The Potential for Asymmetric Routing with Multi-Area ISIS

In this article we will explore the how L1 routers choose the path to inter-area prefixes, and how this can easily lend itself to asymmetric routing in certain conditions.

By following along with this article, I hope that you will gain a better understanding of how L1 inter-area routing works.

ISIS treats L1 as a totally NSSA area in OSPF. This is because L1 routers can inject prefixes, and L1/L2 routers hide inter-area routes, only “sending” a default. I put “sending” in quotes, because L1/L2 routers actually just set the attached bit on their L1 LSP, which L1-only routers use to create a default route to the L1/L2 routers.

Lab

To demonstrate the conditions that lend itself to asymmetric routing, we’ll use this topology:

All links have a default metric of 10, except for the link between R1-R2 (50) and R5-R6 (20)

Here are the startup configs:

#R1
int Gi1
 ip address 10.1.2.1 255.255.255.0
 ip router isis
 isis network point-to-point
 isis metric 50
 no shut
!
int Gi2
 ip address 10.1.3.1 255.255.255.0
 ip router isis
 isis network point-to-point
 no shut
!
int lo0
 ip address 1.1.1.1 255.255.255.255
 ip router isis
!
router isis
 net 49.0001.0000.0000.0001.00
 is-type level-1

#R2
int Gi1
 ip address 10.1.2.2 255.255.255.0
 ip router isis
 isis network point-to-point
 isis metric 50
 no shut
!
int Gi2
 ip address 10.2.4.2 255.255.255.0
 ip router isis
 isis network point-to-point
 no shut
!
int lo0
 ip address 2.2.2.2 255.255.255.255
 ip router isis
!
router isis
 net 49.0001.0000.0000.0002.00

#R3
int Gi1
 ip address 10.1.3.3 255.255.255.0
 ip router isis
 isis network point-to-point
 no shut
!
int Gi2
 ip address 10.3.5.3 255.255.255.0
 ip router isis
 isis network point-to-point
 no shut
!
int lo0
 ip address 3.3.3.3 255.255.255.255
 ip router isis
!
router isis
 net 49.0001.0000.0000.0003.00

#R4
int Gi1
 ip address 10.2.4.4 255.255.255.0
 ip router isis
 isis network point-to-point
 no shut
!
int Gi2
 ip address 10.4.6.4 255.255.255.0
 ip router isis
 isis network point-to-point
 no shut
!
int lo0
 ip address 4.4.4.4 255.255.255.255
 ip router isis
!
router isis
 net 49.0002.0000.0000.0004.00

#R5
int Gi1
 ip address 10.3.5.5 255.255.255.0
 ip router isis
 isis network point-to-point
 no shut
!
int Gi2
 ip address 10.5.6.5 255.255.255.0
 ip router isis
 isis network point-to-point
 isis metric 20
 no shut
!
int lo0
 ip address 5.5.5.5 255.255.255.255
 ip router isis
!
router isis
 net 49.0002.0000.0000.0005.00

#R6
int Gi1
 ip address 10.4.6.6 255.255.255.0
 ip router isis
 isis network point-to-point
 no shut
!
int Gi2
 ip address 10.5.6.6 255.255.255.0
 ip router isis
 isis network point-to-point
 isis metric 20
 no shut
!
int lo0
 ip address 6.6.6.6 255.255.255.255
 ip router isis
!
router isis
 net 49.0002.0000.0000.0006.00
 is-type level-1

Before we look at asymmetric routing, I’d like to point out a few things that I think are worth looking at:

  1. We are using the default narrow-metrics which means an interface can have a max cost of 63. This is because the cost field is 6 bits (2^6 - 1 = 63). However, the total path metric can be more than 64. The total path is limited to a max of 1023. R2 currently has a path that is a metric of 70 to 3.3.3.3/32:

  2. Routers will prefer intra-area routes over inter-area routes. Notice that R2 has a lower cost path to 3.3.3.3/32 via R4. This path would be 60, which is lower than the intra-area path’s metric of 70.

Asymmetric Routing

Let’s examine the routers’ paths to other router’s loopback addresses. Using the diagram, try to count how many total asymmetric paths there are, for only destinations to loopback IPs. Each router will have 5 different paths you will examine (for example, examine R1’s paths to 2.2.2.2/32, 3.3.3.3/32, 4.4.4.4/32, 5.5.5.5/32, and 6.6.6.6/32)

We only need to take a look at the first three routers, R1-R3, as any asymmetric paths they have to R4-R6 would just be redundant to list them for R4-R6 as well.

  • R1 has two asymmetric paths (4.4.4.4/32 and 6.6.6.6/32)

    • R1 takes the path R1-R3-R5-R6-R4 to R4, but R4 takes the path R4-R2-R1 back to R1.

  • R2 has one asymmetric path (5.5.5.5/32)

  • R3 has two asymmetric paths (4.4.4.4/32, 6.6.6.6/32)

There are two things going on that cause this asymmetrical routing to happen:

  1. The discontiguous L2

  2. The “totally NSSA” nature of L1

Fixing the missing routing information for L2 prefixes

If you noticed that the L2 is discontigous, great job! The L2 is currently partitioned in two, R2-R4 and R3-R5. This is actually a broken design, because the L2 must be contiguous.

Right now R4 only knows 49.0001 prefixes via R2, and vice versa. Likewise for R5 and R3.

R4 has a better route to 3.3.3.3, but it has no idea that there is a path through R5.

Before we fix the L2 discontinuity, let’s see what happens if we simply leak L2 routes into L1 on all L1/L2 routers. On IOS-XE we must reference a route-map when leaking level-2 routes into level-1. On IOS-XR this is not required.

#R2,3,4,5
route-map LOOPBACKS_RM permit 10
 match ip address prefix-list LOOPBACKS_PL
!
ip prefix-list LOOPBACKS_PL permit 0.0.0.0/0 ge 32
!
router isis
 redistribute isis ip level-2 into level-1 route-map LOOPBACKS_RM

One interesting thing to notice is that L2 prefixes which had a cumulative metric over 63 now have to be advertised as a single metric of 63:

R6#show isis data R4.00-00 detail 


IS-IS Level-1 LSP R4.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime/Rcvd      ATT/P/OL
R4.00-00              0x00000019   0xD942                1086/1199      1/0/0
  Area Address: 49.0002
  NLPID:        0xCC 
  Hostname: R4
  Metric: 10         IS R6.00
  IP Address:   4.4.4.4
  Metric: 10         IP 4.4.4.4 255.255.255.255
  Metric: 10         IP 10.2.4.0 255.255.255.0
  Metric: 10         IP 10.4.6.0 255.255.255.0
  Metric: 63         IP-Interarea 1.1.1.1 255.255.255.255
  Metric: 20         IP-Interarea 2.2.2.2 255.255.255.255
  Metric: 63         IP-Interarea 3.3.3.3 255.255.255.255

Let’s check R4’s route to 3.3.3.3/32 now. Will it be the inter-area path via R5, or the L2 path via R2?

R4#show ip route 3.3.3.3   
Routing entry for 3.3.3.3/32
  Known via "isis", distance 115, metric 73, type level-2
  Redistributing via isis
  Advertised by isis (self originated)
  Last update from 10.2.4.2 on GigabitEthernet1, 04:04:07 ago
  Routing Descriptor Blocks:
  * 10.2.4.2, from 2.2.2.2, 04:04:07 ago, via GigabitEthernet1
      Route metric is 73, traffic share count is 1

The path is still the L2 path via R2, even though the metric (73) is larger than the inter-area path via R5 (50).

Let’s re-calculate the asymmetric paths now:

R1 has one asymmetric path (4.4.4.4/32)

  • 6.6.6.6/32 is no longer asymmetric

R2 has one asymmetric path (5.5.5.5/32)

  • Same as before

R3 has one asymmetric path (4.4.4.4/32)

  • 6.6.6.6/32 is no longer asymmetric

So we see that the leaking of L2 routes into L1 has primarily fixed the asymmetric routing for R1 and R6. Before, R1 and R6 only knew intra-area L1 routes plus a 0/0 to the L1/L2 router with the lowest metric path. Now, R1 and R6 have full knowledge of all /32 loopbacks with the associated metric. R6 can choose to use R5 to 3.3.3.3/32 and 1.1.1.1/32 now, because it knows both R4’s and R5’s cost to reach those prefixes now that they are inter-area routes. Before, all R6 knew was that the path to R5 had a higher cost than the path to R4, so R4 was used for everything that was not an intra-area route.

Fixing the discontiguous L2

Let’s see if fixing the discontiguous L2 will solve the rest of our asymmetric paths.

Let’s simply add a link between R3 Gi3 and R4 Gi3:

#R3
int Gi3
 ip address 10.3.4.3 255.255.255.0
 ip router isis
 isis network point-to-point
 no shut

#R4
int Gi3
 ip address 10.3.4.4 255.255.255.0
 ip router isis
 isis network point-to-point
 no shut

What do you think will happen? Will there be any asymmetric routes still, and if so where are they?

There is one asymmetrical path still:

  • R2 to 5.5.5.5/32

This is because R4 uses the higher metric intra-area path to R5 (R4-R6-R5) instead of the shorter inter-area path (R4-R3-R5). This could be solved with another link connecting R2 to R5.

Summary

The default behaviour of L1 in ISIS causes the potential for asymmetric routing when routers have multiple exit points to the area. Think of the path from R1-R6 before we leaked L2 routes into L1. Because L1 routes by default will not see inter-area routes, they will simply use a L1/L2 router that is reachable via the lowest metric route. However, the reverse traffic may not take the same path. While this is usually not an issue, it could pose a big problem if there is some stateful device, such as a firewall, in the middle. The easiest solution to this is to leak L2 routes into L1. This gives the L1-only routers the “bigger picture” to select a path based on the full end-to-end metric (using the L1/L2 router’s metric to that prefix), instead of blindly selecting the nearest L1/L2 router for every non-intra-area destination.

PreviousISISNextInterarea Routing is Distance-Vector

Last updated