Summary
This chapter reviews the basic concepts underlying the design of the IS-IS routing protocol. The chapter also discusses the two-level hierarchy for controlling distribution of routing information within IS-IS areas and between them: Level 1 and Level 2, respectively. You learned that technically all IS-IS routers belong to one physical Level 1 area because of the node-based addressing scheme of CLNP. The related issue of suboptimal interarea routing resulting from the architecture proposed in ISO 10589 and adopted by RFC 1195 is discussed in detail in Chapter 7, "General Network Design Issues." Chapter 7 also discusses workarounds and IS-IS protocol enhancements that address this major limitation of the original IS-IS protocol architecture.
Other characteristics of the IS-IS protocol discussed in this chapter include functional organization into subnetwork-dependent and subnetwork-independent capabilities, IS-IS packet formats, addressing, and security.
Tied into the subnetwork-dependent capabilities are processes that relate to adjacency discovery, formation, and maintenance. On broadcast links, management of the potentially complex database synchronization process between the many possible adjacent routers is achieved by the election of the designated IS to provide the pseudonode functionality.
The section on IS-IS packet formats elaborated on the basic building blocksnamely, the header and the TLV fields. It was noted that a key strength of the IS-IS protocol is the simplicity by which it can be extended through the introduction of new TLVs without major changes to the protocol architecture. Perhaps the most confusing aspect of IS-IS is the need to deal with two addressing schemes when using it for routing IP. Because Integrated IS-IS adapts the original IS-IS to carry IP information, most of the original architecture (including node addressing) is ported. Integrated IS-IS supports dual-mode operation, in which both IP and CLNP packets are routed essentially by the same IS-IS process. The next chapter covers CLNP addressing and helps alleviate some of the challenges in dealing with this dichotomy.
Like most protocols, security is a concern for IS-IS even though neither ISO 10589 nor RFC 1195 specified any strong authentication schemes for dealing with malicious attacks within an internetworking environment. The simple, clear-text passwords specified provide a useful way to control network misconfiguration and to implement configuration policies.
An IETF draft specification (IS-IS HMAC-MD5 Authentication) proposes more secured authentication of IS-IS packets by using HMAC-MD5 authentication schemes.