The Complete IS-IS Routing Protocol- P17

The Complete IS-IS Routing Protocol- P17:IS-IS has always been my favourite Interior Gateway Protocol. Its elegant simplicity, itswell-structured data formats, its flexibility and easy extensibility are all appealing – IS-ISepitomizes link-state routing. Whether for this reason or others, IS-IS is the IGP of choicein some of the world’s largest networks. Thus, if one is at all interested in routing, it is wellworth the time and effort to learn IS-IS.
Nội dung trích xuất từ tài liệu:
The Complete IS-IS Routing Protocol- P17472 15. Troubleshooting The IS-IS configuration looks alright – all interfaces are referenced. At the top there isa pointer to an export policy which we will examine closer.JUNOS configurationOn first sight the static-to-isis policy looks good, however once you check the inden-tation of the terms and accept statements you will find out that the policy does not do whatthe network operator wanted it to do.hannes@Munich> show configuration policy-options[ … ]policy-statement static-to-isis { term reject_management { from { route-filter 10.0.0.0/8 orlonger; } then reject; } term static { from protocol static; } then accept;} At first sight this policy looks good. However, once we start to compare the indenta-tion of the then part we realize that the term static does not have a valid then state-ment. Due to a misconfiguration, it got inserted at the wrong level in the policy. What thestandalone then accept term does is accept every unicast route in the inet.0 routingtables and mark it for export into the IS-IS link-state database. Because there is no fromstatement at the same indentation level as the final then accept statement, we havean unconditional export of the entire Internet routing table into IS-IS. (The final “then”logic is executed when no terms match the routes. The logic is here “Is the route 10/8 orlonger?” No, that’s a private address. “Is the route static?” No, it’s an Internet route.“Okay, then unconditionally accept the route into IS-IS.”) The distributed storage space that each node may allocate is 1492(–27) * 256375 Kbytes. How many IPv4 prefixes do fit in those 375 Kbytes? Figure 12.11 in Chapter12 “IP Reachability Information” illustrates the structure and storage requirements of theExtended IP Reachability TLV #135. Worst case, the TLV consumes 9 bytes and bestcase 5 bytes due to variable prefix length packing. For the average Internet route we canassume a prefix length between /16 and /24 and safely assume a total storage requirementof 8 bytes per prefix. In a single TLV, on average, 31 TLVs fit, which requires 31 * 8 + 2(TLV Overhead) 250 bytes to store. An LSP fragment is at maximum 1492 bytes insize. For TLV information there is 1492 – Header size ( 27) 1465 space. That meansin total we can store 31 * 5 + 26 181 routes per fragment. Inside 256 fragments we canstore around 46 K routes, which is too little to hold the entire Internet routing table. Assoon as the routers hit that limit, it pulls the “emergency brake” and sets the overload bit. Case Studies 473Finally, it cleans up the mess by purging the previously generated LSPs off the distrib-uted link-state database. And that’s what the router was showing us. In order to fix the problem, the then accept statement is moved into the termstatic.JUNOS configurationhannes@Munich> show configuration[ … ]policy-statement static-to-isis { term reject_management { from { route-filter 10.0.0.0/8 orlonger; } then reject; } term static { from protocol static; then accept; }} After committing the change, you will still see all those stale fragments in the data-base. They will be kept in the database until the garbage collection timer times out. Usingdefault values, after a period of 20 minutes they are removed automatically.JUNOS command outputAfter the router has changed, the broken routing policy the Overload Bit is automaticallycleared.hannes@Munich> show isis databaseIS-IS level 2 link-state database:LSP ID Sequence Checksum Lifetime AttributesMunich.00-00 0x1c2 0x2d3b 1192 L1 L2Pennsauken.00-00 0xc77 0xec5e 711 L1 L2Frankfurt.00-00 0x198 0xdd86 933 L1 L2 14 LSPs[ … ] The database looks normal again, and the Overload Bit has automatically beencleared. Because that problem was encountered many times in the field, Juniper Networksfinally introduced a prefix-export limiter that optionally controls the export behaviourand suspends route export if a predefined threshold is reached.474 15. TroubleshootingJUNOS configurationThe prefix-export-limit knob protects the rest of the network from a maliciouspolicy by applying a threshold filter for exported routed.hannes@Munich> show configuration[ … ]protocols { isis { export static-to-isis; level 2 { wide-metrics-only; prefix-export-limit 2500; } }} The amount of prefixes heavily depends on the size of your network. Good designadvice is to set it to double the total number of IS-IS Level 1 and Level-2 routers in yournetwork – The minimum number of routes should be 1000 and the maximum number ofroutes about 10,000. Then you have some growth for even larger numbers of routes thatneed to get leaked from Level 1 to Level 2.15.4 SummaryMost IS-IS problems can be resolved quickly if you stick to a troubleshooting plan andcheck from Layer-1 of the OSI Reference Model right up to the Application Layer. InIS-IS, the Application Layer represents the link-state database that holds the network’slink state PDUs. The network engineer needs to develop an understanding of what func-tions each layer is performing and what tools he has available to gather information.After information gathering, the collected data needs to be analyzed and interpreted,which requires knowledge of the show commands and debug outputs. For detecting mis-configuration on a router, the network engineer needs to understand where the IS-IS rele-vant data in the configuration are stored. The majori ...