Hi Cristian,
1. You can check prefixes being advertised to a particular neighbor in IS-IS by simply checking the LSP. When the IS-IS process starts and advertisements are made, all the information regarding links + prefixes (topology + NLRI) data is encoded there, if you check the LSP for a particular Level, that would represent the info for the whole area (L1) / domain (L2) in question.
As an example, see below:
jcluser@vMX5# run show isis database vMX5.00-00 detail
IS-IS level 1 link-state database:
vMX5.00-00 Sequence: 0x5, Checksum: 0xc3d0, Lifetime: 1188 secs
IS neighbor: vMX5.02 Metric: 10
IP prefix: 10.100.15.0/24 Metric: 10 Internal Up
IP prefix: 10.100.100.5/32 Metric: 0 Internal Up
IS-IS level 2 link-state database:
vMX5.00-00 Sequence: 0x5, Checksum: 0xc3d0, Lifetime: 1188 secs
IS neighbor: vMX5.02 Metric: 10
IP prefix: 10.100.15.0/24 Metric: 10 Internal Up
IP prefix: 10.100.100.5/32 Metric: 0 Internal Up
2. There is no option to check the specific prefixes advertised from you to a particular peer as it is in distance vector protocols.
jcluser@vMX5# run show route table inet.0 advertising-protocol ?
Possible completions:
bgp Border Gateway Protocol
msdp Multicast Source Discovery Protocol
pim Protocol Independent Multicast
rip Routing Information Protocol
ripng Routing Information Protocol for IPv6
3. IS-IS has a two-level hierarchy, and due to that it enforces certain advertisement rules. In general, you should be able to enforce filtering at the point of LSP origination (or re-origination == L1/L2 routers), but not in transit, as it can lead to blackholes. In this case, you can move the filter to R1 whom is the router originating this prefix you intend to filter (I assume) and the result should be satisfactory, since you cannot modify the contents of the LSP unless you own it, which is what you are trying to do by creating an export policy to prevent R2 from advertising R1's perfix.
You could certainly create an import policy and make things happen on R3 side, but like the old say: 'Just because you can doesn't mean you should.' ; )
Elvin
Original Message:
Sent: 03-20-2021 09:15
From: Cristian Vladescu
Subject: ISIS advertised routes
Got it.
Do you know if it's possible to filter what routes are advertised to a particular neighbor from other neighbors.
So if I have R1 --- R2 --- R3, and I want to stop redistributing routes from R1 to R3 at R2, policy statements seem to have no effect.
I tried this:
root# show policy-optionspolicy-statement ban { to interface ge-0/0/1.0; then reject;}[edit]root# show protocols isisinterface ge-0/0/0.0 { level 1 disable;}interface ge-0/0/1.0 { level 1 disable;}interface lo0.0 { level 1 disable;}export ban; <<<<<<<<<<<<<<<<[edit]root#
but I still see the route on R3:
root# run show route 11.11.11.10inet.0: 13 destinations, 14 routes (13 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both11.11.11.8/30 *[IS-IS/18] 00:32:58, metric 30 > to 100.10.10.5 via ge-0/0/1.0[edit]root#
------------------------------
Cristian Vladescu
Original Message:
Sent: 03-20-2021 08:58
From: Anatoliy Kushner
Subject: ISIS advertised routes
Hi, first find your neighbor system-id
>show isis adjacency
Interface System L State Hold (secs) SNPA
xe-8/0/0.0 isis-router 1 Up 178
then use command show isis database isis-router detail , to check which prefixes advertised by this router
Juniper Business Use Only
Original Message:
Sent: 3/20/2021 8:08:00 AM
From: Cristian Vladescu
Subject: ISIS advertised routes
How can we check what routes are being advertised to a particular neighbor via ISIS?
Like we do for BGP:
show route advertised-protocol bgp 1.1.1.1
Also, is it possible to filter what routes are advertised to a particular neighbor from other neighbors with policy-statement?
------------------------------
Cristian Vladescu
------------------------------