Select Page

is-is Route Leaking-1

IS-IS | Route Leacking lab-1

  • Route leaking is the art of getting a required route from one routing table to another.
  • Every routing protocol passes routing information up or down the routing hierarchy. This bidirectional flow of routing information is known as route leaking. By default, IS-IS protocol leaks routing information from a Level 1 area to a Level 2 area. However, to leak routing information from a Level 2 area to a Level 1 area, an export policy must be explicitly configured.

    Bypass the default behavior to have
    level 1 routes get into L2 routing table..

Juniper vMX 14 & EVE-NG Pro is used for this lab.

 Devices Configuration: 

[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R1
set system root-authentication encrypted-password "$1$1vv1gtZ/$QRerVp.aWq.yznUXUflH01"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 13.13.13.1/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 12.12.12.1/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 1 family inet address 1.1.1.1/24
set interfaces lo0 unit 1 family inet address 11.11.11.11/24
set interfaces lo0 unit 1 family iso address 49.0001.0010.0100.1001.00
set protocols isis level 1 disable
set protocols isis interface ge-0/0/0.0
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.1    
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R2
set system root-authentication encrypted-password "$1$6NgzFXZ4$QNSfWywONMNrbQBIWM9uj0"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 24.24.24.2/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 12.12.12.2/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 2 family inet address 2.2.2.2/24
set interfaces lo0 unit 2 family inet address 22.22.22.22/24
set interfaces lo0 unit 2 family iso address 49.0024.0020.0200.2002.00
set protocols isis export leak-l1-l2
deactivate protocols isis export
set protocols isis interface ge-0/0/0.0 level 2 disable
set protocols isis interface ge-0/0/1.0 level 1 disable
set protocols isis interface lo0.2
set policy-options policy-statement leak-l1-l2 term leak6nw from protocol isis
set policy-options policy-statement leak-l1-l2 term leak6nw from level 1
set policy-options policy-statement leak-l1-l2 term leak6nw from route-filter 6.6.6.0/24 orlonger
set policy-options policy-statement leak-l1-l2 term leak6nw to level 2
set policy-options policy-statement leak-l1-l2 term leak6nw then accept
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R3
set system root-authentication encrypted-password "$1$BmHomLh4$FDpwK6Kmrts.PEipzkPOV1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 13.13.13.3/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 35.35.35.3/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 3 family inet address 3.3.3.3/24
set interfaces lo0 unit 3 family inet address 33.33.33.33/24
set interfaces lo0 unit 3 family iso address 49.0035.0030.0300.3003.00
set protocols isis interface ge-0/0/0.0 level 1 disable
set protocols isis interface ge-0/0/1.0 level 2 disable
set protocols isis interface lo0.3
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R4
set system root-authentication encrypted-password "$1$WaL4BSs9$mlznqm3jQMhdGgufqq1YF1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 24.24.24.4/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 46.46.46.4/24
set interfaces lo0 unit 4 family inet address 4.4.4.4/24
set interfaces lo0 unit 4 family inet address 44.44.44.44/24
set interfaces lo0 unit 4 family iso address 49.0024.0040.0400.4004.00
set routing-options static route 6.6.6.0/24 next-hop 46.46.46.6
set protocols isis traceoptions file R4-log
set protocols isis traceoptions flag all
set protocols isis export adv-static
set protocols isis level 2 disable
set protocols isis level 1 wide-metrics-only
set protocols isis interface ge-0/0/0.0
set protocols isis interface lo0.4
set policy-options policy-statement adv-static term t1 from protocol static
set policy-options policy-statement adv-static term t1 then accept
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R5
set system root-authentication encrypted-password "$1$6je78aHL$nA1h3Nf4xv8RDzIinFAnS0"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/1 unit 0 family inet address 35.35.35.5/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 5 family inet address 5.5.5.5/24
set interfaces lo0 unit 5 family inet address 55.55.55.55/24
set interfaces lo0 unit 5 family iso address 49.0035.0050.0500.5005.00
set protocols isis level 2 disable
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.5
[email protected]> show con|display set 
set version 14.1R4.8
set system host-name R6
set system root-authentication encrypted-password "$1$GifPRqvl$s9LaD8qbN1frfjZocD/lG0"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/1 unit 0 family inet address 46.46.46.6/24
set interfaces lo0 unit 6 family inet address 6.6.6.6/24
set routing-options static route 0.0.0.0/0 next-hop 46.46.46.4
— Configuration | Verification —

— ISIS Neighbor:

[email protected]> show isis interface 
IS-IS interface database:
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
ge-0/0/0.0            2   0x1 Disabled          R3.02                  10/10
ge-0/0/1.0            2   0x1 Disabled          R2.02                  10/10

[email protected]> show isis interface 
IS-IS interface database:
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
ge-0/0/0.0            1   0x1 R4.02             Disabled               10/10
ge-0/0/1.0            2   0x2 Disabled          R2.02                  10/10

[email protected]> show isis interface 
IS-IS interface database:
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
ge-0/0/0.0            2   0x2 Disabled          R3.02                  10/10
ge-0/0/1.0            1   0x1 R5.02             Disabled               10/10

[email protected]> show isis interface 
IS-IS interface database:
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
ge-0/0/0.0            1   0x2 R4.02             Disabled               10/10

[email protected]> show isis interface 
IS-IS interface database:
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
ge-0/0/1.0            1   0x2 R5.02             Disabled               10/10

 

— R4 reachability to R6 loopback:

[email protected]# show |compare 
[edit]
+  routing-options {
+      static {
+          route 6.6.6.0/24 next-hop 46.46.46.6;
+      }
+  }
[edit protocols isis]
+   export adv-static;
[edit]
+  policy-options {
+      policy-statement adv-static {
+          term t1 {
+              from protocol static;
+              then accept;
+          }
[email protected]> show route 6.6.6.6    
inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

6.6.6.0/24         *[IS-IS/160] 00:01:56, metric 10
                    > to 24.24.24.4 via ge-0/0/0.0

[email protected]> ping 6.6.6.6 
PING 6.6.6.6 (6.6.6.6): 56 data bytes
64 bytes from 6.6.6.6: icmp_seq=0 ttl=63 time=18.326 ms
64 bytes from 6.6.6.6: icmp_seq=1 ttl=63 time=3.692 ms

[email protected]> ping 6.6.6.6 PING 6.6.6.6 (6.6.6.6): 56 data bytes 64 bytes from 6.6.6.6: icmp_seq=0 ttl=64 time=3.241 ms 64 bytes from 6.6.6.6: icmp_seq=1 ttl=64 time=2.303 ms 
--- R6 default route to R4
[email protected]# show routing-options static { route 0.0.0.0/0 next-hop 46.46.46.4; }
[email protected]> show route 6.6.6.6    
inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

6.6.6.0/24         *[IS-IS/160] 00:01:56, metric 10
                    > to 24.24.24.4 via ge-0/0/0.0

[email protected]> ping 6.6.6.6 
PING 6.6.6.6 (6.6.6.6): 56 data bytes
64 bytes from 6.6.6.6: icmp_seq=0 ttl=63 time=18.326 ms
64 bytes from 6.6.6.6: icmp_seq=1 ttl=63 time=3.692 ms

[email protected]> show route protocol isis inet.0: 26 destinations, 26 routes (26 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2.2.2.0/24 *[IS-IS/18] 00:20:44, metric 10 > to 12.12.12.2 via ge-0/0/1.0 2.2.2.2/32 *[IS-IS/18] 00:20:44, metric 10 > to 12.12.12.2 via ge-0/0/1.0 3.3.3.0/24 *[IS-IS/18] 00:20:21, metric 10 > to 13.13.13.3 via ge-0/0/0.0 3.3.3.3/32 *[IS-IS/18] 00:20:21, metric 10 > to 13.13.13.3 via ge-0/0/0.0 4.4.4.0/24 *[IS-IS/18] 00:20:44, metric 20 > to 12.12.12.2 via ge-0/0/1.0 4.4.4.4/32 *[IS-IS/18] 00:20:44, metric 20 > to 12.12.12.2 via ge-0/0/1.0 5.5.5.0/24 *[IS-IS/18] 00:20:21, metric 20 > to 13.13.13.3 via ge-0/0/0.0 5.5.5.5/32 *[IS-IS/18] 00:20:21, metric 20 > to 13.13.13.3 via ge-0/0/0.0 22.22.22.0/24 *[IS-IS/18] 00:20:44, metric 10 > to 12.12.12.2 via ge-0/0/1.0 22.22.22.22/32 *[IS-IS/18] 00:20:44, metric 10 > to 12.12.12.2 via ge-0/0/1.0 24.24.24.0/24 *[IS-IS/18] 00:20:44, metric 20 > to 12.12.12.2 via ge-0/0/1.0 33.33.33.0/24 *[IS-IS/18] 00:20:21, metric 10 > to 13.13.13.3 via ge-0/0/0.0 33.33.33.33/32 *[IS-IS/18] 00:20:21, metric 10 > to 13.13.13.3 via ge-0/0/0.0 35.35.35.0/24 *[IS-IS/18] 00:20:21, metric 20 > to 13.13.13.3 via ge-0/0/0.0 44.44.44.0/24 *[IS-IS/18] 00:20:44, metric 20 > to 12.12.12.2 via ge-0/0/1.0 44.44.44.44/32 *[IS-IS/18] 00:20:44, metric 20 > to 12.12.12.2 via ge-0/0/1.0 55.55.55.0/24 *[IS-IS/18] 00:20:21, metric 20 > to 13.13.13.3 via ge-0/0/0.0 55.55.55.55/32 *[IS-IS/18] 00:20:21, metric 20 > to 13.13.13.3 via ge-0/0/0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
Note that R6 loopback is NOT learn'd at R1/R3/R5.

— L1 route leacking to L2 table:

R6 loopback NW learned till R2., 
Default behavior of external level 1 learned subnets, DO not pass to L2 domain.

Bypass the default behavior to have level 1 routes get into L2 routing table..
-Creating routing policy on R2 to that match 6 NW in L1 and send it to L2.
set policy-options policy-statement leak-l1-l2 term leak6nw from protocol isis
set policy-options policy-statement leak-l1-l2 term leak6nw from level 1
set policy-options policy-statement leak-l1-l2 term leak6nw from route-filter 6.6.6.0/24 orlonger
set policy-options policy-statement leak-l1-l2 term leak6nw to level 2
set policy-options policy-statement leak-l1-l2 term leak6nw then accept
set protocols isis export leak-l1-l2
[email protected]> show route 6.6.6.6 
inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

6.6.6.0/24         *[IS-IS/165] 00:00:32, metric 20
                    > to 12.12.12.2 via ge-0/0/1.0

[email protected]> ping 6.6.6.6 
PING 6.6.6.6 (6.6.6.6): 56 data bytes
64 bytes from 6.6.6.6: icmp_seq=0 ttl=62 time=20.990 ms
64 bytes from 6.6.6.6: icmp_seq=1 ttl=62 time=5.200 ms

[email protected]> show route 6.6.6.6     
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[IS-IS/15] 00:28:29, metric 10
                    > to 35.35.35.3 via ge-0/0/1.0

[email protected]> ping 6.6.6.6          
PING 6.6.6.6 (6.6.6.6): 56 data bytes
64 bytes from 6.6.6.6: icmp_seq=0 ttl=60 time=6.242 ms
64 bytes from 6.6.6.6: icmp_seq=1 ttl=60 time=155.933 ms


-- R6 loopback 6.6.6.0/24 is learned now and reachable --

— Another way of doing the same-use WIDE-METRIC:

-Remove or de-activate existing policy on R2 --
# deactivate protocols isis export

[email protected]> ping 6.6.6.6    
PING 6.6.6.6 (6.6.6.6): 56 data bytes
36 bytes from 35.35.35.3: Destination Net Unreachable

[email protected]# show |compare 
[edit protocols isis]
+    level 1 wide-metrics-only;


[email protected]> show route 6.6.6.6 extensive 

inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
6.6.6.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 6.6.6.0/24 -> {24.24.24.4}
IS-IS level 2, LSP fragment 0x957d128
        *IS-IS  Preference: 15
                Level: 1
                Next hop type: Router, Next hop index: 565
                Address: 0x9694354
                Next-hop reference count: 10
                Next hop: 24.24.24.4 via ge-0/0/0.0, selected
                Session Id: 0x140
                State: <Active Int>
                Age: 1:42       Metric: 10 
                Validation State: unverified 
                Task: IS-IS
                Announcement bits (2): 0-KRT 1-IS-IS 
                AS path: I

/** 6 NW Route-pref of 15 which is internal ISIS


[email protected]> show route 6.6.6.6 extensive 

inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
6.6.6.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 6.6.6.0/24 -> {12.12.12.2}
        *IS-IS  Preference: 18
                Level: 2
                Next hop type: Router, Next hop index: 565
                Address: 0x9694354
                Next-hop reference count: 20
                Next hop: 12.12.12.2 via ge-0/0/1.0, selected
                Session Id: 0x140
                State: <Active Int>
                Age: 1:20       Metric: 20 
                Validation State: unverified 
                Task: IS-IS
                Announcement bits (1): 0-KRT 
                AS path: I

/** 6 NW Route-pref > 15 which is L2

[email protected]> ping 6.6.6.6 
PING 6.6.6.6 (6.6.6.6): 56 data bytes
64 bytes from 6.6.6.6: icmp_seq=0 ttl=62 time=5.847 ms
64 bytes from 6.6.6.6: icmp_seq=1 ttl=62 time=5.609 ms

[email protected]> ping 6.6.6.6    
PING 6.6.6.6 (6.6.6.6): 56 data bytes
64 bytes from 6.6.6.6: icmp_seq=0 ttl=60 time=8.212 ms
64 bytes from 6.6.6.6: icmp_seq=1 ttl=60 time=6.342 ms
Share on print
Print
Share on google
Google+
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Training individuals to equip with cutting-edge technologies & Certifications.

 

The Juniper All-Access | Reading List

Leave a reply

Your email address will not be published. Required fields are marked *

ADENTECH guides

We love to help.

Get our newsletter, join the community: