Configuring IS-IS Accept Policies

Use the following procedure to create and enable IS-IS accept policies to apply to routes from all Backbone Edge Bridges (BEBs) or to all routes from a specific BEB.

Use IS-IS accept policies to filter incoming IS-IS routes the device receives over the SPBM cloud. Accept policies apply to incoming traffic and determine whether to add the route to the routing table.

If DvR is enabled on your switch, and the switch is either a DvR Controller or a non-DvR BEB within the domain, you can configure IS-IS accept policies to accept specific host routes from the DvR backbone. For information on DvR, see Distributed Virtual Routing.

IS-IS accept policies are disabled by default.

Note

Note

  • The isis apply accept [vrf WORD<1-16>] command can disrupt traffic and cause temporary traffic loss. After you apply isis apply accept [vrf <1-16>], the command reapplies the accept policies, which deletes all of the IS-IS routes, and adds the IS-IS routes again. You should make all the relevant accept policy changes, and then apply isis apply accept [vrf WORD<1-16>] at the end.

  • If the route policy changes, you must reapply the IS-IS accept policy, unless the IS-IS accept policy was the last sequence in the configuration.

  • The isis apply accept [vrf WORD<1-16>] command is not saved in the configuration file. If you use a saved configuration file for IS-IS accept policy configuration, you must apply the isis apply accept [vrf WORD<1-16>] command at the end.

  • The number of unique Layer 3 VSN I-SIDs used on a BEB is limited to the number of VRFs supported on the switch. This includes the I-SID values used for Layer 3 VSNs and the I-SID values specified for the ISIS accept policy filters, which can be configured using the ip isid-list [ISID#], accept i-sid <value>, or accept adv-rtr <isis nn> i-sid <value> commands.

    The switch supports 24 VRFs by default, so, in a default configuration, you cannot create an ip isid-list or accept policy with more than 24 unique I-SID entries. However, the configured VRFs take up an entry, so the formula to calculate the limit is: [24 VRF Limit – (currently configured VRFs)]. This gives the number of unique I-SIDs that can be used directly in the IS-IS accept policy filters, which you implement with the ip isid-list or accept policy command. The I-SIDs used for Layer 3 VSNs can be reused in IS-IS accept policy filters without affecting the limit.

    If you increase the VRF scaling, you can create more Layer 3 VSNs. For more information about how to increase the number of supported VRFs, see Configure the Maximum Number of VRFs. The maximum number of supported VRFs and Layer 3 VSNs differs depending on the hardware platform. For more information about maximum scaling numbers, see Fabric Engine Release Notes.

Before you begin

  • Enable IS-IS globally.

  • Ensure the manual area exists.

  • You must configure a route-map to apply.

  • Ensure that DvR is enabled on the switch before you configure an IS-IS accept policy with a backbone route policy, to accept host routes from the DvR backbone.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Optional: If you want to accept routes from a variety of I-SIDs, create an I-SID list before you create an IS-IS accept policy for the I-SID list:

    ip isid-list WORD<1–32> [<1–16777215>][list WORD<1–1024>]

    Note

    Note

    When creating an I-SID list, you can add I-SID entries until the maximum limit for supported Layer 3 I-SIDs is reached. The system truncates any additional I-SID entries. The maximum limit includes the I-SIDs for locally configured Layer 3 VSNs and the I-SIDs specified for IS-IS accept policy filters.

    Use the command show ip isid-list vrf WORD<1-16> to view the list of truncated I-SIDs.

  3. Optional: Delete an I-SID list:

    no ip isid-list WORD<1–32> [<1–16777215>][list WORD<1–1024>]

    Note

    Note

    When deleting an I-SID list, ensure that the I-SID list is not associated with an IS-IS accept policy. Otherwise the deletion fails. An I-SID list associated with an accept policy cannot be deleted because it must contain at least one constituent I-SID.

  4. Enter IS-IS Router Configuration mode:

    enable

    configure terminal

    router isis

Configure IS-IS accept policies with a route policy or a backbone route policy or a combination of both, to determine which routes the IS-IS accept policy applies to.

Configure one of the following types of IS-IS accept policies.

  • An IS-IS accept policy with only the route policy:

    The IS-IS routes are selectively accepted based on the route policy. Since the backbone route policy is not configured, all host routes from the DvR backbone are denied.

    If you do not configure a route policy, by default, all IS-IS routes are accepted.

  • An IS-IS accept policy with only the backbone route policy:

    The DvR host routes from the DvR backbone are selectively accepted based on the backbone route policy. Since the route policy is not configured, all IS-IS host routes are accepted.

    If you do not configure a backbone route policy, all host routes from the DvR backbone are denied.

  • An IS-IS accept policy with both route policy and backbone route policy:

    IS-IS routes are selectively accepted based on the route policy and host routes from the DvR backbone are selectively accepted based on the backbone route policy.

  1. Configure an IS-IS accept policy instance with a route policy.

    Use one of the following options:

    1. Create an IS-IS accept policy instance to apply to all BEBs for a specific I-SID or I-SID list:

      accept [i-sid <1-16777215>][isid-list WORD <1-32>]

    2. Create an IS-IS accept policy instance to apply to a specific advertising BEB:

      accept adv-rtr <x.xx.xx> [i-sid <1-16777215>][isid-list WORD <1-32>]

    3. Optional: Delete an IS-IS accept policy instance:

      no accept [adv-rtr <x.xx.xx>][i-sid <1-16777215>][isid-list WORD <1-32>]

    4. Specify an IS-IS route policy to apply to routes from all BEBs:

      accept route-map WORD<1–64>

    5. Specify an IS-IS route policy to apply to a specific advertising BEB:

      accept adv-rtr <x.xx.xx>[route-map WORD<1–64>]

    6. Optional: Delete an IS-IS route policy:

      no accept [adv-rtr <x.xx.xx>] [route-map]

    7. Enable an IS-IS route accept instance:

      accept [adv-rtr <x.xx.xx>][enable][i-sid <1-16777215>][i-sid-list WORD<1-32>]

    8. Optional: Disable an IS-IS route accept instance:

      no accept [adv-rtr <x.xx.xx>][enable][i-sid <1-16777215>][i-sid-list WORD<1-32>]

  2. Configure an IS-IS accept policy instance with a backbone route policy to accept host routes from the DvR backbone:
    Note

    Note

    IS-IS accept policies typically apply to all IS-IS routes. However, to accept DvR host routes from the DvR backbone, you must explicitly configure the IS-IS accept policy with a backbone route policy.

    Use one of the following options:

    1. Create the default IS-IS accept policy instance to accept host routes from the DvR backbone:

      accept backbone-route-map WORD <1-64>

    2. Optional: Delete the default IS-IS accept policy instance with backbone route policy configuration:

      no accept backbone-route-map

    3. Create an IS-IS accept policy instance to accept host routes from the DvR backbone, and apply to all BEBs for a specific I-SID or I-SID list:

      accept [i-sid <1-16777215>][isid-list WORD <1-32>] backbone-route-map WORD<1-64>

    4. Optional: Delete an IS-IS accept policy instance with backbone route policy configuration, which applies to all BEBs for a specific I-SID or I-SID list:

      no accept [i-sid <1-16777215>][isid-list WORD <1-32>] backbone-route-map

    5. Create an IS-IS accept policy instance to accept host routes from the DvR backbone and apply to a specific advertising BEB:

      accept adv-rtr <x.xx.xx> backbone-route-map WORD <1-64>

    6. Optional: Delete an IS-IS accept policy instance with backbone route policy configuration, which applies to a specific advertising BEB

      no accept adv-rtr <x.xx.xx> backbone-route-map

  3. Configure an IS-IS accept policy with both route policy and backbone route policy, to selectively accept IS-IS routes as well as host routes from the DvR backbone.
    1. Create the default IS-IS accept policy instance with a route policy to accept IS-IS routes and a backbone route policy to accept host routes from the DvR backbone:

      accept route-map WORD<1–32> backbone-route-map WORD <1-64>

    2. Optional: Delete the default IS-IS accept policy with route policy and backbone route policy configuration:

      no accept route-map backbone-route-map

    3. Create an accept policy instance to selectively accept IS-IS routes and host routes from the DvR backbone, and apply to all BEBs for a specific I-SID or I-SID list:

      accept [i-sid <1-16777215>][isid-list WORD <1-32>] route-map WORD<1–32> backbone-route-map WORD<1-64>

    4. Optional: Delete an accept policy instance with route policy and backbone route policy configuration, which applies to all BEBs for a specific I-SID or I-SID list:

      no accept [i-sid <1-16777215>][isid-list WORD <1-32>] route-map backbone-route-map

    5. Create an IS-IS accept policy instance to selectively accept IS-IS routes and host routes from the DvR backbone, and apply to a specific advertising BEB:

      accept adv-rtr <x.xx.xx> route-map WORD<1–32> backbone-route-map WORD <1-64>

    6. Optional: Delete an IS-IS accept policy instance with route policy and backbone route policy configuration, which applies to a specific advertising BEB:

      no accept adv-rtr <x.xx.xx> route-map backbone-route-map

  4. Apply the IS-IS accept policy changes, which removes and re-adds all routes with updated filters:

    isis apply accept [vrf WORD <1–16>]

  5. Exit IS-IS Router Configuration mode:

    exit

    You are in Global Configuration mode.

Example

Configure an I-SID based IS-IS accept policy with the route policy test:

Switch:1>enable
Switch:1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch:1(config)#route-map test 1
Switch:1(route-map)#enable
Switch:1(route-map)#exit

Switch:1(config)#router isis
Switch:1(config-isis)#accept i-sid 101
Switch:1(config-isis)#accept i-sid 101 route-map test
Switch:1(config-isis)#accept i-sid 101 enable
Switch:1#exit
Switch:1(config)#isis apply accept

The following examples show the configuration of an IS-IS accept policy to accept host routes from the DvR backbone

Example 1:

To accept host routes from the DvR backbone, you must configure a backbone route policy and apply it to the IS-IS accept policy.

  1. Configure a route policy for DvR:

    Switch:1>enable
    Switch:1#configure terminal
    Enter configuration commands, one per line.  End with CNTL/Z.
    Switch:1(config)#route-map dvrmap1 1
    Switch:1(route-map)#enable
  2. Configure an IS-IS accept policy for I-SID 10, and apply the route policy as a backbone route policy:

    Switch:1(route-map)#exit
    Switch:1(config)#router isis
    Switch:1(config-isis)#accept i-sid 10 backbone-route-map dvrmap1
    Switch:1(config-isis)#accept i-sid 10 enable
    Switch:1(config-isis)#exit

    OR

    Configure the default accept policy for IS-IS and DvR, and apply the route policy as a backbone route policy:

    Switch:1(config)#route-map isismap1 1
    Switch:1(route-map)#enable
    Switch:1(route-map)#exit
    Switch:1(config)#router isis
    Switch:1(config-isis)#accept route-map isismap1 backbone-route-map dvrmap1 
  3. Apply the IS-IS accept policy:

    Switch:1(config-isis)#exit
    Switch:1(config)#isis apply accept
    Switch:1(config)#exit
  4. Verify the configuration:

    Switch:1#show ip isis accept
    
    ==================================================================================
                               Isis Accept - GlobalRouter
    ==================================================================================
    
    ADV_RTR  I-SID    ISID-LIST                        ENABLE POLICY       BACKBONE
                                                                           POLICY
    -----------------------------------------------------------------------------------
    -        10       -                                TRUE                dvrmap1
    -        -        -                                       isismap1     dvrmap1
    
    2 out of 2 Total Num of Isis Accept Policies displayed
    

Example 2:

Configure an IS-IS accept policy for I–SID 10 that accepts DvR host routes in a subnet, for example, subnet 126.1.1.0/24.

  1. Configure an IP prefix list:

    Switch:1>enable
    Switch:1#configure terminal
    Switch:1(config)#ip prefix-list listPrefix 126.1.1.0/24
  2. Create the route policy dvrmap2 to match the IP prefix list:

    Switch:1(config)#route-map dvrmap2 1
    Switch:1(route-map)#match network listPrefix
    Switch:1(route-map)#enable
  3. Create an IS-IS accept policy with I-SID 10 and apply the route policy as a backbone route policy:

    Switch:1(route-map)#exit
    Switch:1(config)#router isis
    Switch:1(config-isis)#accept i-sid 10 backbone-route-map dvrmap2
    Switch:1(config-isis)#accept i-sid 10 enable
  4. Apply the IS-IS accept policy:

    Switch:1(config-isis)#exit
    Switch:1(config)#isis apply accept

    The above command causes IS-IS to accept all routes with I-SID 10. To deny IS-IS routes and accept only DvR host routes, you can configure an additional IS-IS route policy as follows:

    Switch:1(config)#route-map isismap2 1
    Switch:1(route-map)#no permit
    Switch:1(route-map)#enable
    
    Switch:1(route-map)#exit
    Switch:1(config)#router isis
    Switch:1(config-isis)#accept i-sid 10 route-map isismap2 backbone-route-map dvrmap2
    Switch:1(config-isis)#accept i-sid 10 enable
    Switch:1(config-isis)#exit
    Switch:1(config)#isis apply accept
    
  5. Verify the configuration:

    Switch:1(config)#exit
    Switch:1#show ip isis accept
    
    ==================================================================================
                               Isis Accept - GlobalRouter
    ==================================================================================
    
    ADV_RTR  I-SID    ISID-LIST                        ENABLE POLICY       BACKBONE
                                                                           POLICY
    -----------------------------------------------------------------------------------
    -        10       -                                TRUE   isismap2     dvrmap2
    
    1 out of 1 Total Num of Isis Accept Policies displayed
    

The following examples show the configuration of IS-IS accept policies for a specific VRF instance.

Example 1:

Configure IS-IS accept policies to accept host routes from the DvR backbone, for a specific VRF instance.

  1. In the VRF green context, configure the route policy dvrmap3 for DvR:

    Switch:1(config)#router vrf green
    Switch:1(router-vrf)#route-map dvrmap3 1
    Switch:1(router-vrf-routemap)#enable
    
  2. Use one of the following options to configure an IS-IS accept policy, and apply the route policy as a backbone route policy:

    Configure an IS-IS accept policy for a specific advertising BEB with nickname 1.11.11:

    Switch:1(router-vrf-routemap)#isis accept adv-rtr 1.11.11 backbone-route-map dvrmap3
    Switch:1(router-vrf-routemap)#exit
    Switch:1(router-vrf)#isis accept adv-rtr 1.11.11 enable
    
    Switch:1(router-vrf)#show ip isis accept vrf green
    
    ==================================================================================
                                Isis Accept - VRF green
    ==================================================================================
    
    ADV_RTR  I-SID    ISID-LIST                        ENABLE POLICY       BACKBONE   
                                                                           POLICY
    ----------------------------------------------------------------------------------
    1.11.11  -        -                                TRUE                dvrmap3    
    
    1 out of 1 Total Num of Isis Accept Policies displayed
    
    Switch:1(config)#show ip isis accept vrfids 2 
    
    ==================================================================================
                                Isis Accept - VRF green
    ==================================================================================
    
    ADV_RTR  I-SID    ISID-LIST                        ENABLE POLICY       BACKBONE   
                                                                           POLICY
    ----------------------------------------------------------------------------------
    1.11.11  -        -                                TRUE                dvrmap3    
    
    1 out of 1 Total Num of Isis Accept Policies displayed
    

    Configure an accept policy for I-SID 10:

    Switch:1(router-vrf)#isis accept i-sid 10 backbone-route-map dvrmap3
    Switch:1(router-vrf)#show ip isis accept vrf green
    
    ==================================================================================
                                Isis Accept - VRF green
    ==================================================================================
    
    ADV_RTR  I-SID    ISID-LIST                        ENABLE POLICY       BACKBONE
                                                                           POLICY
    ----------------------------------------------------------------------------------
    -        10       -                                TRUE                dvrmap3
    1 out of 1 Total Num of Isis Accept Policies displayed
    

    Configure an accept policy for the I-SID list listisids:

    Switch:1(router-vrf)#isis accept isid-list listisids backbone-route-map dvrmap3
    Switch:1(router-vrf)#show ip isis accept vrf green
    
    ==================================================================================
                                Isis Accept - VRF green
    ==================================================================================
    
    ADV_RTR  I-SID    ISID-LIST                        ENABLE POLICY       BACKBONE
                                                                           POLICY
    ----------------------------------------------------------------------------------
    -        10       listisids                        TRUE                dvrmap3
    1 out of 1 Total Num of Isis Accept Policies displayed
    

    Configure the default accept policy for IS-IS and DvR:

    Switch:1(router-vrf)#route-map isismap3 1
    Switch:1(router-vrf-routemap)#
    Switch:1(router-vrf-routemap)#enable 
    Switch:1(router-vrf-routemap)#
    Switch:1(router-vrf-routemap)#isis accept route-map isismap3 backbone-route-map dvrmap3
    Switch:1(router-vrf)#
    
    Switch:1(router-vrf)#show ip isis accept vrf green
    
    ==============================================================================
                                Isis Accept - VRF green
    ==============================================================================
    
    ADV_RTR  I-SID    ISID-LIST                        ENABLE POLICY       BACKBONE
                                                                           POLICY
    ------------------------------------------------------------------------------
    -        -        -                                TRUE   isismap3     dvrmap3
    
    1 out of 1 Total Num of Isis Accept Policies displayed
    

    Configure the default accept policy for DvR:

    Switch:1(router-vrf)#isis accept backbone-route-map dvrmap3
    Switch:1(router-vrf)#show ip isis accept vrf green
    
    ===============================================================================
                                Isis Accept - VRF green
    ===============================================================================
    
    ADV_RTR  I-SID    ISID-LIST                        ENABLE POLICY       BACKBONE
                                                                           POLICY
    --------------------------------------------------------------------------------
    -        -        -                                TRUE                dvrmap3  
    
    1 out of 1 Total Num of Isis Accept Policies displayed
    

Example 2:

Configure an accept policy for I–SID 10 that accepts DvR host routes in a subnet, for example, subnet 126.1.1.0/24.

  1. Configure an IP prefix list:

    Switch:1>enable
    Switch:1#configure terminal
    Switch:1(config)#ip prefix-list listPrefix 126.1.1.0/24
  2. For a specific VRF instance, create a route policy to match the IP prefix list:

    Switch:1(config)#router vrf green
    Switch:1(router-vrf)#route-map dvrmap4 1
    Switch:1(router-vrf-routemap)#match network listPrefix
    Switch:1(router-vrf-routemap)#enable
    Switch:1(router-vrf-routemap)#exit
    Switch:1(router-vrf)#
  3. Create an IS-IS accept policy with I-SID 10, and apply the route policy as the backbone route policy:

    Switch:1(router-vrf)#accept i-sid 10 backbone-route-map dvrmap4
    Switch:1(router-vrf)#accept i-sid 10 enable
  4. Apply the IS-IS accept policy:

    Switch:1(router-vrf)#exit
    Switch:1(config)#isis apply accept
  5. Verify the configuration:

    Switch:1(config)#exit
    Switch:1(router-vrf)#show ip isis accept vrf green
    
    ===============================================================================
                                Isis Accept - VRF green
    ===============================================================================
    
    ADV_RTR  I-SID    ISID-LIST                        ENABLE POLICY       BACKBONE
                                                                           POLICY
    --------------------------------------------------------------------------------
    -        -        -                                TRUE                dvrmap4  
    
    1 out of 1 Total Num of Isis Accept Policies displayed
    

Variable definitions

The following table defines parameters for the ip isid-list command.

Variable

Value

WORD<1-32>

Creates a name for your I-SID list.

<1-16777215>

Specifies an I-SID number.

list WORD<1-1024>

Specifies a list of I-SID values. For example, in the format 1,3,5,8-10.

The following table defines parameters for the accept command.

Variable

Value

adv-rtr <x.xx.xx>

Specifies the SPBM nickname for each advertising BEB to allow you to apply the IS-IS accept policy to routes for a specific advertising BEB. The system first uses the default filter, but if a more specific filter for a specific advertising BEB is present the device applies the specific filter.

backbone-route-map WORD<1-64>

Specifies the DvR backbone route map.

enable

Enables an IS-IS accept policy.

i-sid <1-16777215>

Specifies an I-SID number to represent a local or remote Layer 3 VSN to which the IS-IS accept policy applies.

Use the parameter to apply a filter for routes from specific I-SIDs that represent the remote VSN. Based on the routing policy the system applies, the system can redistribute the remote VSN to the VSN where you applied the filter.

An I-SID value of 0 represents the global routing table (GRT).

isid-list WORD<1-32>

Specifies the I-SID list name that represents the local or remote Layer 3 VSNs to which the IS-IS accept policy applies.

Use the parameter to apply a default filter for all routes from specific I-SIDs that represent the remote VSN. Based on the routing policy the system applies, the system redistributes the remote VSN to the VSN where you applied the filter.

An I-SID value of 0 represents the global routing table (GRT).

route-map WORD<1-64>

Specifies a route policy by name.

You must configure the route policy earlier in a separate procedure.

The following table defines parameters for the isis apply accept command.

Variable

Value

vrf WORD<1-16>

Specifies a specific VRF instance.