = Prefix Length: 24
IPv4 prefix: 17.8.4.0
no sub-TLVs present
IP Interface address(es) (t=132, l=4)
IPv6 reachability (t=236, l=58)
Extended IP Reachability (t=135, l=24)
Type: 135
Length: 24
Ext. IP Reachability: 192.168.1.0/24
Metric: 0
0... .... = Distribution: Up
.0.. .... = Sub-TLV: No
..01 1000 = Prefix Length: 24
IPv4 prefix: 192.168.1.0
no sub-TLVs present
Ext. IP Reachability: 192.168.2.0/24
Metric: 0
0... .... = Distribution: Up
.0.. .... = Sub-TLV: No
..01 1000 = Prefix Length: 24
IPv4 prefix: 192.168.2.0
no sub-TLVs present
Ext. IP Reachability: 192.168.3.0/24
Metric: 0
0... .... = Distribution: Up
.0.. .... = Sub-TLV: No
..01 1000 = Prefix Length: 24
IPv4 prefix: 192.168.3.0
no sub-TLVs present
Router Capability (t=242, l=23)But why is this happening? This is because the Narrow metric TLV have the External/Internal information, see the difference:
- Narrow TLVs:
- 2 (IS Reachability),
- 128 (IP Internal Reachability),
- 130 (IP External Reachability).
- Wide TLVs:
- 22 (Extended IS Reachability),
- 135 (Extended IP Reachability)
Wide metric TLV are only Extended, there is no more information about External or Internal routes, we can see that difference in the ISIS database or the Wireshark capture. Hence all routes are internal. Because the are now internal, they have a different AD and they pass automatically to L2 backbone.
This is a big impact, and we must be aware of it in production or on the JNCIE exam.
4. Conclusion
With wide metrics, more precisely the wide-metric-only knob configured, there is no way to discern whether a route is internal or external. This can have a big impact as we say, external routes will appear as internal with the internal AD.
External Resources: