20 mins read
ISIS Overload – Learn with a practical example
1. Intro
The Overload statement causes the routing device to continue participating in IS-IS routing, but prevents it from being used for transit traffic. It is useful sometimes to deviate the traffic away from a particular router, so we can avoid traffic being impacted.
We typically have 2 scenarios:
- During a maintenance window we will work on the router, so we want to deviate traffic to other routers avoiding impact. This is the one use scenario we will cover in this post.
- In some networks after a router reboot (or routing process restart), while ISIS has converged and is attracting traffic to this router, other protocols (BGP is a common one) might take longer to fully converge, blackholing traffic. While this is happening we want to deviate traffic to other routers. See next post.
Bonus scenario:
- If we are creative, maybe we can have a 3rd scenario. In case we have an issue on the router (CPU/Memory resources issues, a bug, or link with packet loss), we would again want to deviate the traffic to others routers while you troubleshoot and fix the issue. Practically speaking this is the same as the 1st scenario.
ISIS will make this happen by setting the Overload bit in the Link-state PDU updates. When the Overload bit is set, the SPF algorithm will not use the router as transit. Next, we can see where the Overload bit is located in the ISIS LSP:
ISIS LSP Overload bit
+----------------------------------------------+------------
| Intradomain Routing Protocol Discriminator | |
+----------------------------------------------+ |
| Length Indicator | |
+----------------------------------------------+ |
| Version/Protocol ID Extension | |
+----------------------------------------------+ |
| ID Length | PDU
+----------------------------------------------+ Common
| R | R | R | PDU Type | Header
+----------------------------------------------+ |
| Version | |
+----------------------------------------------+ |
| Reserved | |
+----------------------------------------------+ |
| Maximum Area Addresses | |
+----------------------------------------------+------------
| PDU Length | |
+----------------------------------------------+ |
| Remaining Lifetime | |
+----------------------------------------------+ |
| LSP ID | PDU
+----------------------------------------------+ Specific
| Sequency Number | Header
+----------------------------------------------+ |
| Checksum | |
+----------------------------------------------+ |
| P | ATT | OL | IS Type | | <---- Overload bit
+----------------------------------------------+------------
| Variable Length Fields(CLV) |
+----------------------------------------------+Important to note that traffic destined to immediately attached subnets continues to transit the router. In short, we can summarize the Overload impact as follows: on the router with the overload bit set, transit traffic to remote destinations is denied, but traffic to attached subnets still works.
2. Topology Overview
Let’s check our topology first, and the we will see how this works.
Because of the better metric, we can see the preferred paths from R1 to R3, R4 and R5 routers.
R3 output:
### Alll ISIS sessions are UP:
root@r3> show isis adjacency
Interface System L State Hold (secs) SNPA
ge-0/0/1.0 r1 2 Up 19
ge-0/0/2.0 r4 2 Up 22
ge-0/0/3.0 r5 2 Up 20
### The ISIS Overview and R3 LSP database:
root@r3> show isis overview
Instance: master
Router ID: 17.0.0.3
IPv6 Router ID: abcd::128:49:227:100
Hostname: r3
Sysid: 0100.4922.7100
Areaid: 47.0005.80ff.f800.0000.0108.0001
Adjacency holddown: enabled
Maximum Areas: 3
LSP life time: 1200
Attached bit evaluation: enabled
SPF delay: 200 msec, SPF holddown: 5000 msec, SPF rapid runs: 3
IPv4 is enabled, IPv6 is enabled
Traffic engineering: enabled
Traffic engineering v6: disabled
Restart: Disabled
Helper mode: Enabled
Layer2-map: Disabled
Source Packet Routing (SPRING): Disabled
Post Convergence Backup: Disabled
Level 1
Internal route preference: 15
External route preference: 160
Prefix export count: 0
Wide metrics are enabled, Narrow metrics are enabled
Level 2
Internal route preference: 18
External route preference: 165
Prefix export count: 0
Wide metrics are enabled
root@r3> show isis database r3.00-00 extensive
IS-IS level 1 link-state database:
IS-IS level 2 link-state database:
r3.00-00 Sequence: 0xa, Checksum: 0x4028, Lifetime: 1005 secs
IS neighbor: r4.00 Metric: 10
Two-way fragment: r4.00-00, Two-way first fragment: r4.00-00
IS neighbor: r5.00 Metric: 10
Two-way fragment: r5.00-00, Two-way first fragment: r5.00-00
IS neighbor: r1.00 Metric: 10
Two-way fragment: r1.00-00, Two-way first fragment: r1.00-00
IP prefix: 17.0.0.3/32 Metric: 0 Internal Up
IP prefix: 17.8.1.0/24 Metric: 10 Internal Up
IP prefix: 17.8.3.0/24 Metric: 10 Internal Up
IP prefix: 17.8.4.0/24 Metric: 10 Internal Up
IP prefix: 128.49.227.100/32 Metric: 0 Internal Up
V6 prefix: 2001:db88::3/128 Metric: 0 Internal Up
V6 prefix: 2001:db88:8:1::/64 Metric: 10 Internal Up
V6 prefix: 2001:db88:8:3::/64 Metric: 10 Internal Up
V6 prefix: 2001:db88:8:4::/64 Metric: 10 Internal Up
V6 prefix: abcd::128:49:227:100/128 Metric: 0 Internal Up
Header: LSP ID: r3.00-00, Length: 461 bytes
Allocated length: 1492 bytes, Router ID: 17.0.0.3
Remaining lifetime: 1005 secs, Level: 2, Interface: 0
Estimated free bytes: 983, Actual free bytes: 1031
Aging timer expires in: 1005 secs
Protocols: IP, IPv6
Packet: LSP ID: r3.00-00, Length: 461 bytes, Lifetime : 1198 secs
Checksum: 0x4028, Sequence: 0xa, Attributes: 0x3 <L1 L2>
NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes
Packet type: 20, Packet version: 1, Max area: 0
TLVs:
Area address: 47.0005.80ff.f800.0000.0108.0001 (13)
Area address: 49.0001 (3)
LSP Buffer Size: 1492
Speaks: IP
Speaks: IPV6
IP router id: 17.0.0.3
IP address: 17.0.0.3
IPv6 TE Router ID: abcd::128:49:227:100
Hostname: r3
Extended IS Reachability TLV, Type: 22, Length: 207
IS extended neighbor: r1.00, Metric: default 10 SubTLV len: 58
IP address: 17.8.1.2
IPv6 address: 2001:db88:8:1::2
Neighbor's IP address: 17.8.1.1
Neighbor's IPv6 address: 2001:db88:8:1::1
Local interface index: 357, Remote interface index: 358
IS extended neighbor: r4.00, Metric: default 10 SubTLV len: 58
IP address: 17.8.3.1
IPv6 address: 2001:db88:8:3::1
Neighbor's IP address: 17.8.3.2
Neighbor's IPv6 address: 2001:db88:8:3::2
Local interface index: 358, Remote interface index: 358
IS extended neighbor: r5.00, Metric: default 10 SubTLV len: 58
IP address: 17.8.4.1
IPv6 address: 2001:db88:8:4::1
Neighbor's IP address: 17.8.4.2
Neighbor's IPv6 address: 2001:db88:8:4::2
Local interface index: 359, Remote interface index: 357
IP extended prefix: 128.49.227.100/32 metric 0 up
IP extended prefix: 17.0.0.3/32 metric 0 up
IP extended prefix: 17.8.4.0/24 metric 10 up
IP extended prefix: 17.8.3.0/24 metric 10 up
IP extended prefix: 17.8.1.0/24 metric 10 up
IP address: 128.49.227.100
IPv6 prefix: abcd::128:49:227:100/128 Metric 0 Up
IPv6 prefix: 2001:db88::3/128 Metric 0 Up
IPv6 prefix: 2001:db88:8:4::/64 Metric 10 Up
IPv6 prefix: 2001:db88:8:3::/64 Metric 10 Up
IPv6 prefix: 2001:db88:8:1::/64 Metric 10 Up
Router Capability: Router ID 17.0.0.3, Flags: 0x00
IPv6 TE Router Id: abcd::128:49:227:100
No queued transmissions
### Full connectivity to all loopbacks:
root@r3> show route 17.0.0.0/24
inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
17.0.0.1/32 *[IS-IS/18] 00:08:51, metric 10
> to 17.8.1.1 via ge-0/0/1.0
17.0.0.2/32 *[IS-IS/18] 00:08:51, metric 1010
> to 17.8.1.1 via ge-0/0/1.0
to 17.8.3.2 via ge-0/0/2.0
17.0.0.3/32 *[Direct/0] 00:37:26
> via lo0.0
17.0.0.4/32 *[IS-IS/18] 00:08:51, metric 10
> to 17.8.3.2 via ge-0/0/2.0
17.0.0.5/32 *[IS-IS/18] 00:08:51, metric 10
> to 17.8.4.2 via ge-0/0/3.0R1 output:
### Full connectivity to all loopbacks:
root@r1> show route 17.0.0.0/24
inet.0: 23 destinations, 23 routes (23 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
17.0.0.1/32 *[Direct/0] 00:38:24
> via lo0.0
17.0.0.2/32 *[IS-IS/18] 00:37:18, metric 1000
> to 17.8.0.2 via ge-0/0/1.0
17.0.0.3/32 *[IS-IS/18] 00:12:33, metric 10
> to 17.8.1.2 via ge-0/0/2.0
17.0.0.4/32 *[IS-IS/18] 00:09:48, metric 20
> to 17.8.1.2 via ge-0/0/2.0
17.0.0.5/32 *[IS-IS/18] 00:09:48, metric 20
> to 17.8.1.2 via ge-0/0/2.0
root@r1> ping 17.0.0.3
PING 17.0.0.3 (17.0.0.3): 56 data bytes
64 bytes from 17.0.0.3: icmp_seq=0 ttl=64 time=6.724 ms
64 bytes from 17.0.0.3: icmp_seq=1 ttl=64 time=1.981 ms
^C
--- 17.0.0.3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.981/4.353/6.724/2.372 ms
root@r1> ping 17.0.0.4
PING 17.0.0.4 (17.0.0.4): 56 data bytes
64 bytes from 17.0.0.4: icmp_seq=0 ttl=63 time=3.114 ms
64 bytes from 17.0.0.4: icmp_seq=1 ttl=63 time=3.135 ms
^C
--- 17.0.0.4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.114/3.124/3.135/0.010 ms
root@r1> ping 17.0.0.5
PING 17.0.0.5 (17.0.0.5): 56 data bytes
64 bytes from 17.0.0.5: icmp_seq=0 ttl=63 time=3.249 ms
64 bytes from 17.0.0.5: icmp_seq=1 ttl=63 time=2.617 ms
^C
--- 17.0.0.5 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.617/2.933/3.249/0.316 ms3. Set the Overload bit on R3
Now, we are going to set the overload bit on R3:
We can make the following observations regarding the impact:
- Path to R3 is the same (immediately attached subnet).
- Path to R4 now prefers the top path (no transit traffic on R3).
- No route to the R5 loopback (no transit traffic on R3).
- But, we can ping R5 on 17.8.4.2 (immediately attached subnet).
R3 output:
### Set the Overload bit:
[edit]
root@r3# show | compare
[edit protocols isis]
+ overload;
[edit]
root@r3# commit
commit complete
### All ISIS sessions remain UP:
[edit]
root@r3# run show isis adjacency
Interface System L State Hold (secs) SNPA
ge-0/0/1.0 r1 2 Up 24
ge-0/0/2.0 r4 2 Up 25
ge-0/0/3.0 r5 2 Up 23
### Same ISIS Metrics:
[edit]
root@r3# run show isis interfaces
IS-IS interface database:
Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric
ge-0/0/1.0 2 0x1 Disabled Point to Point 10/10
ge-0/0/2.0 2 0x1 Disabled Point to Point 10/10
ge-0/0/3.0 2 0x1 Disabled Point to Point 10/10
lo0.0 2 0x1 Passive Passive 0/0
### We can see that the overload bit has been set.
### Only the Overload bit was set, with no additional options:
[edit]
root@r3# run show isis overview
Instance: master
Router ID: 17.0.0.3
IPv6 Router ID: abcd::128:49:227:100
Hostname: r3
Sysid: 0100.4922.7100
Areaid: 47.0005.80ff.f800.0000.0108.0001
Adjacency holddown: enabled
Maximum Areas: 3
LSP life time: 1200
Attached bit evaluation: enabled
SPF delay: 200 msec, SPF holddown: 5000 msec, SPF rapid runs: 3
Overload bit at startup is set
Overload high metrics: disabled
Allow route leaking: disabled
Allow internal prefix overloading: disabled
Allow external prefix overloading: disabled
IPv4 is enabled, IPv6 is enabled
Traffic engineering: enabled
Traffic engineering v6: disabled
Restart: Disabled
Helper mode: Enabled
Layer2-map: Disabled
Source Packet Routing (SPRING): Disabled
Post Convergence Backup: Disabled
Level 1
Internal route preference: 15
External route preference: 160
Prefix export count: 0
Wide metrics are enabled, Narrow metrics are enabled
Level 2
Internal route preference: 18
External route preference: 165
Prefix export count: 0
Wide metrics are enabled
### We can see the overload bit on the R3 LSP:
[edit]
root@r3# run show isis database r3.00-00 extensive
IS-IS level 1 link-state database:
IS-IS level 2 link-state database:
r3.00-00 Sequence: 0xc, Checksum: 0x5111, Lifetime: 1168 secs
IS neighbor: r4.00 Metric: 10
Two-way fragment: r4.00-00, Two-way first fragment: r4.00-00
IS neighbor: r5.00 Metric: 10
Two-way fragment: r5.00-00, Two-way first fragment: r5.00-00
IS neighbor: r1.00 Metric: 10
Two-way fragment: r1.00-00, Two-way first fragment: r1.00-00
IP prefix: 17.0.0.3/32 Metric: 0 Internal Up
IP prefix: 17.8.1.0/24 Metric: 10 Internal Up
IP prefix: 17.8.3.0/24 Metric: 10 Internal Up
IP prefix: 17.8.4.0/24 Metric: 10 Internal Up
IP prefix: 128.49.227.100/32 Metric: 0 Internal Up
V6 prefix: 2001:db88::3/128 Metric: 0 Internal Up
V6 prefix: 2001:db88:8:1::/64 Metric: 10 Internal Up
V6 prefix: 2001:db88:8:3::/64 Metric: 10 Internal Up
V6 prefix: 2001:db88:8:4::/64 Metric: 10 Internal Up
V6 prefix: abcd::128:49:227:100/128 Metric: 0 Internal Up
Header: LSP ID: r3.00-00, Length: 461 bytes
Allocated length: 1492 bytes, Router ID: 17.0.0.3
Remaining lifetime: 1168 secs, Level: 2, Interface: 0
Estimated free bytes: 983, Actual free bytes: 1031
Aging timer expires in: 1168 secs
Protocols: IP, IPv6
Packet: LSP ID: r3.00-00, Length: 461 bytes, Lifetime : 1198 secs
Checksum: 0x5111, Sequence: 0xc, Attributes: 0x7 <L1 L2 Overload>
NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes
Packet type: 20, Packet version: 1, Max area: 0
TLVs:
Area address: 47.0005.80ff.f800.0000.0108.0001 (13)
Area address: 49.0001 (3)
LSP Buffer Size: 1492
Speaks: IP
Speaks: IPV6
IP router id: 17.0.0.3
IP address: 17.0.0.3
IPv6 TE Router ID: abcd::128:49:227:100
Hostname: r3
IP extended prefix: 17.8.1.0/24 metric 10 up
IP extended prefix: 17.8.3.0/24 metric 10 up
IP extended prefix: 17.8.4.0/24 metric 10 up
IP extended prefix: 128.49.227.100/32 metric 0 up
IP extended prefix: 17.0.0.3/32 metric 0 up
IP address: 128.49.227.100
IPv6 prefix: 2001:db88:8:1::/64 Metric 10 Up
IPv6 prefix: 2001:db88:8:3::/64 Metric 10 Up
IPv6 prefix: 2001:db88:8:4::/64 Metric 10 Up
IPv6 prefix: abcd::128:49:227:100/128 Metric 0 Up
IPv6 prefix: 2001:db88::3/128 Metric 0 Up
Router Capability: Router ID 17.0.0.3, Flags: 0x00
IPv6 TE Router Id: abcd::128:49:227:100
Extended IS Reachability TLV, Type: 22, Length: 207
IS extended neighbor: r1.00, Metric: default 10 SubTLV len: 58
IP address: 17.8.1.2
IPv6 address: 2001:db88:8:1::2
Neighbor's IP address: 17.8.1.1
Neighbor's IPv6 address: 2001:db88:8:1::1
Local interface index: 357, Remote interface index: 358
IS extended neighbor: r4.00, Metric: default 10 SubTLV len: 58
IP address: 17.8.3.1
IPv6 address: 2001:db88:8:3::1
Neighbor's IP address: 17.8.3.2
Neighbor's IPv6 address: 2001:db88:8:3::2
Local interface index: 358, Remote interface index: 358
IS extended neighbor: r5.00, Metric: default 10 SubTLV len: 58
IP address: 17.8.4.1
IPv6 address: 2001:db88:8:4::1
Neighbor's IP address: 17.8.4.2
Neighbor's IPv6 address: 2001:db88:8:4::2
Local interface index: 359, Remote interface index: 357
No queued transmissions
### From R3 perspective all routing information remains the same:
root@r3# run show route 17.0.0.0/24
inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
17.0.0.1/32 *[IS-IS/18] 00:15:41, metric 10
> to 17.8.1.1 via ge-0/0/1.0
17.0.0.2/32 *[IS-IS/18] 00:15:41, metric 1010
> to 17.8.1.1 via ge-0/0/1.0
to 17.8.3.2 via ge-0/0/2.0
17.0.0.3/32 *[Direct/0] 00:44:16
> via lo0.0
17.0.0.4/32 *[IS-IS/18] 00:15:41, metric 10
> to 17.8.3.2 via ge-0/0/2.0
17.0.0.5/32 *[IS-IS/18] 00:15:41, metric 10
> to 17.8.4.2 via ge-0/0/3.0R1 output:
### Route to R3 remains the same (immediately attached subnet to R3).
### Route to R4 is via the top path (no transit traffic via R3), notice the next hop and interface.
### There is no more a route to R5 loopback (no transit traffic via R3).
### But, we have a route to and ping to 17.8.4.2 (immediately attached subnet to R3).
root@r1> show route 17.0.0.0/24
inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
17.0.0.1/32 *[Direct/0] 04:58:17
> via lo0.0
17.0.0.2/32 *[IS-IS/18] 04:57:52, metric 1000
> to 17.8.0.2 via ge-0/0/1.0
17.0.0.3/32 *[IS-IS/18] 00:39:18, metric 10
> to 17.8.1.2 via ge-0/0/2.0
17.0.0.4/32 *[IS-IS/18] 00:00:12, metric 2000
> to 17.8.0.2 via ge-0/0/1.0
### Ping to the R3 loopback works (immediately attached subnet):
root@r1> ping 17.0.0.3
PING 17.0.0.3 (17.0.0.3): 56 data bytes
64 bytes from 17.0.0.3: icmp_seq=0 ttl=64 time=2.257 ms
64 bytes from 17.0.0.3: icmp_seq=1 ttl=64 time=2.064 ms
^C
--- 17.0.0.3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.064/2.160/2.257/0.097 ms
### Ping to R4 works, now now via the top path (no transit traffic via R3):
root@r1> ping 17.0.0.4
PING 17.0.0.4 (17.0.0.4): 56 data bytes
64 bytes from 17.0.0.4: icmp_seq=0 ttl=63 time=3.146 ms
64 bytes from 17.0.0.4: icmp_seq=1 ttl=63 time=3.407 ms
^C
--- 17.0.0.4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.146/3.276/3.407/0.130 ms
### Because 17.8.4.0/24 is also an immediately attached subnet for R3, we have connectivity.
root@r1> ping 17.8.4.2
PING 17.8.4.2 (17.8.4.2): 56 data bytes
64 bytes from 17.8.4.2: icmp_seq=0 ttl=63 time=3.211 ms
64 bytes from 17.8.4.2: icmp_seq=1 ttl=63 time=3.085 ms
^C
--- 17.8.4.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.085/3.148/3.211/0.063 ms
### For R5's loopback there is no route because of the Overload bit, so transit traffic fails;
### R5 has only the path via R3, no alternate paths, hence it is isolated from the rest of the network.
root@r1> ping 17.0.0.5
PING 17.0.0.5 (17.0.0.5): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 17.0.0.5 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
### Now imagine that we have more subnets or routers connected behind R5, all of then would be isolated.
4. Set the Overload bit on R2
Next, for good measure, we are going to set the overload bit also on R2.
Because both R2 and R3 now have the overload bit configured, this will isolate R4 from the rest of the network.
Let’s imagine that R2 and R3 active and backup routers part of the same site. Configuring the overload bit on both of them can completely impact that site, so be mindful of that.
R4 Output:
### Configure Overload also on R2:
[edit]
root@r2# show | compare
[edit protocols isis]
+ overload;
[edit]
root@r2# commit
commit complete
### No changes on the adjacencies or metrics:
root@r2# run show isis adjacency
Interface System L State Hold (secs) SNPA
ge-0/0/1.0 r1 2 Up 26
ge-0/0/2.0 r4 2 Up 25
root@r2# run show isis interface
IS-IS interface database:
Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric
ge-0/0/1.0 2 0x1 Disabled Point to Point 10/1000
ge-0/0/2.0 2 0x1 Disabled Point to Point 10/1000
lo0.0 2 0x1 Passive Passive 0/0
### Only R5 loopback is missing, but this is because R3 also has Overload configured:
root@r2# run show route 17.0.0.0/24
inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
17.0.0.1/32 *[IS-IS/18] 00:47:13, metric 1000
> to 17.8.0.1 via ge-0/0/1.0
17.0.0.2/32 *[Direct/0] 00:48:12
> via lo0.0
17.0.0.3/32 *[IS-IS/18] 00:19:51, metric 1010
> to 17.8.0.1 via ge-0/0/1.0
to 17.8.2.2 via ge-0/0/2.0
17.0.0.4/32 *[IS-IS/18] 00:48:00, metric 1000
> to 17.8.2.2 via ge-0/0/2.0R1 Output:
### Because both R2 and R3 have overload configured, there is no path to route transit traffic to R4:
root@r1> show route 17.0.0.0/24
inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
17.0.0.1/32 *[Direct/0] 00:50:06
> via lo0.0
17.0.0.2/32 *[IS-IS/18] 00:49:00, metric 1000
> to 17.8.0.2 via ge-0/0/1.0
17.0.0.3/32 *[IS-IS/18] 00:24:15, metric 10
> to 17.8.1.2 via ge-0/0/2.0
### No impact for R2 and R3 loopbacks (immediately attached subnet).
root@r1> ping 17.0.0.2
PING 17.0.0.2 (17.0.0.2): 56 data bytes
64 bytes from 17.0.0.2: icmp_seq=0 ttl=64 time=2.591 ms
64 bytes from 17.0.0.2: icmp_seq=1 ttl=64 time=3.242 ms
^C
--- 17.0.0.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.591/2.917/3.242/0.325 ms
root@r1> ping 17.0.0.3
PING 17.0.0.3 (17.0.0.3): 56 data bytes
64 bytes from 17.0.0.3: icmp_seq=0 ttl=64 time=2.243 ms
64 bytes from 17.0.0.3: icmp_seq=1 ttl=64 time=2.131 ms
^C
--- 17.0.0.3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.131/2.187/2.243/0.056 ms
### No route to R4, hence no ping:
root@r1> ping 17.0.0.4
PING 17.0.0.4 (17.0.0.4): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 17.0.0.4 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
### Same as before, pings to 17.8.2.2 and 17.8.3.2 are fine, because they are immediately attached subnet to R2 and R3.
root@r1> ping 17.8.2.2
PING 17.8.2.2 (17.8.2.2): 56 data bytes
64 bytes from 17.8.2.2: icmp_seq=0 ttl=63 time=3.294 ms
64 bytes from 17.8.2.2: icmp_seq=1 ttl=63 time=3.318 ms
^C
--- 17.8.2.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.294/3.306/3.318/0.012 ms
root@r1> ping 17.8.3.2
PING 17.8.3.2 (17.8.3.2): 56 data bytes
64 bytes from 17.8.3.2: icmp_seq=0 ttl=63 time=3.052 ms
64 bytes from 17.8.3.2: icmp_seq=1 ttl=63 time=3.184 ms
^C
--- 17.8.3.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.052/3.118/3.184/0.066 ms
### No changes for R5, previously impacted by R3 overload configuration:
root@r1> ping 17.8.4.2
PING 17.8.4.2 (17.8.4.2): 56 data bytes
64 bytes from 17.8.4.2: icmp_seq=0 ttl=63 time=3.555 ms
64 bytes from 17.8.4.2: icmp_seq=1 ttl=63 time=3.333 ms
^C
--- 17.8.4.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.333/3.444/3.555/0.111 ms
root@r1> ping 17.0.0.5
PING 17.0.0.5 (17.0.0.5): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 17.0.0.5 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
#### One more way to see the routers that have the Overload bit set:
root@r1> show isis database
IS-IS level 1 link-state database:
0 LSPs
IS-IS level 2 link-state database:
LSP ID Sequence Checksum Lifetime Attributes
r4.00-00 0x28a 0x93ec 813 L1 L2
r3.00-00 0x28b 0x4c94 1190 L1 L2 Overload
r2.00-00 0x288 0x9869 1174 L1 L2 Overload
r5.00-00 0x288 0x7142 868 L1 L2
r1.00-00 0x287 0xeff5 1008 L1 L2
5 LSPs
### Interesting to note, that while loopbacks of R4 and R5 are missing from the routing table,
### the prefixes are still in the ISIS database, but can't be used;
### no valid path due to overload bit.
root@r1> show route 17.0.0.0/24
inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
17.0.0.1/32 *[Direct/0] 5d 18:06:36
> via lo0.0
17.0.0.2/32 *[IS-IS/18] 5d 18:05:30, metric 1000
> to 17.8.0.2 via ge-0/0/1.0
17.0.0.3/32 *[IS-IS/18] 5d 17:40:45, metric 10
> to 17.8.1.2 via ge-0/0/2.0
root@r1> show isis database r5.00-00 extensive | match prefix
IP prefix: 17.0.0.5/32 Metric: 0 Internal Up
IP prefix: 17.8.4.0/24 Metric: 10 Internal Up
IP prefix: 128.49.234.86/32 Metric: 0 Internal Up
V6 prefix: 2001:db88::5/128 Metric: 0 Internal Up
V6 prefix: 2001:db88:8:4::/64 Metric: 10 Internal Up
V6 prefix: abcd::128:49:234:86/128 Metric: 0 Internal Up
IP extended prefix: 128.49.234.86/32 metric 0 up
IP extended prefix: 17.0.0.5/32 metric 0 up
IP extended prefix: 17.8.4.0/24 metric 10 up
IPv6 prefix: abcd::128:49:234:86/128 Metric 0 Up
IPv6 prefix: 2001:db88::5/128 Metric 0 Up
IPv6 prefix: 2001:db88:8:4::/64 Metric 10 Up
root@r1> show isis database r4.00-00 extensive | match prefix
IP prefix: 17.0.0.4/32 Metric: 0 Internal Up
IP prefix: 17.8.2.0/24 Metric: 1000 Internal Up
IP prefix: 17.8.3.0/24 Metric: 10 Internal Up
IP prefix: 128.49.226.166/32 Metric: 0 Internal Up
V6 prefix: 2001:db88::4/128 Metric: 0 Internal Up
V6 prefix: 2001:db88:8:2::/64 Metric: 1000 Internal Up
V6 prefix: 2001:db88:8:3::/64 Metric: 10 Internal Up
V6 prefix: abcd::128:49:226:166/128 Metric: 0 Internal Up
IP extended prefix: 128.49.226.166/32 metric 0 up
IP extended prefix: 17.8.2.0/24 metric 1000 up
IP extended prefix: 17.0.0.4/32 metric 0 up
IP extended prefix: 17.8.3.0/24 metric 10 up
IPv6 prefix: abcd::128:49:226:166/128 Metric 0 Up
IPv6 prefix: 2001:db88::4/128 Metric 0 Up
IPv6 prefix: 2001:db88:8:2::/64 Metric 1000 Up
IPv6 prefix: 2001:db88:8:3::/64 Metric 10 Up 5. Wireshark capture
5. Wireshark capture
Next, find a Wireshark capture to see where the overload bit is set in the LSP packet:
Wireshark capture
ISO 10589 ISIS Link State Protocol Data Unit
PDU length: 461
Remaining lifetime: 1198
LSP-ID: 0001.1100.0003.00-00
Sequence number: 0x00000057
Checksum: 0xe341 [correct]
[Checksum Status: Good]
Type block(0x07): Partition Repair:0, Attached bits:0, Overload bit:1, IS type:3
0... .... = Partition Repair: Not supported
.000 0... = Attachment: 0
.... .1.. = Overload bit: Set
.... ..11 = Type of Intermediate System: Level 2 (3)
Area address(es) (t=1, l=18)
[...] Output trimmed
Originating neighbor buffer size (t=14, l=2)
[...] Output trimmed
Protocols supported (t=129, l=2)
[...] Output trimmed
Traffic Engineering Router ID (t=134, l=4)
[...] Output trimmed
IP Interface address(es) (t=132, l=4)
[...] Output trimmed
IPv6 TE Router ID (t=140, l=16)
[...] Output trimmed
Hostname (t=137, l=2)
[...] Output trimmed
Extended IP Reachability (t=135, l=42)
[...] Output trimmed
IP Interface address(es) (t=132, l=4)
[...] Output trimmed
IPv6 reachability (t=236, l=86)
[...] Output trimmed
Router Capability (t=242, l=23)
[...] Output trimmed
Extended IS reachability (t=22, l=207)
[...] Output trimmed