Configuring IS-IS Accept Policies
Use the following procedure to create and enable IS-IS accept policies to apply to routes from all Backbone Edge Bridges (BEBs) or to all routes from a specific BEB.
Use IS-IS accept policies to filter incoming IS-IS routes the device receives over the SPBM cloud. Accept policies apply to incoming traffic and determine whether to add the route to the routing table.
If DvR is enabled on your switch, and the switch is either a DvR Controller or a non-DvR BEB within the domain, you can configure IS-IS accept policies to accept specific host routes from the DvR backbone. For information on DvR, see Distributed Virtual Routing.
IS-IS accept policies are disabled by default.
Note
-
The isis apply accept [vrf WORD<1-16>] command can disrupt traffic and cause temporary traffic loss. After you apply isis apply accept [vrf <1-16>], the command reapplies the accept policies, which deletes all of the IS-IS routes, and adds the IS-IS routes again. You should make all the relevant accept policy changes, and then apply isis apply accept [vrf WORD<1-16>] at the end.
-
If the route policy changes, you must reapply the IS-IS accept policy, unless the IS-IS accept policy was the last sequence in the configuration.
-
The isis apply accept [vrf WORD<1-16>] command is not saved in the configuration file. If you use a saved configuration file for IS-IS accept policy configuration, you must apply the isis apply accept [vrf WORD<1-16>] command at the end.
-
The number of unique Layer 3 VSN I-SIDs used on a BEB is limited to the number of VRFs supported on the switch. This includes the I-SID values used for Layer 3 VSNs and the I-SID values specified for the ISIS accept policy filters, which can be configured using the ip isid-list [ISID#], accept i-sid <value>, or accept adv-rtr <isis nn> i-sid <value> commands.
The switch supports 24 VRFs by default, so, in a default configuration, you cannot create an ip isid-list or accept policy with more than 24 unique I-SID entries. However, the configured VRFs take up an entry, so the formula to calculate the limit is: [24 VRF Limit – (currently configured VRFs)]. This gives the number of unique I-SIDs that can be used directly in the IS-IS accept policy filters, which you implement with the ip isid-list or accept policy command. The I-SIDs used for Layer 3 VSNs can be reused in IS-IS accept policy filters without affecting the limit.
If you increase the VRF scaling, you can create more Layer 3 VSNs. For more information about how to increase the number of supported VRFs, see Configure the Maximum Number of VRFs. The maximum number of supported VRFs and Layer 3 VSNs differs depending on the hardware platform. For more information about maximum scaling numbers, see Fabric Engine Release Notes.
Before you begin
-
Enable IS-IS globally.
-
Ensure the manual area exists.
-
You must configure a route-map to apply.
-
Ensure that DvR is enabled on the switch before you configure an IS-IS accept policy with a backbone route policy, to accept host routes from the DvR backbone.
Procedure
Configure IS-IS accept policies with a route policy or a backbone route policy or a combination of both, to determine which routes the IS-IS accept policy applies to.
Configure one of the following types of IS-IS accept policies.
-
An IS-IS accept policy with only the route policy:
The IS-IS routes are selectively accepted based on the route policy. Since the backbone route policy is not configured, all host routes from the DvR backbone are denied.
If you do not configure a route policy, by default, all IS-IS routes are accepted.
-
An IS-IS accept policy with only the backbone route policy:
The DvR host routes from the DvR backbone are selectively accepted based on the backbone route policy. Since the route policy is not configured, all IS-IS host routes are accepted.
If you do not configure a backbone route policy, all host routes from the DvR backbone are denied.
-
An IS-IS accept policy with both route policy and backbone route policy:
IS-IS routes are selectively accepted based on the route policy and host routes from the DvR backbone are selectively accepted based on the backbone route policy.
Example
Configure an I-SID based IS-IS accept policy with the route policy test:
Switch:1>enable Switch:1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch:1(config)#route-map test 1 Switch:1(route-map)#enable Switch:1(route-map)#exit Switch:1(config)#router isis Switch:1(config-isis)#accept i-sid 101 Switch:1(config-isis)#accept i-sid 101 route-map test Switch:1(config-isis)#accept i-sid 101 enable Switch:1#exit Switch:1(config)#isis apply accept
The following examples show the configuration of an IS-IS accept policy to accept host routes from the DvR backbone
Example 1:
To accept host routes from the DvR backbone, you must configure a backbone route policy and apply it to the IS-IS accept policy.
-
Configure a route policy for DvR:
Switch:1>enable Switch:1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch:1(config)#route-map dvrmap1 1 Switch:1(route-map)#enable
-
Configure an IS-IS accept policy for I-SID 10, and apply the route policy as a backbone route policy:
Switch:1(route-map)#exit Switch:1(config)#router isis Switch:1(config-isis)#accept i-sid 10 backbone-route-map dvrmap1 Switch:1(config-isis)#accept i-sid 10 enable Switch:1(config-isis)#exit
OR
Configure the default accept policy for IS-IS and DvR, and apply the route policy as a backbone route policy:
Switch:1(config)#route-map isismap1 1 Switch:1(route-map)#enable Switch:1(route-map)#exit Switch:1(config)#router isis Switch:1(config-isis)#accept route-map isismap1 backbone-route-map dvrmap1
-
Apply the IS-IS accept policy:
Switch:1(config-isis)#exit Switch:1(config)#isis apply accept Switch:1(config)#exit
-
Verify the configuration:
Switch:1#show ip isis accept ================================================================================== Isis Accept - GlobalRouter ================================================================================== ADV_RTR I-SID ISID-LIST ENABLE POLICY BACKBONE POLICY ----------------------------------------------------------------------------------- - 10 - TRUE dvrmap1 - - - isismap1 dvrmap1 2 out of 2 Total Num of Isis Accept Policies displayed
Example 2:
Configure an IS-IS accept policy for I–SID 10 that accepts DvR host routes in a subnet, for example, subnet 126.1.1.0/24.
-
Configure an IP prefix list:
Switch:1>enable Switch:1#configure terminal Switch:1(config)#ip prefix-list listPrefix 126.1.1.0/24
-
Create the route policy dvrmap2 to match the IP prefix list:
Switch:1(config)#route-map dvrmap2 1 Switch:1(route-map)#match network listPrefix Switch:1(route-map)#enable
-
Create an IS-IS accept policy with I-SID 10 and apply the route policy as a backbone route policy:
Switch:1(route-map)#exit Switch:1(config)#router isis Switch:1(config-isis)#accept i-sid 10 backbone-route-map dvrmap2 Switch:1(config-isis)#accept i-sid 10 enable
-
Apply the IS-IS accept policy:
Switch:1(config-isis)#exit Switch:1(config)#isis apply accept
The above command causes IS-IS to accept all routes with I-SID 10. To deny IS-IS routes and accept only DvR host routes, you can configure an additional IS-IS route policy as follows:
Switch:1(config)#route-map isismap2 1 Switch:1(route-map)#no permit Switch:1(route-map)#enable Switch:1(route-map)#exit Switch:1(config)#router isis Switch:1(config-isis)#accept i-sid 10 route-map isismap2 backbone-route-map dvrmap2 Switch:1(config-isis)#accept i-sid 10 enable Switch:1(config-isis)#exit Switch:1(config)#isis apply accept
-
Verify the configuration:
Switch:1(config)#exit Switch:1#show ip isis accept ================================================================================== Isis Accept - GlobalRouter ================================================================================== ADV_RTR I-SID ISID-LIST ENABLE POLICY BACKBONE POLICY ----------------------------------------------------------------------------------- - 10 - TRUE isismap2 dvrmap2 1 out of 1 Total Num of Isis Accept Policies displayed
The following examples show the configuration of IS-IS accept policies for a specific VRF instance.
Example 1:
Configure IS-IS accept policies to accept host routes from the DvR backbone, for a specific VRF instance.
-
In the VRF green context, configure the route policy dvrmap3 for DvR:
Switch:1(config)#router vrf green Switch:1(router-vrf)#route-map dvrmap3 1 Switch:1(router-vrf-routemap)#enable
-
Use one of the following options to configure an IS-IS accept policy, and apply the route policy as a backbone route policy:
Configure an IS-IS accept policy for a specific advertising BEB with nickname 1.11.11:
Switch:1(router-vrf-routemap)#isis accept adv-rtr 1.11.11 backbone-route-map dvrmap3 Switch:1(router-vrf-routemap)#exit Switch:1(router-vrf)#isis accept adv-rtr 1.11.11 enable
Switch:1(router-vrf)#show ip isis accept vrf green ================================================================================== Isis Accept - VRF green ================================================================================== ADV_RTR I-SID ISID-LIST ENABLE POLICY BACKBONE POLICY ---------------------------------------------------------------------------------- 1.11.11 - - TRUE dvrmap3 1 out of 1 Total Num of Isis Accept Policies displayed
Switch:1(config)#show ip isis accept vrfids 2 ================================================================================== Isis Accept - VRF green ================================================================================== ADV_RTR I-SID ISID-LIST ENABLE POLICY BACKBONE POLICY ---------------------------------------------------------------------------------- 1.11.11 - - TRUE dvrmap3 1 out of 1 Total Num of Isis Accept Policies displayed
Configure an accept policy for I-SID 10:
Switch:1(router-vrf)#isis accept i-sid 10 backbone-route-map dvrmap3 Switch:1(router-vrf)#show ip isis accept vrf green ================================================================================== Isis Accept - VRF green ================================================================================== ADV_RTR I-SID ISID-LIST ENABLE POLICY BACKBONE POLICY ---------------------------------------------------------------------------------- - 10 - TRUE dvrmap3 1 out of 1 Total Num of Isis Accept Policies displayed
Configure an accept policy for the I-SID list listisids:
Switch:1(router-vrf)#isis accept isid-list listisids backbone-route-map dvrmap3 Switch:1(router-vrf)#show ip isis accept vrf green ================================================================================== Isis Accept - VRF green ================================================================================== ADV_RTR I-SID ISID-LIST ENABLE POLICY BACKBONE POLICY ---------------------------------------------------------------------------------- - 10 listisids TRUE dvrmap3 1 out of 1 Total Num of Isis Accept Policies displayed
Configure the default accept policy for IS-IS and DvR:
Switch:1(router-vrf)#route-map isismap3 1 Switch:1(router-vrf-routemap)# Switch:1(router-vrf-routemap)#enable Switch:1(router-vrf-routemap)# Switch:1(router-vrf-routemap)#isis accept route-map isismap3 backbone-route-map dvrmap3 Switch:1(router-vrf)#
Switch:1(router-vrf)#show ip isis accept vrf green ============================================================================== Isis Accept - VRF green ============================================================================== ADV_RTR I-SID ISID-LIST ENABLE POLICY BACKBONE POLICY ------------------------------------------------------------------------------ - - - TRUE isismap3 dvrmap3 1 out of 1 Total Num of Isis Accept Policies displayed
Configure the default accept policy for DvR:
Switch:1(router-vrf)#isis accept backbone-route-map dvrmap3 Switch:1(router-vrf)#show ip isis accept vrf green =============================================================================== Isis Accept - VRF green =============================================================================== ADV_RTR I-SID ISID-LIST ENABLE POLICY BACKBONE POLICY -------------------------------------------------------------------------------- - - - TRUE dvrmap3 1 out of 1 Total Num of Isis Accept Policies displayed
Example 2:
Configure an accept policy for I–SID 10 that accepts DvR host routes in a subnet, for example, subnet 126.1.1.0/24.
-
Configure an IP prefix list:
Switch:1>enable Switch:1#configure terminal Switch:1(config)#ip prefix-list listPrefix 126.1.1.0/24
-
For a specific VRF instance, create a route policy to match the IP prefix list:
Switch:1(config)#router vrf green Switch:1(router-vrf)#route-map dvrmap4 1 Switch:1(router-vrf-routemap)#match network listPrefix Switch:1(router-vrf-routemap)#enable Switch:1(router-vrf-routemap)#exit Switch:1(router-vrf)#
-
Create an IS-IS accept policy with I-SID 10, and apply the route policy as the backbone route policy:
Switch:1(router-vrf)#accept i-sid 10 backbone-route-map dvrmap4 Switch:1(router-vrf)#accept i-sid 10 enable
-
Apply the IS-IS accept policy:
Switch:1(router-vrf)#exit Switch:1(config)#isis apply accept
-
Verify the configuration:
Switch:1(config)#exit Switch:1(router-vrf)#show ip isis accept vrf green =============================================================================== Isis Accept - VRF green =============================================================================== ADV_RTR I-SID ISID-LIST ENABLE POLICY BACKBONE POLICY -------------------------------------------------------------------------------- - - - TRUE dvrmap4 1 out of 1 Total Num of Isis Accept Policies displayed
Variable definitions
The following table defines parameters for the ip isid-list command.
Variable |
Value |
---|---|
WORD<1-32> |
Creates a name for your I-SID list. |
<1-16777215> |
Specifies an I-SID number. |
list WORD<1-1024> |
Specifies a list of I-SID values. For example, in the format 1,3,5,8-10. |
The following table defines parameters for the accept command.
Variable |
Value |
---|---|
adv-rtr <x.xx.xx> |
Specifies the SPBM nickname for each advertising BEB to allow you to apply the IS-IS accept policy to routes for a specific advertising BEB. The system first uses the default filter, but if a more specific filter for a specific advertising BEB is present the device applies the specific filter. |
backbone-route-map WORD<1-64> |
Specifies the DvR backbone route map. |
enable |
Enables an IS-IS accept policy. |
i-sid <1-16777215> |
Specifies an I-SID number to represent a local or remote Layer 3 VSN to which the IS-IS accept policy applies. Use the parameter to apply a filter for routes from specific I-SIDs that represent the remote VSN. Based on the routing policy the system applies, the system can redistribute the remote VSN to the VSN where you applied the filter. An I-SID value of 0 represents the global routing table (GRT). |
isid-list WORD<1-32> |
Specifies the I-SID list name that represents the local or remote Layer 3 VSNs to which the IS-IS accept policy applies. Use the parameter to apply a default filter for all routes from specific I-SIDs that represent the remote VSN. Based on the routing policy the system applies, the system redistributes the remote VSN to the VSN where you applied the filter. An I-SID value of 0 represents the global routing table (GRT). |
route-map WORD<1-64> |
Specifies a route policy by name. You must configure the route policy earlier in a separate procedure. |
The following table defines parameters for the isis apply accept command.
Variable |
Value |
---|---|
vrf WORD<1-16> |
Specifies a specific VRF instance. |