Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  ISIS advertised routes

    Posted 03-20-2021 08:08
    Edited by Cristian Vladescu 03-20-2021 08:33

    How can we check what routes are being advertised to a particular neighbor via ISIS?

    Like we do for BGP:

    show route advertised-protocol bgp 1.1.1.1

    Also, is it possible to filter what routes are advertised to a particular neighbor from other neighbors with policy-statement?

     



    ------------------------------
    Cristian Vladescu
    ------------------------------


  • 2.  RE: ISIS advertised routes

    Posted 03-20-2021 08:58

    Hi, first find your neighbor system-id

    >show isis adjacency

    Interface             System         L State        Hold (secs) SNPA

    xe-8/0/0.0           isis-router  1 Up                 178

    then use command show isis database isis-router  detail , to check which prefixes advertised by this router


    Juniper Business Use Only






  • 3.  RE: ISIS advertised routes

    Posted 03-20-2021 09:15
    Edited by Cristian Vladescu 03-20-2021 09:16

    Got it.

    Do you know if it's possible to filter what routes are advertised to a particular neighbor from other neighbors.
    So if I have R1 --- R2 --- R3, and I want to stop redistributing routes from R1 to R3 at R2, policy statements seem to have no effect.
    I tried this:

    root# show policy-options
    policy-statement ban {
        to interface ge-0/0/1.0;
        then reject;
    }
    
    [edit]
    root# show protocols isis
    interface ge-0/0/0.0 {
        level 1 disable;
    }
    interface ge-0/0/1.0 {
        level 1 disable;
    }
    interface lo0.0 {
        level 1 disable;
    }
    export ban; <<<<<<<<<<<<<<<<
    
    [edit]
    root#​

    ​but I still see the route on R3:

    root# run show route 11.11.11.10
    
    inet.0: 13 destinations, 14 routes (13 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    11.11.11.8/30      *[IS-IS/18] 00:32:58, metric 30
                        >  to 100.10.10.5 via ge-0/0/1.0
    
    [edit]
    root#​



    ------------------------------
    Cristian Vladescu
    ------------------------------



  • 4.  RE: ISIS advertised routes

    Posted 03-20-2021 10:59
    Hi Cristian,

    1. You can check prefixes being advertised to a particular neighbor in IS-IS by simply checking the LSP. When the IS-IS process starts and advertisements are made, all the information regarding links + prefixes (topology + NLRI) data is encoded there, if you check the LSP for a particular Level, that would represent the info for the whole area (L1) / domain (L2) in question.

    As an example, see below:

    jcluser@vMX5# run show isis database vMX5.00-00 detail                      
    IS-IS level 1 link-state database:
    
    vMX5.00-00 Sequence: 0x5, Checksum: 0xc3d0, Lifetime: 1188 secs
       IS neighbor: vMX5.02                       Metric:       10
       IP prefix: 10.100.15.0/24                  Metric:       10 Internal Up
       IP prefix: 10.100.100.5/32                 Metric:        0 Internal Up
    
    IS-IS level 2 link-state database:
    
    vMX5.00-00 Sequence: 0x5, Checksum: 0xc3d0, Lifetime: 1188 secs
       IS neighbor: vMX5.02                       Metric:       10
       IP prefix: 10.100.15.0/24                  Metric:       10 Internal Up
       IP prefix: 10.100.100.5/32                 Metric:        0 Internal Up​


    2. There is no option to check the specific prefixes advertised from you to a particular peer as it is in distance vector protocols.

    jcluser@vMX5# run show route table inet.0 advertising-protocol ?      
    Possible completions:
      bgp                  Border Gateway Protocol
      msdp                 Multicast Source Discovery Protocol
      pim                  Protocol Independent Multicast
      rip                  Routing Information Protocol
      ripng                Routing Information Protocol for IPv6​


    3. IS-IS has a two-level hierarchy, and due to that it enforces certain advertisement rules. In general, you should be able to enforce filtering at the point of LSP origination (or re-origination == L1/L2 routers), but not in transit, as it can lead to blackholes. In this case, you can move the filter to R1 whom is the router originating this prefix you intend to filter (I assume) and the result should be satisfactory, since you cannot modify the contents of the LSP unless you own it, which is what you are trying to do by creating an export policy to prevent R2 from advertising R1's perfix.

    You could certainly create an import policy and make things happen on R3 side, but like the old say: 'Just because you can doesn't mean you should.' ; )

    Elvin