Neighbor authentication is highly recommended. It prevents unauthorized routers from forming neighbor relationships and potentially compromising the network. Now you might argue that IS-IS usage is very limited across the internet but it still doesn't prevent an enterprising third party from trying to compromise the infrastructure. The way to do it in Cisco IOS is to create a suitable keychain containing the key that's going to be used for the neighbor authentication and then that keychain is applied either per interface, which is less common or applied to the entire IS-IS process which is more common. You really want the key to ensure that nobody accidentally tries to add a router to the network infrastructure, but some operators will apply the key on a per interface basis. To originate a default route into IS-IS using Cisco IOS, there's a 'default originate' command, which will always originates a default route into IS-IS even if there's no default in the RIB. If we want to originate a default route conditionally, in other words only if a default exists in the global RIB, then as the example shows, we need to do the 'default originate' command with a route map that will actually match a default route that would be seen in the RIB. The example is for v4 there's an equivalent that can be set up for IPv6 as well. Running IS-IS on a Point-to-Point Ethernet also gives access to an optimization. We don't need a DIS on a point-to-point link, so what we can do is set up the Ethernet as a point-to-point link. Ethernet is widely used now for medium and long-haul point-to-point links. So we can save a little bit of resource by not having a DIS there, there's no need for one on a point-to-point link. That's done by going to the Ethernet interface and doing, 'isis network point-to-point'. Both ends of the link need to have this configuration setup. As the DIS election is independent of IP, the above command is generic, there is no need for an IPv6 equivalent. To add v6 support in IS-IS, all we need to do is go to the interface and do, 'ipv6 router isis'. There's no other configuration needed if we're running in a single topology based network. For multi-topology we need one more configuration line and that's, going into the IS-IS sub configuration for v6 and adding multi-topology. This will cause the router to create a separate topology database holding all the v6 destinations. To summarize all this, IS-IS is a Link State Routing Protocol. It's quick and simple to get started, but it has a myriad of options and features to cover almost all types of network topology. Network operators keep the IS-IS design very simple. Most networks today can run the entire backbone in L2 only. And it's very much become the chosen IGP when operators are using both IPv4 and IPv6 in a dual stack configuration.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.