ISIS

Junos® OS
IS-IS Feature Guide
Modified: 2019-06-10
Copyright © 2019, Juniper Networks, Inc.

Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States
and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective
owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
®
Junos OS IS-IS Feature Guide
Copyright © 2019 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the
year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks
software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at
https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of
that EULA.
ii Copyright © 2019, Juniper Networks, Inc.

Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Using the Examples in This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Merging a Full Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Merging a Snippet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Creating a Service Request with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Part 1 Overview
Chapter 1 Introduction to IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
IS-IS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
IS-IS Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
ISO Network Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
IS-IS Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Persistent Route Reachability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
IS-IS Support for Multipoint Network Clouds . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Installing a Default Route to the Nearest Routing Device That Operates at
Both IS-IS Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Supported Standards for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
ISIS Fast Reroute Convergence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Part 2 Configuring IS-IS

Chapter 2 Configuring a Basic IS-IS Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Understanding IS-IS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Example: Configuring IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Understanding IS-IS Areas to Divide an Autonomous System into Smaller
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Example: Configuring a Multi-Level IS-IS Topology to Control Interarea
Flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Understanding IS-IS Designated Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Configuring Designated Router Election Priority for IS-IS . . . . . . . . . . . . . . . . . . . 30
Configuring an ISO System Identifier for the Router . . . . . . . . . . . . . . . . . . . . . . . . 31
Understanding Default Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Copyright © 2019, Juniper Networks, Inc. iii

IS-IS Feature Guide
Chapter 3 Configuring IS-IS Authentication and Checksums . . . . . . . . . . . . . . . . . . . . . 33

Configuring IS-IS Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Configuring IS-IS Authentication Without Network-Wide Deployment . . . . . . . . 35
Understanding Hitless Authentication Key Rollover for IS-IS . . . . . . . . . . . . . . . . . 35
Example: Configuring Hitless Authentication Key Rollover for IS-IS . . . . . . . . . . . 36
Understanding Checksums on IS-IS Interfaces for Error Checking . . . . . . . . . . . . . 41
Example: Enabling Packet Checksums on IS-IS Interfaces for Error Checking . . . 42
Chapter 4 Configuring IS-IS Routing Policy and Route Redistribution . . . . . . . . . . . . . 45
Understanding Routing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Importing and Exporting Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Active and Inactive Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Explicitly Configured Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Dynamic Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Understanding Backup Selection Policy for IS-IS Protocol . . . . . . . . . . . . . . . . . . 48
Example: Configuring Backup Selection Policy for IS-IS Protocol . . . . . . . . . . . . . 50
Configuring Backup Selection Policy for the IS-IS Protocol . . . . . . . . . . . . . . . . . . 81
Example: Redistributing OSPF Routes into IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Example: Configuring IS-IS Route Leaking from a Level 2 Area to a Level 1
Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Understanding BGP Communities, Extended Communities, and Large
Communities as Routing Policy Match Conditions . . . . . . . . . . . . . . . . . . . . 103
Example: Configuring a Routing Policy to Redistribute BGP Routes with a Specific
Community Tag into IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
IS-IS Extensions to Support Route Tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Example: Configuring a Routing Policy to Prioritize IS-IS Routes . . . . . . . . . . . . . 115
Configuring Overloading of Stub Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Chapter 5 Configuring IS-IS Bidirectional Forwarding Detection . . . . . . . . . . . . . . . . . 127
Understanding BFD for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Example: Configuring BFD for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Understanding BFD Authentication for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
BFD Authentication Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Security Authentication Keychains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Strict Versus Loose Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Configuring BFD Authentication for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Configuring BFD Authentication Parameters . . . . . . . . . . . . . . . . . . . . . . . . . 138
Viewing Authentication Information for BFD Sessions . . . . . . . . . . . . . . . . . 140
Example: Configuring BFD Authentication for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . 141
Chapter 6 Configuring IS-IS Flood Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Understanding IS-IS Flood Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Example: Configuring IS-IS Flood Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Chapter 7 Configuring IS-IS Multitopology Routing and IPv6 Support . . . . . . . . . . . . 153
IS-IS Multicast Topologies Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Example: Configuring IS-IS Multicast Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Understanding Dual Stacking of IPv4 and IPv6 Unicast Addresses . . . . . . . . . . . 170
Example: Configuring IS-IS Dual Stacking of IPv4 and IPv6 Unicast
Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
iv Copyright © 2019, Juniper Networks, Inc.

Table of Contents
Understanding IS-IS IPv4 and IPv6 Unicast Topologies . . . . . . . . . . . . . . . . . . . . 177

Example: Configuring IS-IS IPv4 and IPv6 Unicast Topologies . . . . . . . . . . . . . . . 178
Chapter 8 Configuring IS-IS Link and Node Link Protection . . . . . . . . . . . . . . . . . . . . . 189
Understanding Loop-Free Alternate Routes for IS-IS . . . . . . . . . . . . . . . . . . . . . . 189
Configuring Link Protection for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Configuring Node-Link Protection for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Excluding an IS-IS Interface as a Backup for Protected Interfaces . . . . . . . . 192
Configuring RSVP Label-Switched Paths as Backup Paths for IS-IS . . . . . . 193
Using Operational Mode Commands to Monitor Protected IS-IS Routes . . . 193
Example: Configuring Node-Link Protection for IS-IS Routes in a Layer 3 VPN . . 193
Understanding Remote LFA over LDP Tunnels in IS-IS Networks . . . . . . . . . . . . 205
Configuring Remote LFA Backup over LDP Tunnels in an IS-IS Network . . . . . . 206
Example: Configuring Remote LFA over LDP Tunnels in IS-IS Networks . . . . . . . 208
Understanding Weighted ECMP Traffic Distribution on One-Hop IS-IS
Neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Example: Weighted ECMP Traffic Distribution on One-Hop IS-IS Neighbors . . . . 221
Chapter 9 Configuring IS-IS Traffic Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
IS-IS Extensions to Support Traffic Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . 246
IS-IS IGP Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Using Labeled-Switched Paths to Augment SPF to Compute IGP Shortcuts . . 246
Example: Enabling IS-IS Traffic Engineering Support . . . . . . . . . . . . . . . . . . . . . 248
Understanding Forwarding Adjacencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Example: Advertising Label-Switched Paths into IS-IS . . . . . . . . . . . . . . . . . . . . 263
Understanding Wide IS-IS Metrics for Traffic Engineering . . . . . . . . . . . . . . . . . . 272
Example: Enabling Wide IS-IS Metrics for Traffic Engineering . . . . . . . . . . . . . . . 272
Understanding LDP-IGP Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Synchronization Behavior During Graceful Restart . . . . . . . . . . . . . . . . . . . . 276
Synchronization Behavior on LAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 276
Synchronization Behavior on IGP Passive Interfaces . . . . . . . . . . . . . . . . . . . 276
Synchronization and TE Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Example: Configuring Synchronization Between IS-IS and LDP . . . . . . . . . . . . . . 277
Layer 2 Mapping for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Example: Configuring Layer 2 Mapping for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Understanding Source Packet Routing in Networking (SPRING) . . . . . . . . . . . . 289
Understanding Adjacency Segments, Anycast Segments, and Configurable
SRGB in SPRING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Benefits of Anycast Segments, Adjacency Segments, and Configurable
SRGB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Configurable Segment Routing Global Block . . . . . . . . . . . . . . . . . . . . . . . . 293
Adjacency Segments and Prefix Segments . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Configurable Adjacency Segment Hold Time . . . . . . . . . . . . . . . . . . . . 294
Prefix Segment Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Anycast Segments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Example: Configuring Segment Routing Global Blocks in SPRING for IS-IS to
Increase Network Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Copyright © 2019, Juniper Networks, Inc. v

IS-IS Feature Guide
Example: Configuring Anycast and Prefix Segments in SPRING for IS-IS to

Increase Network Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Configuring Segment Routing Global Blocks Label Ranges in SPRING for IS-IS
Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Configuring Anycast and Prefix segments in SPRING for IS-IS Protocol . . . . . . . 327
Understanding Topology-Independent Loop-Free Alternate with Segment
Routing for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Configuring Topology-Independent Loop-Free Alternate with Segment Routing
for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Example: Configuring Topology Independent Loop-Free Alternate with Segment
Routing for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Static Adjacency Segment Identifier for ISIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Chapter 10 Configuring IS-IS Scaling and Throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Understanding Link-State PDU Throttling for IS-IS Interfaces . . . . . . . . . . . . . . 359
Example: Configuring the Transmission Frequency for Link-State PDUs on IS-IS
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Understanding the Transmission Frequency for CSNPs on IS-IS Interfaces . . . . 365
Example: Configuring the Transmission Frequency for CSNP Packets on IS-IS
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Understanding IS-IS Mesh Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Example: Configuring Mesh Groups of IS-IS Interfaces . . . . . . . . . . . . . . . . . . . . . 371
Chapter 11 Configuring IS-IS CLNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Understanding IS-IS for CLNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Example: Configuring IS-IS for CLNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Chapter 12 Configuring IS-IS on Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Introduction to Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Example: Configuring IS-IS on Logical Systems Within the Same Router . . . . . 384
Example: Configuring an IS-IS Default Route Policy on Logical Systems . . . . . . 395
Part 3 Monitoring and Troubleshooting Network Issues

Chapter 13 Monitoring Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Example: Tracing Global Routing Protocol Operations . . . . . . . . . . . . . . . . . . . . 405
IS-IS Purge Originator Identification Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Chapter 14 Troubleshooting Network Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Working with Problems on Your Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Isolating a Broken Network Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Identifying the Symptoms of a Broken Network Connection . . . . . . . . . . . . . . . . 413
Isolating the Causes of a Network Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Taking Appropriate Action for Resolving the Network Problem . . . . . . . . . . . . . . 415
Evaluating the Solution to Check Whether the Network Problem Is Resolved . . 416
Chapter 15 Troubleshooting IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Verifying the IS-IS Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
Verify the LSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Verify IS-IS Adjacencies and Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
vi Copyright © 2019, Juniper Networks, Inc.

Table of Contents
Verify the IS-IS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423

Take Appropriate Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
Verify the LSP Again . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
Verifying the IS-IS Configuration on a Router in a Network . . . . . . . . . . . . . . . . . 428
Check the Configuration of a Level 1/Level 2 Router . . . . . . . . . . . . . . . . . . . 430
Check the Configuration of a Level 1 Router . . . . . . . . . . . . . . . . . . . . . . . . . . 432
Check the Configuration of a Level 2 Router . . . . . . . . . . . . . . . . . . . . . . . . . 434
Displaying the Status of IS-IS Adjacencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Verifying Adjacent Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Examine the Forwarding Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Displaying Detailed IS-IS Protocol Information . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Analyzing IS-IS Link-State PDUs in Detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Displaying Sent or Received IS-IS Protocol Packets . . . . . . . . . . . . . . . . . . . . . . . 443
Part 4 Configuration Statements and Operational Commands

Chapter 16 Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
admin-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
adjacency-segment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
authentication-key (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
authentication-key-chain (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
authentication-type (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
auto-bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
backup-selection (Protocols ISIS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
backup-spf-options (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
bfd-liveness-detection (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
checksum (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
clns-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
clns-updown-compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
context-identifier (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
csnp-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
disable (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
disable (LDP Synchronization for IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
external-preference (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
family (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
flood-group (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
graceful-restart (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
hello-authentication-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
hello-authentication-key-chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
hello-authentication-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
hello-interval (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
hello-padding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
hold-time (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
hold-time (LDP Synchronization for IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490
ignore-attached-bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
ignore-lsp-metrics (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
import (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Copyright © 2019, Juniper Networks, Inc. vii

IS-IS Feature Guide
interface (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494

interface-group-holddown-delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
interface (Protocols ISIS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
ipv4-multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
ipv4-multicast-metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
ipv6-multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
ipv6-multicast-metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
ipv6-unicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505
ipv6-unicast-metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
isis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
label-switched-path (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
layer2-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
ldp-synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
level (Global IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
level (IS-IS Interfaces) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
link-group-protection (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514
link-protection (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
loose-authentication-check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
lsp-equal-cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
lsp-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
lsp-lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
max-areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
max-hello-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
max-lsp-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
max-snp-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
mesh-group (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526
metric (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
multicast-rpf-routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528
multipath (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
multipath (SPF Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
no-adjacency-down-notification (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . 531
no-adjacency-holddown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
no-authentication-check (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
no-advertise-adjacency-segment (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . 534
no-csnp-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
node-protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
node-segment (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538
node-tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540
node-link-protection (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
no-eligible-backup (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543
no-eligible-remote-backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544
no-hello-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
no-ipv4-multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546
no-ipv4-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
no-ipv6-multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548
no-ipv6-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549
no-ipv6-unicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550
no-psnp-authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551
viii Copyright © 2019, Juniper Networks, Inc.

Table of Contents
no-unicast-topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
overload (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553
passive (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
per-interface-per-member-link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558
per-sid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
point-to-point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560
post-convergence-lfa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561
preference (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
prefix-export-limit (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
prefix-segment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564
priority (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565
protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566
purge-originator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
reference-bandwidth (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
remote-backup-calculation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
rib-group (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572
routing-instances (Multiple Routing Entities) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573
sensor-based-stats (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574
shortcuts (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575
spf-options (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
static-host-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 578
source-packet-routing-disable (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . 579
source-packet-routing (Protocols IS-IS and OSPF) . . . . . . . . . . . . . . . . . . . . . . 580
srgb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582
te-metric (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583
topologies (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584
traceoptions (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
traffic-engineering (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588
traffic-statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 592
update-threshold-max-reservable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
use-source-packet-routing (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . 594
use-post-convergence-lfa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595
use-for-post-convergence-lfa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596
wide-metrics-only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597
Chapter 17 Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
clear bfd adaptation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601
clear bfd session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
clear isis adjacency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
clear isis database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606
clear isis overload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608
clear isis statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
clear isis spring traffic-statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612
ping clns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613
restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615
show auto-bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 626
show bfd session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629
show isis adjacency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640
show isis adjacency holddown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
Copyright © 2019, Juniper Networks, Inc. ix

IS-IS Feature Guide
show isis authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648

show isis backup coverage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 650
show isis backup label-switched-path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 652
show backup-selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 654
show isis backup spf results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661
show isis context-identifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665
show isis database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667
show isis hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681
show isis interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683
show isis interface-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 688
show isis layer2-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 690
show isis overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 692
show isis purge log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 697
show isis route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699
show isis route download priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 704
show isis spf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 707
show isis spring interface traffic-statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 712
show isis spring sensor info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713
show isis statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 715
show policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 718
show policy conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721
show route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723
show route active-path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745
show route advertising-protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 750
show route all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 756
show route best . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 758
show route brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761
show route detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763
show route exact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784
show route export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 786
show route extensive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 789
show route forwarding-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 808
show route hidden . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 826
show route inactive-path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 829
show route instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833
show route next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 841
show route output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847
show route protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 852
show route receive-protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 866
show route table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876
show route terse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 919
show security keychain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 922
test policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 925
traceroute clns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 927
x Copyright © 2019, Juniper Networks, Inc.

List of Figures
Part 1 Overview
Chapter 1 Introduction to IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Figure 1: Install Default Route to Nearest Routing Device That Operates at Both
Level 1 and Level 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Figure 2: Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Chapter 2 Configuring a Basic IS-IS Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Figure 3: Simple IS-IS Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Figure 4: IS-IS Multi-Level Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Chapter 3 Configuring IS-IS Authentication and Checksums . . . . . . . . . . . . . . . . . . . . . 33
Figure 5: Hitless Authentication Key Rollover for IS-IS . . . . . . . . . . . . . . . . . . . . . . 37
Figure 6: IS-IS Checksum Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Chapter 4 Configuring IS-IS Routing Policy and Route Redistribution . . . . . . . . . . . . . 45
Figure 7: Importing and Exporting Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Figure 8: Backup Selection Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Figure 9: IS-IS Route Redistribution Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Figure 10: Route Leaking from a Level 2 Area to a Level 1 Area . . . . . . . . . . . . . . . . 97
Figure 11: Redistributing BGP Routes with a Specific Community Tag into
IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Figure 12: Example: Configuring a Routing Policy to prioritize IS-IS Routes . . . . . . 116
Figure 13: Configuring BFD for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Figure 14: IS-IS BFD Authentication Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Chapter 6 Configuring IS-IS Flood Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Figure 15: Flood Group Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Figure 16: Configuring IS-IS Multicast Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Figure 17: IS-IS IPv4 and IPv6 Dual Stacking Topology . . . . . . . . . . . . . . . . . . . . . 172
Figure 18: IS-IS IPv4 and IPv6 Unicast Topologies . . . . . . . . . . . . . . . . . . . . . . . . 180
Chapter 8 Configuring IS-IS Link and Node Link Protection . . . . . . . . . . . . . . . . . . . . . 189
Figure 19: Link Protection and Node-Link Protection Comparison for IS-IS
Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Figure 20: IS-IS Node-Link Protection Topology . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Figure 21: Configuring Remote LFA over LDP Tunnels in IS-IS Networks . . . . . . . 209
Copyright © 2019, Juniper Networks, Inc. xi

IS-IS Feature Guide
Figure 22: Weighted ECMP Traffic Distribution on One Hop IS-IS Neighbors . . . 222
Chapter 9 Configuring IS-IS Traffic Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Figure 23: Typical SPF Tree, Sourced from Router A . . . . . . . . . . . . . . . . . . . . . . . 247
Figure 24: Modified SPF Tree, Using LSP A–D as a Shortcut . . . . . . . . . . . . . . . . 247
Figure 25: IS-IS Shortcuts Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Figure 26: IS-IS Advertising a Label-Switched Path Topology . . . . . . . . . . . . . . . 264
Figure 27: IS-IS Wide Metrics Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Figure 28: IS-IS and LDP Synchronization Topology . . . . . . . . . . . . . . . . . . . . . . . 278
Figure 29: Configuring Layer 2 Mapping for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . 283
Figure 30: Topology-Independent Loop-Free Alternate with Segment Routing
for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Chapter 10 Configuring IS-IS Scaling and Throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Figure 31: IS-IS Link-State PDU Interval Topology . . . . . . . . . . . . . . . . . . . . . . . . 360
Figure 32: IS-IS CSNP Interval Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
Figure 33: IS-IS Mesh Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Chapter 12 Configuring IS-IS on Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Figure 34: Logical Systems Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Figure 35: IS-IS on Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
Figure 36: IS-IS with a Default Route to an ISP . . . . . . . . . . . . . . . . . . . . . . . . . . 395

Figure 37: Process for Diagnosing Problems in Your Network . . . . . . . . . . . . . . . . 412
Figure 38: Network with a Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Figure 39: MPLS Network Broken at the IS-IS Protocol Layer . . . . . . . . . . . . . . . 420
Figure 40: Levels in an IS-IS Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Figure 41: IS-IS Network Topology with Details . . . . . . . . . . . . . . . . . . . . . . . . . . 430
Figure 42: IS-IS Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
xii Copyright © 2019, Juniper Networks, Inc.

List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii

Table 3: Configuring BFD for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Table 4: IPv4 Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Table 5: IPv6 Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Table 6: Choosing the Right Solution to Address Next-Generation Addressing
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Table 7: Checklist for Working with Problems on Your Network . . . . . . . . . . . . . . 411
Table 8: IS-IS Protocol Tracing Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Part 4 Configuration Statements and Operational Commands

Chapter 16 Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
Table 9: Default Metric Values for Routes Exported into IS-IS . . . . . . . . . . . . . . . 527
Chapter 17 Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
Table 10: show bfd session Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631
Table 11: show isis adjacency Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
Table 12: show isis authentication Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . 649
Table 13: show isis backup coverage Output Fields . . . . . . . . . . . . . . . . . . . . . . . 650
Table 14: show isis backup label-switched-path Output Fields . . . . . . . . . . . . . . 652
Table 15: show backup-selection Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . 654
Table 16: show isis backup spf results Output Fields . . . . . . . . . . . . . . . . . . . . . . 662
Table 17: show isis context-identifier Output Fields . . . . . . . . . . . . . . . . . . . . . . . 665
Table 18: show isis database Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 668
Table 19: show isis hostname Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681
Table 20: show isis interface Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684
Table 21: show layer2-map Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 688
Table 22: show isis layer2-map Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 690
Copyright © 2019, Juniper Networks, Inc. xiii

IS-IS Feature Guide
Table 23: show isis overview Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 692

Table 24: show isis purge log Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 697
Table 25: show isis route Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 700
Table 26: show isis route Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
Table 27: show isis spf Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 708
Table 28: show isis spring sensor info Output Fields . . . . . . . . . . . . . . . . . . . . . . . 713
Table 29: show isis statistics Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 716
Table 30: show policy Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719
Table 31: show policy conditions Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 721
Table 32: show route Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 724
Table 33: show route advertising-protocol Output Fields . . . . . . . . . . . . . . . . . . . 751
Table 34: show route detail Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763
Table 35: Next-hop Types Output Field Values . . . . . . . . . . . . . . . . . . . . . . . . . . 769
Table 36: State Output Field Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771
Table 37: Communities Output Field Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 773
Table 38: show route export Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 787
Table 39: show route extensive Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 789
Table 40: show route forwarding-table Output Fields . . . . . . . . . . . . . . . . . . . . . . 811
Table 41: show route instance Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 834
Table 42: show route receive-protocol Output Fields . . . . . . . . . . . . . . . . . . . . . 867
Table 43: show route table Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877
Table 44: Next-hop Types Output Field Values . . . . . . . . . . . . . . . . . . . . . . . . . . 883
Table 45: State Output Field Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885
Table 46: Communities Output Field Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . 887
Table 47: show route terse Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 919
Table 48: show security keychain Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . 922
Table 49: Traceroute clns Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 927
xiv Copyright © 2019, Juniper Networks, Inc.

About the Documentation
• Documentation and Release Notes on page xv

• Using the Examples in This Manual on page xv
• Documentation Conventions on page xvii
• Documentation Feedback on page xix
• Requesting Technical Support on page xix
Documentation and Release Notes

®
To obtain the most current version of all Juniper Networks technical documentation,
see the product documentation page on the Juniper Networks website at
https://www.juniper.net/documentation/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at https://www.juniper.net/books.
Using the Examples in This Manual
If you want to use the examples in this manual, you can use the load merge or the load
merge relative command. These commands cause the software to merge the incoming
configuration into the current candidate configuration. The example does not become
active until you commit the candidate configuration.
If the example configuration contains the top level of the hierarchy (or multiple
hierarchies), the example is a full example. In this case, use the load merge command.
If the example configuration does not start at the top level of the hierarchy, the example
is a snippet. In this case, use the load merge relative command. These procedures are
described in the following sections.
Copyright © 2019, Juniper Networks, Inc. xv

IS-IS Feature Guide
Merging a Full Example

To merge a full example, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration example into a
text file, save the file with a name, and copy the file to a directory on your routing
platform.
For example, copy the following configuration to a file and name the file ex-script.conf.
Copy the ex-script.conf file to the /var/tmp directory on your routing platform.
system {
scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces {
fxp0 {
disable;
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
2. Merge the contents of the file into your routing platform configuration by issuing the
load merge configuration mode command:
[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete
Merging a Snippet
To merge a snippet, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration snippet into a text
file, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file
ex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp directory
on your routing platform.
commit {
file ex-script-snippet.xsl; }
xvi Copyright © 2019, Juniper Networks, Inc.

2. Move to the hierarchy level that is relevant for this snippet by issuing the following
configuration mode command:
[edit]
user@host# edit system scripts
[edit system scripts]
3. Merge the contents of the file into your routing platform configuration by issuing the
load merge relative configuration mode command:
[edit system scripts]

user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete
For more information about the load command, see CLI Explorer.
Documentation Conventions
Table 1 on page xvii defines notice icons used in this guide.
Table 1: Notice Icons
Icon Meaning Description
Informational note Indicates important features or instructions.
Caution Indicates a situation that might result in loss of data or hardware damage.
Warning Alerts you to the risk of personal injury or death.
Laser warning Alerts you to the risk of personal injury from a laser.
Tip Indicates helpful information.
Best practice Alerts you to a recommended use or implementation.
Table 2 on page xviii defines the text and syntax conventions used in this guide.
Copyright © 2019, Juniper Networks, Inc. xvii

IS-IS Feature Guide
Table 2: Text and Syntax Conventions
Convention Description Examples
Bold text like this Represents text that you type. To enter configuration mode, type the
configure command:
user@host> configure
Fixed-width text like this Represents output that appears on the user@host> show chassis alarms
terminal screen.
No alarms currently active
Italic text like this • Introduces or emphasizes important • A policy term is a named structure
new terms. that defines match conditions and
• Identifies guide names. actions.
• • Junos OS CLI User Guide

Identifies RFC and Internet draft titles.
• RFC 1997, BGP Communities Attribute
Italic text like this Represents variables (options for which Configure the machine’s domain name:
you substitute a value) in commands or
configuration statements. [edit]
root@# set system domain-name
domain-name
Text like this Represents names of configuration • To configure a stub area, include the
statements, commands, files, and stub statement at the [edit protocols
directories; configuration hierarchy levels; ospf area area-id] hierarchy level.
or labels on routing platform • The console port is labeled CONSOLE.
components.
< > (angle brackets) Encloses optional keywords or variables. stub <default-metric metric>;
| (pipe symbol) Indicates a choice between the mutually broadcast | multicast

exclusive keywords or variables on either
side of the symbol. The set of choices is (string1 | string2 | string3)
often enclosed in parentheses for clarity.
# (pound sign) Indicates a comment specified on the rsvp { # Required for dynamic MPLS only
same line as the configuration statement
to which it applies.
[ ] (square brackets) Encloses a variable for which you can community name members [
substitute one or more values. community-ids ]
Indention and braces ( { } ) Identifies a level in the configuration [edit]

hierarchy. routing-options {
static {
route default {
; (semicolon) Identifies a leaf statement at a
nexthop address;
configuration hierarchy level.
retain;
}
}
}
GUI Conventions
xviii Copyright © 2019, Juniper Networks, Inc.

Table 2: Text and Syntax Conventions (continued)
Convention Description Examples
Bold text like this Represents graphical user interface (GUI) • In the Logical Interfaces box, select
items you click or select. All Interfaces.
• To cancel the configuration, click
Cancel.
> (bold right angle bracket) Separates levels in a hierarchy of menu In the configuration editor hierarchy,
selections. select Protocols>Ospf.
Documentation Feedback
We encourage you to provide feedback so that we can improve our documentation. You
can use either of the following methods:
• Online feedback system—Click TechLibrary Feedback, on the lower right of any page
on the Juniper Networks TechLibrary site, and do one of the following:
• Click the thumbs-up icon if the information on the page was helpful to you.
• Click the thumbs-down icon if the information on the page was not helpful to you
or if you have suggestions for improvement, and use the pop-up form to provide
feedback.
• E-mail—Send your comments to [email protected]. Include the document

or topic name, URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active Juniper Care or Partner Support
Services support contract, or are covered under warranty, and need post-sales technical
support, you can access our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,

review the JTAC User Guide located at
https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
• Product warranties—For product warranty information, visit

https://www.juniper.net/support/warranty/.
• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Copyright © 2019, Juniper Networks, Inc. xix

IS-IS Feature Guide
Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
• Find CSC offerings: https://www.juniper.net/customers/support/
• Search for known bugs: https://prsearch.juniper.net/
• Find product documentation: https://www.juniper.net/documentation/
• Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
• Download the latest versions of software and review release notes:

https://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:

https://kb.juniper.net/InfoCenter/
• Join and participate in the Juniper Networks Community Forum:

https://www.juniper.net/company/communities/
• Create a service request online: https://myjuniper.juniper.net
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/
Creating a Service Request with JTAC

You can create a service request with JTAC on the Web or by telephone.
• Visit https://myjuniper.juniper.net.
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see

https://support.juniper.net/support/requesting-support/.
xx Copyright © 2019, Juniper Networks, Inc.

PART 1
Overview
• Introduction to IS-IS on page 3
Copyright © 2019, Juniper Networks, Inc. 1

IS-IS Feature Guide
2 Copyright © 2019, Juniper Networks, Inc.

CHAPTER 1
Introduction to IS-IS
• IS-IS Overview on page 3

• Supported Standards for IS-IS on page 8
• ISIS Fast Reroute Convergence on page 9
IS-IS Overview
The IS-IS protocol is an interior gateway protocol (IGP) that uses link-state information
to make routing decisions.
IS-IS is a link-state IGP that uses the shortest-path-first (SPF) algorithm to determine
routes. IS-IS evaluates the topology changes and determines whether to perform a full
SPF recalculation or a partial route calculation (PRC). This protocol originally was
developed for routing International Organization for Standardization (ISO) Connectionless
Network Protocol (CLNP) packets.
Like OSPF routing, IS-IS uses hello packets that allow network convergence to occur
quickly when network changes are detected. IS-IS uses the SPF algorithm to determine
routes. Using SPF, IS-IS evaluates network topology changes and determines if a full or
partial route calculation is required.
NOTE: Because IS-IS uses ISO addresses, the configuration of IP version 6

(IPv6) and IP version 4 (IPv4) implementations of IS-IS is identical.
NOTE: See Platforms/FPCs That Cannot Forward TCC Encapsulated ISO

Traffic to find a list of those devices and FPC configurations that cannot pass
ISO traffic when encapsulated in TCC format.
This section discusses the following topics:
• IS-IS Terminology on page 4

• ISO Network Addresses on page 4
• IS-IS Packets on page 6
• Persistent Route Reachability on page 7

IS-IS Feature Guide
• IS-IS Support for Multipoint Network Clouds on page 7

• Installing a Default Route to the Nearest Routing Device That Operates at Both IS-IS
Levels on page 7
IS-IS Terminology
An IS-IS network is a single autonomous system (AS), also called a routing domain, that
consists of end systems and intermediate systems. End systems are network entities that
send and receive packets. Intermediate systems send and receive packets and relay
(forward) packets. (Intermediate system is the Open System Interconnection [OSI] term
for a router.) ISO packets are called network PDUs.
In IS-IS, a single AS can be divided into smaller groups called areas. Routing between
areas is organized hierarchically, allowing a domain to be administratively divided into
smaller areas. This organization is accomplished by configuring Level 1 and Level 2
intermediate systems. Level 1 systems route within an area; when the destination is
outside an area, they route toward a Level 2 system. Level 2 intermediate systems route
between areas and toward other ASs. No IS-IS area functions strictly as a backbone.
Level 1 routers share intra-area routing information, and Level 2 routers share interarea
information about IP addresses available within each area. Uniquely, IS-IS routers can
act as both Level 1 and Level 2 routers, sharing intra-area routes with other Level 1 routers
and interarea routes with other Level 2 routers.
The propagation of link-state updates is determined by the level boundaries. All routers
within a level maintain a complete link-state database of all other routers in the same
level. Each router then uses the Dijkstra algorithm to determine the shortest path from
the local router to other routers in the link-state database.
ISO Network Addresses

IS-IS uses ISO network addresses. Each address identifies a point of connection to the
network, such as a router interface, and is called a network service access point (NSAP).
IS-IS supports multiple NSAP addresses on the loopback lo0 interface.
An end system can have multiple NSAP addresses, in which case the addresses differ
only by the last byte (called the n-selector). Each NSAP represents a service that is
available at that node. In addition to having multiple services, a single node can belong
to multiple areas.
Each network entity also has a special network address called a network entity title (NET).
Structurally, an NET is identical to an NSAP address but has an n-selector of 00. Most
end systems and intermediate systems have one NET. Intermediate systems that
participate in multiple areas can have multiple NETs.
The following ISO addresses illustrate the IS-IS address format:
49.0001.00a0.c96b.c490.00
49.0001.2081.9716.9018.00

Chapter 1: Introduction to IS-IS
NETs take several forms, depending on your network requirements. NET addresses are
hexadecimal and range from 8 octets to 20 octets in length. Generally, the format consists
of an authority and format Identifier (AFI), a domain ID, an area ID, a system identifier,
and a selector. The simplest format omits the domain ID and is 10 octets long. For
example, the NET address 49.0001.1921.6800.1001.00 consists of the following parts:
• 49—AFI
• 0001—Area ID
• 1921.6800.1001—System identifier
• 00—Selector
The system identifier must be unique within the network. For an IP-only network, we
recommend using the IP address of an interface on the router. Configuring a loopback
NET address with the IP address is helpful when troubleshooting is required on the
network.
The first portion of the address is the area number, which is a variable number from 1
through 13 bytes. The first byte of the area number (49) is the authority and format
indicator (AFI). The next bytes are the assigned domain (area) identifier, which can be
from 0 through 12 bytes. In the examples above, the area identifier is 0001.
The next six bytes form the system identifier. The system identifier can be any six bytes
that are unique throughout the entire domain. The system identifier commonly is the
media access control (MAC) address (as in the first example, 00a0.c96b.c490) or the
IP address expressed in binary-coded decimal (BCD) (as in the second example,
2081.9716.9018, which corresponds to IP address 208.197.169.18). The last byte (00) is
the n-selector.
NOTE: The system identifier cannot be 0000.0000.0000. All 0s is an illegal

setting, and the adjacency is not formed with this setting.
®
To provide help with IS-IS debugging, the Junos operating system (Junos OS) supports
dynamic mapping of ISO system identifiers to the hostname. Each system can be
configured with a hostname, which allows the system identifier-to-hostname mapping
to be carried in a dynamic hostname type, length, and value (TLV) tuple in IS-IS link-state
PDUs. This enables intermediate systems in the routing domain to learn about the ISO
system identifier of a particular intermediate system.

IS-IS Feature Guide
IS-IS Packets
Each IS-IS PDU shares a common header. IS-IS uses the following PDUs to exchange
protocol information:
• IS-IS hello (IIH) PDUs—Broadcast to discover the identity of neighboring IS-IS systems
and to determine whether the neighbors are Level 1 or Level 2 intermediate systems.
IS-IS hello PDUs establish adjacencies with other routers and have three different
formats: one for point-to-point hello packets, one for Level 1 broadcast links, and one
for Level 2 broadcast links. Level 1 routers must share the same area address to form
an adjacency, while Level 2 routers do not have this limitation. The request for adjacency
is encoded in the Circuit type field of the PDU.
Hello PDUs have a preset length assigned to them. The IS-IS router does not resize
any PDU to match the maximum transmission unit (MTU) on a router interface. Each
interface supports the maximum IS-IS PDU of 1492 bytes, and hello PDUs are padded
to meet the maximum value. When the hello is sent to a neighboring router, the
connecting interface supports the maximum PDU size.
• Link-state PDUs—Contain information about the state of adjacencies to neighboring

IS-IS systems. Link-state PDUs are flooded periodically throughout an area.
Also included is metric and IS-IS neighbor information. Each link-state PDU must be
refreshed periodically on the network and is acknowledged by information within a
sequence number PDU.
On point-to-point links, each link-state PDU is acknowledged by a partial sequence

number PDU (PSNP), but on broadcast links, a complete sequence number PDU
(CSNP) is sent out over the network. Any router that finds newer link-state PDU
information in the CSNP then purges the out-of-date entry and updates the link-state
database.
Link-state PDUs support variable-length subnet mask addressing.
• Complete sequence number PDUs (CSNPs)—Contain a complete list of all link-state

PDUs in the IS-IS database. CSNPs are sent periodically on all links, and the receiving
systems use the information in the CSNP to update and synchronize their link-state
PDU databases. The designated router multicasts CSNPs on broadcast links in place
of sending explicit acknowledgments for each link-state PDU.
Contained within the CSNP is a link-state PDU identifier, a lifetime, a sequence number,
and a checksum for each entry in the database. Periodically, a CSNP is sent on both
broadcast and point-to-point links to maintain a correct database. Also, the
advertisement of CSNPs occurs when an adjacency is formed with another router. Like
IS-IS hello PDUs, CSNPs come in two types: Level 1 and Level 2.
When a device receives a CSNP, it checks the database entries against its own local
link-state database. If it detects missing information, the device requests specific
link-state PDU details using a partial sequence number PDU (PSNP).
• Partial sequence number PDUs (PSNPs)—Sent multicast by a receiver when it detects

that it is missing a link-state PDU (when its link-state PDU database is out of date).
The receiver sends a PSNP to the system that transmitted the CSNP, effectively

requesting that the missing link-state PDU be transmitted. That routing device, in turn,
forwards the missing link-state PDU to the requesting routing device.
A PSNP is used by an IS-IS router to request link-state PDU information from a

neighboring router. A PSNP can also explicitly acknowledge the receipt of a link-state
PDU on a point-to-point link. On a broadcast link, a CSNP is used as implicit knowledge.
Like hello PDUs and CSNPs, the PSNP also has two types: Level 1 and Level 2.
When a device compares a CSNP to its local database and determines that a link-state
PDU is missing, the router issues a PSNP for the missing link-state PDU, which is returned
in a link-state PDU from the router sending the CSNP. The received link-state PDU is
then stored in the local database, and an acknowledgment is sent back to the originating
router.
Persistent Route Reachability

IPv4 and IPv6 route reachability information in IS-IS link-state PDUs is preserved when
you commit a configuration. IP prefixes are preserved with their original packet fragment
upon link-state PDU regeneration.
IS-IS Support for Multipoint Network Clouds

IS-IS does not support multipoint configurations. Therefore, when configuring Frame
Relay or Asynchronous Transfer Mode (ATM) networks, you must configure them as
collections of point-to-point links, not as multipoint clouds.
Installing a Default Route to the Nearest Routing Device That Operates at Both IS-IS Levels
When a routing device that operates as both a Level 1 and Level 2 router (Router B)
determines that it can reach at least one area other than its own (for example, in Area
Y), it sets the ATTACHED bit in its Level 1 link-state PDU. Thereafter, the Level 1 router
(Router A) introduces a default route pointing to the nearest attached routing device
that operates as both a Level 1 and Level 2 router (Router B). See Figure 1 on page 7.
Figure 1: Install Default Route to Nearest Routing Device That Operates at Both Level 1
and Level 2

IS-IS Feature Guide
Related • Understanding IS-IS Configuration on page 13

Documentation
• Example: Configuring IS-IS on page 14
Supported Standards for IS-IS
Junos OS substantially supports the following standards for IS-IS.
• International Organization for Standardization/International Electrotechnical

Commission (ISO/IEC) 8473, Information technology — Protocol for providing the
connectionless-mode network service
• ISO 9542, End System to Intermediate System Routing Exchange Protocol for Use in
Conjunction with the Protocol for the Provision of the Connectionless-mode Network
Service
• ISO/IEC 10589, Information technology — Telecommunications and information exchange

between systems — Intermediate System to Intermediate System intra-domain routeing
information exchange protocol for use in conjunction with the protocol for providing the
connectionless-mode network service (ISO 8473)
• RFC 1195, Use of OSI IS-IS for Routing in TCP/IP and Dual Environments
• RFC 3719, Recommendations for Interoperable Networks using Intermediate System to

Intermediate System (IS-IS)
• RFC 3847, Restart Signaling for Intermediate System to Intermediate System (IS-IS)
• RFC 5120, M-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate
Systems (IS-ISs)
• RFC 5130, A Policy Control Mechanism in IS-IS Using Administrative Tags
• RFC 5286, Basic Specification for IP Fast Reroute: Loop-Free Alternates
• RFC 5301, Dynamic Hostname Exchange Mechanism for IS-IS
• RFC 5302, Domain-Wide Prefix Distribution with Two-Level IS-IS
• RFC 5303, Three-Way Handshake for IS-IS Point-to-Point Adjacencies
• RFC 5304, IS-IS Cryptographic Authentication
• RFC 5305, IS-IS Extensions for Traffic Engineering
• RFC 5306, Restart Signaling for IS-IS
• RFC 5307, IS-IS Extensions in Support of Generalized Multi-Protocol Label Switching

(GMPLS)
• RFC 5308, Routing IPv6 with IS-IS
• RFC 5310, IS-IS Generic Cryptographic Authentication
• RFC 5880, Bidirectional Forwarding Detection (BFD)
• RFC 6232, Purge Originator Identification TLV for IS-IS

The following RFCs do not define standards, but provide information about IS-IS and
related technologies. The IETF classifies them as “Informational.”
• RFC 2973, IS-IS Mesh Groups
• RFC 3358, Optional Checksums in Intermediate System to Intermediate System (ISIS)
• RFC 3359, Reserved Type, Length and Value (TLV) Codepoints in Intermediate System
to Intermediate System
• RFC 3373, Three-Way Handshake for Intermediate System to Intermediate System (IS-IS)
Point-to-Point Adjacencies
• RFC 3567, Intermediate System to Intermediate System (IS-IS) Cryptographic

Authentication
• RFC 3787, Recommendations for Interoperable IP Networks using Intermediate System

to Intermediate System (IS-IS)
• RFC 5309, Point-to-Point Operation over LAN in Link State Routing Protocols
• Internet draft draft-ietf-isis-wg-255adj-02.txt, Maintaining more than 255 circuits in

IS-IS
Related • IS-IS Overview on page 3

Documentation
• Supported ES-IS Standards
• Accessing Standards Documents on the Internet
ISIS Fast Reroute Convergence
Sub-second service restoration is a key requirement for MPLS and native IP-based network
service providers. There are many ways to achieve fast reroute with sub optimal next-hop
to reach destination like loop-free alternate and remote loop-free alternate. In these
cases, IGP will download primary and backup next-hop beforehand in FIB. Packet
forwarding engine (PFE) performs local repair when a primary next-hop loses its
reachability to a given destination. Since PFE already has alternative path to reach
destination, sub-second restoration is possible. If destination is reachable via equal cost
multi path (ECMP) then only primary path is downloaded to forwarding information base
(FIB). If few ECMP links go down than the required bandwidth for a destination, fast
reroute convergence is not possible.
To resolve this, the best ECMP links are grouped as unilist of primary next-hops to reach
destination and the sub-optimal ECMP links are grouped as unilist of backup next-hops
to reach the destination. If bandwidth of the primary next-hops falls below the desired
bandwidth, PFE does a local repair and switches traffic to backup unilist next-hops. This
is yet another backup, where the backup path is computed and installed in FIB for ECMP
paths. Here, a set of best ECMP links are grouped as primary next-hops to reach
destination and a set of sub-optimal ECMP links are grouped as backup next-hops to
reach destination. If bandwidth of the primary next-hops falls below desired bandwidth
due to link failure on primary group, PFE should perform local repair and switch the traffic
to backup next-hops.

IS-IS Feature Guide
In the following topology, R1 has three ECMP links to D1 via R2. R1 also has three
sub-optimal ECMP links to D1 via R3 and R2. All ECMP links L1, L2 and L3 can be placed
under one group; a primary group and also group sub-optimal ECMP links L3, L4 and L5
under another group; a backup group.
Figure 2: Topology
IS-IS calculates the shortest path using shortest-path-first (SPF) algorithm and
downloads primary next-hops with appropriate weight in FIB. IS-IS also calculates backup
next-hops and downloads them to FIB with appropriate weight.
Backup next-hops weight will always be greater than primary next-hops. If a link from
primary group goes down, PFE performs a local repair and modifies the weight of the
next-hops. PFE forwards traffic to the destination with least weight next-hops to achieve
sub-millisecond convergence. IS-IS runs SPF and comes up with a set of primary and
backup next-hops. IS-IS then updates the FIB with the updated next hops. PFE resumes
traffic forwarding on new next-hops without any traffic loss.
Related • link-group-protection (Protocols IS-IS) on page 514

Documentation

PART 2
Configuring IS-IS
• Configuring a Basic IS-IS Network on page 13
• Configuring IS-IS Authentication and Checksums on page 33
• Configuring IS-IS Routing Policy and Route Redistribution on page 45
• Configuring IS-IS Bidirectional Forwarding Detection on page 127
• Configuring IS-IS Flood Groups on page 147
• Configuring IS-IS Multitopology Routing and IPv6 Support on page 153
• Configuring IS-IS Link and Node Link Protection on page 189
• Configuring IS-IS Traffic Engineering on page 245
• Configuring IS-IS Scaling and Throttling on page 359
• Configuring IS-IS CLNS on page 379
• Configuring IS-IS on Logical Systems on page 383

IS-IS Feature Guide

CHAPTER 2
Configuring a Basic IS-IS Network
• Understanding IS-IS Configuration on page 13

• Understanding IS-IS Areas to Divide an Autonomous System into Smaller
Groups on page 20
• Example: Configuring a Multi-Level IS-IS Topology to Control Interarea
Flooding on page 21
• Understanding IS-IS Designated Routers on page 29
• Configuring Designated Router Election Priority for IS-IS on page 30
• Configuring an ISO System Identifier for the Router on page 31
• Understanding Default Routes on page 31
Understanding IS-IS Configuration
To configure IS-IS, you must enable IS-IS on the interfaces and configure a NET address
on one of the device interfaces (preferably, the lo0 interface) by setting family iso address
net-address on the interface. To create the NET address (also known as the system ID
or the NSAP address), you can use the convention that is dictated by your network design,
or you can follow this convention:
1. Take the router ID, remove the dots (.), and insert leading zeroes where necessary so
that the string is 12 characters long.
For example, if the router ID is 192.168.0.4, the 12-character string would be

192168000004. If the router ID is 10.12.23.1, the 12-character string would be
010012023001.
2. Add a dot after every 4th character.
The strings would become 1921.6800.0004 and 0100.1202.3001.
3. Prepend the area number.
If the routing devices are in area 47, the strings would become 47.1921.6800.0004
and 47.0100.1202.3001.
4. Append the selector (00).
The strings would become 47.1921.6800.0004.00 and 47.0100.1202.3001.00.

IS-IS Feature Guide
You must configure the ISO family on all interfaces that are supporting the IS-IS protocol
by setting family iso on the interface. This means that IS-IS related frames are not
discarded by the routing devices.
You must enable IS-IS to run on the interfaces by setting interface interface-name in the
protocol configuration. This means that the interfaces are advertised into IS-IS.
Unlike OSPF, when you enable IS-IS on the lo0 interface, you do not need to explicitly
set passive mode. Passive mode means that the interface is advertised into the link-state
protocol, but the interface does not send or receive protocol control packets, such as
IS-IS hello and link-state PDUs. In IS-IS, the lo0 interface is always passive.
When you enable IS-IS on an interface, both levels (Level 1 and Level 2) are enabled by
default. To specify that an interface is on a Level 1 link, disable Level 2. To specify that
an interface is on a Level 2 link, disable Level 1. You can disable a level on the entire device
or per-interface. If two routing devices, R1 and R2, are both in the same IS-IS area, they
communicate at Level 1 if one or both devices have Level 2 disabled.
For security devices only, you must enable IS-IS by setting mode packet-based at the
[edit security forwarding-options family iso] hierarchy level.
Related • Example: Configuring IS-IS on page 14

Documentation
• Example: Configuring a Multi-Level IS-IS Topology to Control Interarea Flooding on
page 21
• Understanding IS-IS Areas to Divide an Autonomous System into Smaller Groups on

page 20
Example: Configuring IS-IS
This example shows how to configure IS-IS.
• Requirements on page 14
• Overview on page 14
• Configuration on page 15
• Verification on page 17
Requirements
No special configuration beyond device initialization is required before configuring this
example.
Overview
In this example, you configure the two IS-IS routing devices in a single area. The devices
have NET addresses 49.0002.0192.0168.0001.00 and 49.0002.0192.0168.0002.00 on
the lo0 interfaces. Additionally, you configure the ISO family on the IS-IS interfaces.
For Junos OS security devices only, you configure the mode packet-based statement at
the [edit security forwarding-options family iso] hierarchy level.

Chapter 2: Configuring a Basic IS-IS Network
Figure 3 on page 15 shows the topology used in this example.
Figure 3: Simple IS-IS Topology

10.0.0.0/30
.1 .2
R1 R2
lo0:192.168.0.1 lo0:192.168.0.2
g041282
“CLI Quick Configuration” on page 15 shows the configuration for both of the devices in
Figure 3 on page 15. The section “Step-by-Step Procedure” on page 15 describes the
steps on Device R1.
Configuration
CLI Quick To quickly configure this example, copy the following commands, paste them into a text
Configuration file, remove any line breaks, change any details necessary to match your network
configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy
level.
Device R1 set security forwarding-options family iso mode packet-based

set interfaces ge-1/2/0 unit 0 description to-R2
set interfaces ge-1/2/0 unit 0 family inet address 10.0.0.1/30
set interfaces ge-1/2/0 unit 0 family iso
set interfaces lo0 unit 0 family inet address 192.168.0.1/32
set interfaces lo0 unit 0 family iso address 49.0002.0192.0168.0001.00
set protocols isis interface ge-1/2/0.0
set protocols isis interface lo0.0
Device R2 set security forwarding-options family iso mode packet-based

set interfaces ge-1/2/0 unit 0 description to-R1
Step-by-Step The following example requires you to navigate various levels in the configuration
Procedure hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration
Mode in the CLI User Guide.
To configure IS-IS:
1. Enable IS-IS if your router is in secure context.
[edit security forwarding-options family iso]

user@R1# set mode packet-based

IS-IS Feature Guide
2. Create the interface that connects to Device R2, and configure the ISO family on
the interface.
[edit interfaces ge-1/2/0 unit 0]

user@R1# set description to-R2
user@R1# set family inet address 10.0.0.1/30
user@R1# set family iso
3. Create the loopback interface, set the IP address, and set the NET address.
[edit interfaces lo0 unit 0]

user@R1# set family iso address 49.0002.0192.0168.0001.00
4. Enable IS-IS on the interfaces.
[edit protocols isis]

user@R1# set interface ge-1/2/0.0
user@R1# set interface lo0.0
Results From configuration mode, confirm your configuration by entering the show interfaces,
show protocols, and show security commands. If the output does not display the intended
configuration, repeat the instructions in this example to correct the configuration.
user@R1# show security

forwarding-options {
family iso {
mode packet-based;
}
}
user@R1# show interfaces

ge-1/2/0 {
unit 0 {
description to-R2;
family inet {
address 10.0.0.1/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.1/32;
}
family iso {
address 49.0002.0192.0168.0001.00;
}

}
}
user@R1# show protocols

isis {
interface ge-1/2/0.0;
interface lo0.0;
}
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
• Verifying IS-IS Interface Configuration on page 17

• Verifying IS-IS Interface Configuration in Detail on page 17
• Verifying IS-IS Adjacencies on page 18
• Verifying IS-IS Adjacencies in Detail on page 19
Verifying IS-IS Interface Configuration
Purpose Verify the status of the IS-IS-enabled interfaces.
Action From operational mode, enter the show isis interface brief command.
user@R1> show isis interface brief
IS-IS interface database:

Interface L CirID Level 1 DR Level 2 DR L1/L2 Metric
lo0.0 3 0x1 Passive Passive 0/0
ge-1/2/0.0 3 0x1 R2.02 R2.02 10/10
Meaning Verify that the output shows the intended configuration of the interfaces on which IS-IS
is enabled.
Verifying IS-IS Interface Configuration in Detail
Purpose Verify the details of IS-IS-enabled interfaces.
Action From operational mode, enter the show isis interface detail command.
user@R1> show isis interface detail

lo0.0
Index: 75, State: 0x6, Circuit id: 0x1, Circuit type: 0
LSP interval: 100 ms, CSNP interval: disabled
Adjacency advertisement: Advertise

IS-IS Feature Guide
Level Adjacencies Priority Metric Hello (s) Hold (s) Designated Router
1 0 64 0 Passive
2 0 64 0 Passive
ge-1/2/0.0
LSP interval: 100 ms, CSNP interval: 10 s
1 1 64 10 9.000 27 R2.02 (not us)
2 1 64 10 9.000 27 R2.02 (not us)
Meaning Check the following output fields and verify that the output shows the intended
configuration of IS-IS-enabled interfaces:
• Interface—Interface configured for IS-IS.
• State—Internal implementation information.
• Circuit id—Circuit identifier.
• Circuit type—Configured level of IS-IS:
• 1—Level 1 only
• 3—Level 1 and Level 2
• link-state PDU interval—Time between IS-IS information messages.
• L or Level—Type of adjacency:
• Adjacencies—Adjacencies established on the interface.
• Priority—Priority value established on the interface.
• Metric—Metric value for the interface.
• Hello(s)—Intervals between hello PDUs.
• Hold(s)—Hold time on the interface.
Verifying IS-IS Adjacencies
Purpose Display brief information about IS-IS neighbors.
Action From operational mode, enter the show isis adjacency brief command.
user@R1> show isis adjacency brief

Interface System L State Hold (secs) SNPA

ge-1/2/0.0 R2 1 Up 6 0:5:85:8f:c8:bd
ge-1/2/0.0 R2 2 Up 6 0:5:85:8f:c8:bd
Meaning Verify the adjacent routers in the IS-IS database.
Verifying IS-IS Adjacencies in Detail
Purpose Display extensive information about IS-IS neighbors.
Action From operational mode, enter the show isis adjacency extensive command.
user@R1> show isis adjacency extensive
R2
Interface: ge-1/2/0.0, Level: 1, State: Up, Expires in 6 secs
Priority: 64, Up/Down transitions: 1, Last transition: 00:40:28 ago
Circuit type: 3, Speaks: IP, IPv6, MAC address: 0:5:85:8f:c8:bd
Topologies: Unicast
Restart capable: Yes, Adjacency advertisement: Advertise
LAN id: R2.02, IP addresses: 10.0.0.2
Transition log:
When State Event Down reason
Thu May 31 11:18:48 Up Seenself
R2
Topologies: Unicast
Transition log:
Thu May 31 11:18:48 Up Seenself
Meaning Check the following fields and verify the adjacency information about IS-IS neighbors:
• Interface—Interface through which the neighbor is reachable.
• L or Level—Configured level of IS-IS:
An exclamation point before the level number indicates that the adjacency is missing
an IP address.
• State—Status of the adjacency: Up, Down, New, One-way, Initializing, or Rejected.
• Event—Message that identifies the cause of a state.

IS-IS Feature Guide
• Down reason—Reason the adjacency is down.
• Restart capable—A neighbor is configured for graceful restart.
• Transition log—List of transitions including When, State, and Reason.

Documentation
• Example: Configuring IS-IS for GRES with Graceful Restart
• Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding IS-IS Areas to Divide an Autonomous System into Smaller Groups
In IS-IS, a single AS can be divided into smaller groups called areas.
Link-state protocols cannot scale well if a large autonomous system (AS) consists of a
single set of routing devices that all share a common database to compute the best
paths through the AS. Because the shortest-path-first (SPF) algorithm works in an
exponential fashion, the CPU demand can become too heavy when too many routing
devices share their complete routing information with each other. To alleviate this issue,
large ASs are divided into smaller parts called areas.
When ASs are split into areas, the disjointed areas must be connected to route traffic
between the areas. Reachability information at the area borders must be injected into
each other areas.
In IS-IS, routing between areas is organized hierarchically. This organization is

accomplished by configuring Level 1 and Level 2 intermediate systems. Level 1 systems
route within an area. When the destination is outside an area, Level 1 systems route
toward a Level 2 system. Level 2 intermediate systems route between areas and toward
other ASs. No IS-IS area functions strictly as a backbone.
Level 1 routers share intra-area routing information, and Level 2 routers share interarea
information about IP addresses available within each area. Uniquely, IS-IS routers can
act as both Level 1 and Level 2 routers, sharing intra-area routes with other Level 1 routers
and interarea routes with other Level 2 routers.
The propagation of link-state updates is determined by the level boundaries. All routers
within a level maintain a complete link-state database of all other routers in the same
level. Each router then uses the Dijkstra algorithm to determine the shortest path from
the local router to other routers in the link-state database.
Related • Example: Configuring a Multi-Level IS-IS Topology to Control Interarea Flooding on

Documentation page 21

Example: Configuring a Multi-Level IS-IS Topology to Control Interarea Flooding
This example shows how to configure a multi-level IS-IS topology.
Requirements
example.
Overview
Like OSPF, the IS-IS protocol supports the partitioning of a routing domain into multiple
areas with levels that control interarea flooding. The use of multiple levels improves
protocol scalability, as Level 2 (backbone) link-state PDUs are normally not flooded into
a Level 1 area.
An IS-IS Level 2 area is analogous to the OSPF backbone area (0), while a Level 1 area
operates much like an OSPF totally stubby area, in that a default route is normally used
to reach both inter-level and AS external routes.
Unlike OSPF, IS-IS area boundaries occur between routers, such that a given routing
device is always wholly contained within a particular area. Level 1 adjacencies can be
formed between routers that share a common area number, while a Level 2 adjacency
can be formed between routers that might or might not share an area number.
Figure 4: IS-IS Multi-Level Topology
S1
fe-1/2/0.42 .42
10.0.0.40/30
49.0002
fe-1/2/2.41 .41 Level 1
R3 .21 R6
.30
.17 .33
.22
Level 2 R5 .29
.26
.18 .38 .34
.25 .37
R4 R7
g041256
49.0001

IS-IS Feature Guide
“CLI Quick Configuration” on page 22 shows the configuration for all of the devices in
steps on Device R5.
This example has the following characteristics:
• Device R5 functions as a Level 1/Level 2 router to interconnect the Level 2 backbone

area 49.0001 and the Level 1 area 49.0002 containing Device R6 and Device R7.
• The system ID is based on the devices’ IPv4 lo0 addresses.
• Loss of any individual interface does not totally disrupt the IS-IS operation.
• The IPv4 lo0 addresses of all routers are reachable through IS-IS.
• The link between Device R3 and Device S1 appears in area 49.0001 as an intra-area
route. No IS-IS adjacencies can be established on this interface. This is accomplished
by configuring the passive statement on Device R3’s interface to Device S1.
• The loopback addresses of Level 2 devices do not appear in a Level 1 area.
• There is only one adjacency for each device pairing.
Configuration
level.
Device R3 set interfaces fe-1/2/0 unit 0 description to-R4

set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.17/30
set interfaces fe-1/2/0 unit 0 family iso
set interfaces fe-1/2/1 unit 0 description to-R5
set interfaces fe-1/2/2 unit 0 description to-S1
set protocols isis interface fe-1/2/0.0 level 1 disable
set protocols isis interface lo0.0 level 1 disable
set protocols isis interface fe-1/2/2.0 passive






Device S1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.42/30

IS-IS Feature Guide
To configure multi-level IS-IS:
1. Configure the network interfaces.
Enable IS-IS on the interfaces by Including the ISO address family on each interface.
[edit interfaces]
user@R5# set fe-1/2/0 unit 0 description to-R3
user@R5# set fe-1/2/0 unit 0 family inet address 10.0.0.22/30
user@R5# set fe-1/2/0 unit 0 family iso
2. Configure two loopback interface addresses.
One address is for IPv4.
The other is for the IS-IS area 49.0002 so that Device R5 can form adjacencies with
the other Level 1 devices in area 49.0002. Even though Device R5’s NET identifies
itself as belonging to the Level 1 area 49.0002, its loopback interface is not
configured as a Level 1 interface. Doing so would cause the route to Device R5’s
loopback to be injected into the Level 1 area.

3. Specify the IS-IS level on a per-interface basis.
Device R5 becomes adjacent to the other routing devices on the same level on each
link.
By default, IS-IS is enabled for IS-IS areas on all interfaces on which the ISO protocol
family is enabled (at the [edit interfaces interface-name unit logical-unit-number]
hierarchy level). To disable IS-IS at any particular level on an interface, include the
disable statement.
Device R5’s loopback interface is configured to run Level 2 only. If Level 1 operation
were enabled on lo0.0, Device R5 would include its loopback address in its Level 1

link-state PDU, which is incorrect for this example in which the loopback addresses
of Level 2 devices must not appear in a Level 1 area.
Unlike OSPF, you must explicitly list the router’s lo0 interface at the [edit protocols
isis] hierarchy level, because this interface is the source of the router’s NET, and
therefore must be configured as an IS-IS interface. In IS-IS, the lo0 interface operates
in the passive mode by default, which is ideal because adjacency formation can
never occur on a virtual interface.

user@R5# set interface fe-1/2/0.0 level 1 disable
user@R5# set interface lo0.0 level 1 disable
Results From configuration mode, confirm your configuration by entering the show interfaces and
show protocols commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.

fe-1/2/0 {
unit 0{
description to-R3;
family inet {
address 10.0.0.22/30;
}
family iso;
}
}
fe-1/2/1 {
unit 0 {
description to-R4;
family inet {
address 10.0.0.26/30;
}
family iso;
}
}
fe-1/2/2 {
unit 0 {
description to-R6;
family inet {
address 10.0.0.29/30;
}
family iso;
}
}
fe-1/2/3 {
unit 0 {
description to-R7;
family inet {

IS-IS Feature Guide
address 10.0.0.38/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.5/32;
}
family iso {
address 49.0002.0192.0168.0005.00;
}
}
}

isis {
interface fe-1/2/0.0 {
level 1 disable;
}
level 1 disable;
}
level 2 disable;
}
level 2 disable;
}
interface lo0.0 {
level 1 disable;
}
}
Verification
• Checking Interface-to-Area Associations on page 26

• Examining the IS-IS Database on page 28
Checking Interface-to-Area Associations
Purpose Make sure that the interface-to-area associations are configured as expected.
Action From operational mode, enter the show isis interface command.
user@R5> show isis interface


lo0.0 3 0x1 Disabled Passive 0/0
fe-1/2/0.0 2 0x3 Disabled R5.03 10/10
fe-1/2/1.0 2 0x2 Disabled R5.02 10/10
fe-1/2/0.0 1 0x1 R6.02 Disabled 10/10
fe-1/2/3.0 1 0x4 R5.04 Disabled 10/10
Meaning The output shows that Device R5’s interfaces have been correctly configured with the
ISO family, and that the interfaces have been placed into the correct levels.
You can also see that Device R5 has elected itself as the designated intermediate system
(DIS) on its broadcast-capable IS-IS interfaces.
Purpose Verify that the expected adjacencies have formed between Device R5 and its IS-IS
neighbors.
Action From operational mode, enter the show isis adjacency detail command.
user@R5> show isis adjacency detail
R3
Interface: fe-1/2/0.0, Level: 2, State: Up, Expires in 25 secs
Circuit type: 2, Speaks: IP, IPv6, MAC address: 0:5:85:8f:c8:bc
Topologies: Unicast
R4
Topologies: Unicast
R6
Topologies: Unicast
R7
Topologies: Unicast

IS-IS Feature Guide
Meaning These results confirm that Device R5 has two Level 2 adjacencies and two Level 1
adjacencies.
Examining the IS-IS Database
Purpose Because Device R5 is a Level 1/Level 2 (L1/L2) attached router, examine the Level 1
link-state database associated with area 49.0002 to confirm that loopback addresses
from backbone routers are not being advertised into the Level 1 area.
Action From operational mode, enter the show isis database detail command.
user@R5> show isis database detail
IS-IS level 1 link-state database:
R5.00-00 Sequence: 0x19, Checksum: 0x7488, Lifetime: 727 secs

IS neighbor: R5.04 Metric: 10
IP prefix: 10.0.0.28/30 Metric: 10 Internal Up

R6.00-00 Sequence: 0x17, Checksum: 0xa65, Lifetime: 774 secs

R6.02-00 Sequence: 0x13, Checksum: 0xd1c0, Lifetime: 908 secs

R7.00-00 Sequence: 0x17, Checksum: 0xe39, Lifetime: 775 secs

R7.02-00 Sequence: 0x13, Checksum: 0x404d, Lifetime: 966 secs

R3.00-00 Sequence: 0x17, Checksum: 0x5f84, Lifetime: 1085 secs


R4.00-00 Sequence: 0x17, Checksum: 0xab3a, Lifetime: 949 secs

R4.02-00 Sequence: 0x14, Checksum: 0xf2a8, Lifetime: 1022 secs

R5.00-00 Sequence: 0x1f, Checksum: 0x20d7, Lifetime: 821 secs



Meaning This display indicates that Device R5’s loopback interface is correctly configured to run
Level 2 only. Had Level 1 operation been enabled on lo0.0, Device R5 would have then
included its loopback address in its Level 1 link-state PDU.
You can also see that Device R5 has Level 2 link-state PDUs, received from its adjacent
neighbors.
Like an OSPF totally stubby area, no backbone (Level 2) or external prefixes are leaked
into a Level 1 area, by default. Level 1 prefixes are leaked up into the IS-IS backbone,
however, as can be seen in Device R5’s Level 2 link-state PDU.
Related • Understanding IS-IS Areas to Divide an Autonomous System into Smaller Groups on
Understanding IS-IS Designated Routers
A router advertises its priority to become a designated router in its hello packets. On all
multiaccess networks (physical networks that support the attachment of more than two
routers, such as Ethernet networks), IS-IS uses the advertised priorities to elect a

IS-IS Feature Guide
designated router for the network. This router is responsible for sending network link-state
advertisements, which describe all the routers attached to the network. These
advertisements are flooded throughout a single area. The priority value is meaningful
only on a multiaccess network. It has no meaning on a point-to-point interface.
A router’s priority for becoming the designated router is indicated by an arbitrary number
from 0 through 127, which you configure on the IS-IS interface. The router with the highest
priority becomes the designated router for the area (Level 1, Level 2, or both), also
configured on the IS-IS interface. If routers in the network have the same priority, then
the router with the highest MAC address is elected as the designated router. By default,
routers have a priority value of 64.
Related • Junos OS Feature Support Reference for SRX Series and J Series Devices
Documentation
Configuring Designated Router Election Priority for IS-IS
This example shows how to configure the designated router election priority for IS-IS.
Before you begin:
• Configure network interfaces. See the Junos OS Interfaces Configuration Guide for
Security Devices.
• Enable IS-IS on the interfaces. See “Example: Configuring IS-IS” on page 14.
In this example, you configure the priority for logical interface ge-0/0/1.0 to be 100 and
the level number to be 1. If this interface has the highest priority value, the router becomes
the designated router for the Level 1 area.
To configure a designated router election priority for IS-IS:
[edit]
user@host# set protocols isis interface ge-0/0/1.0 level 1 priority 100
Related • Understanding IS-IS Designated Routers on page 29

Documentation

Configuring an ISO System Identifier for the Router
For IS-IS to operate on the router, you can optionally configure a system identifier (system
ID). The system identifier is commonly the media access control (MAC) address or the
IP address expressed in binary-coded decimal (BCD).
If you do not statically map the hostname, the mapping is generated dynamically, based
on the system host-name. If you omit the static-host-mapping hostname sysid statement,
the IS-IS system ID is dynamically generated from the host portion of the ISO address
configured on the loopback interface (lo0) and is mapped to the host-name statement
configured at the [edit system] hierarchy level. Run the show isis hostname command to
view the mappings.
To configure an International Organization for Standardization (ISO) system ID, include

the sysid statement at the [edit system static-host-mapping hostname] hierarchy level:
[edit system]
static-host-mapping {
hostname {
sysid system-identifier;
}
}
hostname is the name specified by the host-name statement at the [edit system] hierarchy
level.
system-identifier is the ISO system identifier. It is the 6-byte system ID portion of the IS-IS
network service access point (NSAP). We recommend that you use the host’s IP address
represented in BCD format. For example, the IP address 192.168.1.77 is 1921.6800.1077 in
BCD.
Related • Example: Configuring the Unique Identity of a Router for Making it Accessible on the
Documentation Network
Understanding Default Routes
A default route is the route that takes effect when no other route is available for an IP
destination address.
If a packet is received on a routing device, the device first checks to see if the IP destination
address is on one of the device’s local subnets. If the destination address is not local, the
device checks its routing table. If the remote destination subnet is not listed in the routing
table, the packet is forwarded to the next hop toward the destination using the default
route. The default route generally has a next-hop address of another routing device,
which performs the same process. The process repeats until a packet is delivered to the
destination.

IS-IS Feature Guide
The route evaluation process in each router uses the longest prefix match method to
obtain the most specific route. The network with the longest subnet mask that matches
the destination IP address is the next-hop network gateway.
The default route in IPv4 is designated as 0.0.0.0/0 or simply 0/0. Similarly, in IPv6, the
default route is specified as ::/0. The subnet mask /0 specifies all networks, and is the
shortest match possible. A route lookup that does not match any other route uses this
route if it is configured and active in the routing table. To be active, the configured next-hop
address must be reachable.
Administrators generally point the default route toward the routing device that has a
connection to a network service provider. Therefore, packets with destinations outside
the organization's local area network, typically destinations on the Internet or a wide
area network, are forwarded to the routing device with the connection to that provider.
The device to which the default route points is often called the default gateway.
Related • Example: Configuring an IS-IS Default Route Policy on Logical Systems on page 395
Documentation
• Example: Configuring an OSPF Default Route Policy on Logical Systems
• Example: Configuring a Conditional Default Route Policy

CHAPTER 3
Configuring IS-IS Authentication and

Checksums
• Configuring IS-IS Authentication on page 33

• Configuring IS-IS Authentication Without Network-Wide Deployment on page 35
• Understanding Hitless Authentication Key Rollover for IS-IS on page 35
• Example: Configuring Hitless Authentication Key Rollover for IS-IS on page 36
• Understanding Checksums on IS-IS Interfaces for Error Checking on page 41
• Example: Enabling Packet Checksums on IS-IS Interfaces for Error Checking on page 42
Configuring IS-IS Authentication
All IS-IS protocol exchanges can be authenticated to guarantee that only trusted routing
devices participate in the autonomous system (AS) routing. By default, IS-IS
authentication is disabled on the routing device.
To configure IS-IS authentication, you must define an authentication password and

specify the authentication type.
You can configure one of the following authentication methods:
• Simple authentication—Uses a text password that is included in the transmitted packet.

The receiving routing device uses an authentication key (password) to verify the packet.
Simple authentication is included for compatibility with existing IS-IS implementations.
However, we recommend that you do not use this authentication method because it
is insecure (the text can be “sniffed”).
CAUTION: A simple password that exceeds 254 characters is truncated.
• HMAC-MD5 authentication—Uses an iterated cryptographic hash function. The receiving

routing device uses an authentication key (password) to verify the packet.
You can also configure more fine-grained interface-level authentication for hello packets.
To enable authentication and specify an authentication method, include the

authentication-type statement, specifying the simple or md5 authentication type:

IS-IS Feature Guide
authentication-type authentication;
For a list of hierarchy levels at which you can include this statement, see the statement
summary section for this statement.
To configure a password, include the authentication-key statement. The authentication

password for all routing devices in a domain must be the same.
authentication-key key;
To configure hitless authentication key rollover, include the authentication-key-chain

(Protocols IS-IS) statement.
The password can contain up to 255 characters. If you include spaces, enclose all
characters in quotation marks (“ ”).
If you are using the Junos OS IS-IS software with another implementation of IS-IS, the
other implementation must be configured to use the same password for the domain, the
area, and all interfaces that are shared with a Junos OS implementation.
Authentication of hello packets, partial sequence number PDU (PSNP), and complete
sequence number PDU (CSNP) can be suppressed to enable interoperability with the
routing software of different vendors. Different vendors handle authentication in various
ways, and suppressing authentication for different PDU types might be the simplest way
to allow compatibility within the same network.
To configure IS-IS to generate authenticated packets, but not to check the authentication
on received packets, include the no-authentication-check statement:
no-authentication-check;
To suppress authentication of IS-IS hello packets, include the no-hello-authentication

statement:
no-hello-authentication;
To suppress authentication of PSNPs, include the no-psnp-authentication statement:
no-psnp-authentication;
To suppress authentication of CSNPs, include the no-csnp-authentication statement:
no-csnp-authentication;
For a list of hierarchy levels at which you can include these statements, see the statement
summary sections for these statements.

Chapter 3: Configuring IS-IS Authentication and Checksums
NOTE: The authentication and the no-authentication statements must be

configured at the same hierarchy level. Configuring authentication at the [edit
protocols isis interface interface-name] hierarchy level and configuring
no-authentication at the [edit protocols isis] hierarchy level has no effect.
Related • Configuring IS-IS Authentication Without Network-Wide Deployment on page 35

Documentation
Configuring IS-IS Authentication Without Network-Wide Deployment
To allow the use of authentication without requiring network-wide deployment, include

the loose-authentication-check statement:
loose-authentication-check;
Related • Understanding Hitless Authentication Key Rollover for IS-IS on page 35

Documentation
Understanding Hitless Authentication Key Rollover for IS-IS
IS-IS protocol exchanges can be authenticated to guarantee that only trusted routing
devices participate in routing. By default, authentication is disabled. The authentication
algorithm creates an encoded checksum that is included in the transmitted packet. The
receiving routing device uses an authentication key (password) to verify the packet’s
checksum.
If you configure authentication for all peers, each peer in that group inherits the group’s
authentication.
You can update authentication keys without resetting any IS-IS neighbor sessions. This
is referred to as hitless authentication key rollover.
Hitless authentication key rollover uses authentication keychains, which consist of the
authentication keys that are being updated. The keychain includes multiple keys. Each
key in the keychain has a unique start time. At the next key’s start time, a rollover occurs
from the current key to the next key, and the next key becomes the current key.
You can choose the algorithm through which authentication is established. You can
configure MD5 or SHA-1 authentication. You associate a keychain and the authentication
algorithm with an IS-IS neighboring session. Each key contains an identifier and a secret
password.

IS-IS Feature Guide
The sending peer chooses the active key based on the system time and the start times
of the keys in the keychain. The receiving peer determines the key with which it
authenticates based on the incoming key identifier.
You can configure either RFC 5304-based encoding or RFC 5310-based encoding for the
IS-IS protocol transmission encoding format.
Related • Example: Configuring Hitless Authentication Key Rollover for IS-IS on page 36
Documentation
Example: Configuring Hitless Authentication Key Rollover for IS-IS
This example shows how to configure hitless authentication key rollover for IS-IS.
Requirements
No special configuration beyond device initialization is required before configuring hitless
authentication key rollover for IS-IS.
Overview
Authentication guarantees that only trusted routers participate in routing updates. This
keychain authentication method is referred to as hitless because the keys roll over from
one to the next without resetting any peering sessions or interrupting the routing protocol.
Junos OS supports both RFC 5304, IS-IS Cryptographic Authentication and RFC 5310,
IS-IS Generic Cryptographic Authentication.
This example includes the following statements for configuring the keychain:
• algorithm—For each key in the keychain, you can specify an encryption algorithm. The
algorithm can be SHA-1 or MD-5.
• key—A keychain can have multiple keys. Each key within a keychain must be identified
by a unique integer value. The range of valid identifier values is from 0 through 63.
• key-chain—For each keychain, you must specify a name. This example defines two
keychains: base-key-global and base-key-inter.
• options—For each key in the keychain, you can specify the encoding for the message
authentication code:isis-enhanced or basic. The basic (RFC 5304) operation is enabled
by default.
When you configure the isis-enhanced option, Junos OS sends RFC 5310-encoded
routing protocol packets and accepts both RFC 5304-encoded and RFC 5310-encoded
routing protocol packets that are received from other devices.
When you configure basic (or do not include the options statement in the key
configuration) Junos OS sends and receives RFC 5304-encoded routing protocols

packets, and drops 5310-encoded routing protocol packets that are received from
other devices.
Because this setting is for IS-IS only, the TCP and the BFD protocols ignore the encoding
option configured in the key.
• secret—For each key in the keychain, you must set a secret password. This password
can be entered in either encrypted or plain text format in the secret statement. It is
always displayed in encrypted format.
• start-time—Each key must specify a start time in UTC format. Control gets passed
from one key to the next. When a configured start time arrives (based on the routing
device’s clock), the key with that start time becomes active. Start times are specified
in the local time zone for a routing device and must be unique within the key chain.
You can apply a keychain globally to all interfaces or more granularly to specific interfaces.
This example includes the following statements for applying the keychain to all interfaces
or to particular interfaces:
• authentication-key-chain—Enables you to apply a keychain at the global IS-IS level for

all Level 1 or all Level 2 interfaces.
• hello-authentication-key-chain—Enables you to apply a keychain at the individual IS-IS

interface level. The interface configuration overrides the global configuration.
Figure 5 on page 37 shows the topology used in the example.
Figure 5: Hitless Authentication Key Rollover for IS-IS

{ ISIS Level 1 } { ISIS Level 2 }
B
R1 FE/GE/XE R0 FE/GE/XE R2
A A C A B
SONET
FE/GE/XE R3
g040568
This example shows the configuration for Router R0.
Configuration
CLI Quick To quickly configure the hitless authentication key rollover for IS-IS, copy the following
Configuration commands and paste the commands into the CLI.
[edit]
set interfaces ge-0/0/0 unit 0 description "interface A"
set interfaces ge-0/0/0 unit 0 family inet6 address fe80::200:f8ff:fe21:67cf/128
set interfaces ge-0/0/1 unit 0 description "interface B"

IS-IS Feature Guide

set interfaces ge-0/0/1 unit 0 family inet6 address 10FB::C:ABC:1F0C:44DA/128
set interfaces ge-0/0/2 unit 0 description "interface C"
set interfaces ge-0/0/2 unit 0 family inet6 address ff06::c3/128
set security authentication-key-chains key-chain base-key-global key 63 secret "$ABC123"
set security authentication-key-chains key-chain base-key-global key 63 start-time
"2011-8-6.06:54:00-0700"
set security authentication-key-chains key-chain base-key-global key 63 algorithm
hmac-sha-1
set security authentication-key-chains key-chain base-key-global key 63 options
isis-enhanced
set security authentication-key-chains key-chain base-key-inter key 0 secret "$ABC123"
set security authentication-key-chains key-chain base-key-inter key 0 start-time
"2011-8-6.06:54:00-0700"
set security authentication-key-chains key-chain base-key-inter key 0 algorithm md5
set security authentication-key-chains key-chain base-key-inter key 0 options basic
set protocols isis level 1 authentication-key-chain base-key-global
set protocols isis interface ge-0/0/0.0 level 1 hello-authentication-key-chain
base-key-inter
Step-by-Step To configure hitless authentication key rollover for IS-IS:

Procedure
1. Configure the Router R0 interfaces.
[edit]
user@host# edit interfaces ge-0/0/0 unit 0
user@host# set description "interface A"
user@host# set family inet address 10.0.0.1/30
user@host# set family iso
user@host# set family inet6 address fe80::200:f8ff:fe21:67cf/128
user@host# exit
[edit]
user@host# set interfaces ge-0/0/1 unit 0 description "interface B"
user@host# set interfaces ge-0/0/1 unit 0 family inet address 10.0.0.5/30
user@host# set interfaces ge-0/0/1 unit 0 family iso
user@host# set interfaces ge-0/0/1 unit 0 family inet6 address
10FB::C:ABC:1F0C:44DA/128
user@host# exit
[edit]
user@host# set description "interface C"
user@host# set family inet address 10.0.0.9/30
user@host# set interfaces ge-0/0/2 unit 0 family iso
user@host# set interfaces ge-0/0/2 unit 0 family inet6 address ff06::c3/128
user@host# exit

2. Configure one or more authentication keys.
[edit]
user@host# edit security authentication-key-chains key-chain base-key-global
[edit security authentication-key-chains key-chain base-key-global]
user@host# set key 63 secret "$ABC123"
user@host# set key 63 start-time "2011-8-6.06:54:00-0700"
user@host# set key 63 algorithm hmac-sha-1
user@host# set key 63 options isis-enhanced
user@host# exit
[edit]
user@host# edit security authentication-key-chains key-chain base-key-inter
[edit security authentication-key-chains key-chain base-key-inter]
user@host# set key 0 secret "$ABC123"
user@host# set key 0 start-time "2011-8-6.06:54:00-0700"
user@host# set key 0 algorithm md5
user@host# set key 0 options basic
user@host# exit
3. Apply the base-key-global keychain to all Level 1 IS-IS interfaces on Router R0.
[edit]
user@host# edit protocols isis level 1
[edit protocols isis level 1]
set authentication-key-chain base-key-global
user@host# exit
4. Apply the base-key-inter keychain to the ge-0/0/0.0 interface on Router R0.
[edit]
user@host# edit protocols isis interface ge-0/0/0.0 level 1
[edit protocols isis interface ge-0/0/0.0 level 1]
set hello-authentication-key-chain base-key-inter
user@host# exit
5. If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Results
Confirm your configuration by entering the show interfaces, show protocols, and show
security commands.
user@host# show interfaces

ge-0/0/0 {
unit 0 {

IS-IS Feature Guide
description "interface A";

family inet {
address 10.0.0.1/30;
}
family iso;
family inet6 {
address fe80::200:f8ff:fe21:67cf/128;
}
}
}
ge-0/0/1 {
unit 0 {
description "interface B";
family inet {
address 10.0.0.5/30;
}
family iso;
family inet6 {
address 10FB::C:ABC:1F0C:44DA/128;
}
}
}
ge-0/0/2 {
unit 0 {
description "interface C";
family inet {
address 10.0.0.9/30;
}
family iso;
family inet6 {
address ff06::c3/128;
}
}
}
user@host# show protocols

isis {
level 1 authentication-key-chain base-key-global;
interface ge-0/0/0.0 {
level 1 hello-authentication-key-chain base-key-inter;
}
}
user@host# show security

authentication-key-chains {
key-chain base-key-global {
key 63 {
secret "ABC123”;
start-time "2011-8-6.06:54:00-0700";
algorithm hmac-sha-1;
options isis-enhanced;
}
}
key-chain base-key-inter {

key 0 {
secret "$ABC123”;
start-time "2011-8-6.06:54:00-0700";
algorithm md5;
options basic;
}
}
}
Verification
To verify the configuration, run the following commands:
• show isis authentication
• show security keychain

Documentation
Understanding Checksums on IS-IS Interfaces for Error Checking
The checksum enables IS-IS to check at the receiver if the IS-IS protocol frames have
become corrupted while traversing the network.
Sometimes corrupt IS-IS protocol frames can go undetected. If routing control traffic
becomes corrupted, it is likely that user payload traffic might be corrupted, too. This can
lead to unacceptable throughput. To prevent corrupt frames from going undetected, we
recommend enabling checksumming on the IS-IS interfaces.
To review, IS-IS hello (IIH) PDUs establish adjacencies with other routing devices. A
partial sequence number PDU (PSNP) is used by an IS-IS router to request link-state
PDU information from a neighboring router. The complete sequence number PDU (CSNP)
lists all the link-state PDUs in the link-state database.
The original specification for IS-IS does not provide checksums for IIHs, CSNPs, and
PSNPs.
RFC 3358, Optional Checksums in Intermediate System to Intermediate System (ISIS)

introduced an optional type, length, and value (TLV) tuple that provides checksums for
IIHs, PSNPs, and CSNPs.
Junos OS supports the checksumming TLV on a per-interface basis.
Related • Example: Enabling Packet Checksums on IS-IS Interfaces for Error Checking on page 42
Documentation

IS-IS Feature Guide
Example: Enabling Packet Checksums on IS-IS Interfaces for Error Checking
This example shows how to enable packet checksums for IS-IS interfaces.
Requirements
Before you begin, configure IS-IS on both routers. See “Example: Configuring IS-IS” on
page 14 for information about the sample IS-IS configuration.
Overview
Junos OS supports IS-IS checksums as documented in RFC 3358, Optional Checksums
in Intermediate System to Intermediate System (ISIS).
IS-IS protocol data units (PDUs) include link-state PDUs, complete sequence number
PDUs (CSNPs), partial sequence number PDUs (PSNPs), and IS-IS hello (IIH) packets.
These PDUs can be corrupt due to faulty implementations of Layer 2 hardware or lack
of checksums on a specific network technology. Corruption of length or type, length, and
value (TLV) fields can lead to the generation of extensive numbers of empty link-state
PDUs in the receiving node. Because authentication is not a replacement for a checksum
mechanism, you might want to enable the optional checksum TLV on your IS-IS interfaces.
The checksum cannot be enabled with MD5 hello authentication on the same interface.
Figure 6: IS-IS Checksum Topology

10.0.0.0/30
.1 .2
R1 R2
lo0:192.168.0.1 lo0:192.168.0.2
g041282
This example describes the steps on Device R1.
Configuration
level.
Device R1 set protocols isis traceoptions file isis

set protocols isis traceoptions flag all

set protocols isis interface fe-1/2/0.1 checksum
To configure IS-IS checksums:
1. Enable checksums.
[edit protocols isis interface fe-1/2/0.1]

user@R1# set checksum
2. (Optional) Enable tracing for tracking checksum operations.
[edit protocols isis traceoptions]

user@R1# set file isis
user@R1# set flag all
Results From configuration mode, confirm your configuration by entering the show protocols
commands. If the output does not display the intended configuration, repeat the
instructions in this example to correct the configuration.

isis {
traceoptions {
file isis;
flag all;
}
checksum;
}
}
Verification
Verifying Checksums
Purpose Verify that checksums are performed.
Action From operational mode, enter the show log isis | match checksum command.
user@R1> show log isis | match checksum

IS-IS Feature Guide
May 31 16:47:39.513267 sequence 0x49 checksum 0x8e64

May 31 16:47:39.513394 sequence 0x4e checksum 0x34b3
May 31 16:47:39.513517 sequence 0x50 checksum 0x9dcb
May 31 16:47:46.563781 sequence 0x45 checksum 0x7e1a
May 31 16:47:46.563970 sequence 0x46 checksum 0x226d
May 31 16:47:46.564104 sequence 0x52 checksum 0x99cd
May 31 16:47:55.799090 sequence 0x45 checksum 0x7e1a
May 31 16:47:55.799223 sequence 0x46 checksum 0x226d
May 31 16:47:55.799347 sequence 0x52 checksum 0x99cd
Meaning The output shows that checksum information is captured in the IS-IS trace log file.
Related • Understanding Checksums on IS-IS Interfaces for Error Checking on page 41

Documentation

CHAPTER 4
Configuring IS-IS Routing Policy and Route

Redistribution
• Understanding Routing Policies on page 45

• Understanding Backup Selection Policy for IS-IS Protocol on page 48
• Example: Configuring Backup Selection Policy for IS-IS Protocol on page 50
• Configuring Backup Selection Policy for the IS-IS Protocol on page 81
• Example: Redistributing OSPF Routes into IS-IS on page 87
• Example: Configuring IS-IS Route Leaking from a Level 2 Area to a Level 1
Area on page 96
• Understanding BGP Communities, Extended Communities, and Large Communities
as Routing Policy Match Conditions on page 103
• Example: Configuring a Routing Policy to Redistribute BGP Routes with a Specific
Community Tag into IS-IS on page 104
• IS-IS Extensions to Support Route Tagging on page 114
• Example: Configuring a Routing Policy to Prioritize IS-IS Routes on page 115
• Configuring Overloading of Stub Networks on page 125
Understanding Routing Policies
For some routing platform vendors, the flow of routes occurs between various protocols.
If, for example, you want to configure redistribution from RIP to OSPF, the RIP process
tells the OSPF process that it has routes that might be included for redistribution. In Junos
OS, there is not much direct interaction between the routing protocols. Instead, there are
central gathering points where all protocols install their routing information. These are
the main unicast routing tables inet.0 and inet6.0.
From these tables, the routing protocols calculate the best route to each destination and
place these routes in a forwarding table. These routes are then used to forward routing
protocol traffic toward a destination, and they can be advertised to neighbors.
• Importing and Exporting Routes on page 46

• Active and Inactive Routes on page 47

IS-IS Feature Guide
• Explicitly Configured Routes on page 47

• Dynamic Database on page 48
Importing and Exporting Routes

Two terms—import and export—explain how routes move between the routing protocols
and the routing table.
• When the Routing Engine places the routes of a routing protocol into the routing table,
it is importing routes into the routing table.
• When the Routing Engine uses active routes from the routing table to send a protocol
advertisement, it is exporting routes from the routing table.
NOTE: The process of moving routes between a routing protocol and the
routing table is described always from the point of view of the routing table.
That is, routes are imported into a routing table from a routing protocol and
they are exported from a routing table to a routing protocol. Remember
this distinction when working with routing policies.
As shown in Figure 7 on page 46, you use import routing policies to control which routes
are placed in the routing table, and export routing policies to control which routes are
advertised from the routing table to neighbors.
Figure 7: Importing and Exporting Routes
Neighbors Neighbors
Import Policy 1 Export Policy 1

Routing
Table
Import Policy 2 Export Policy 2
Neighbors Neighbors
Forwarding
Table
g001706
In general, the routing protocols place all their routes in the routing table and advertise
a limited set of routes from the routing table. The general rules for handling the routing
information between the routing protocols and the routing table are known as the routing
policy framework.
The routing policy framework is composed of default rules for each routing protocol that
determine which routes the protocol places in the routing table and advertises from the
routing table. The default rules for each routing protocol are known as default routing
policies.

Chapter 4: Configuring IS-IS Routing Policy and Route Redistribution
You can create routing policies to preempt the default policies, which are always present.
A routing policy allows you to modify the routing policy framework to suit your needs.
You can create and implement your own routing policies to do the following:
• Control which routes a routing protocol places in the routing table.
• Control which active routes a routing protocol advertises from the routing table. An
active route is a route that is chosen from all routes in the routing table to reach a
destination.
• Manipulate the route characteristics as a routing protocol places the route in the routing
table or advertises the route from the routing table.
You can manipulate the route characteristics to control which route is selected as the
active route to reach a destination. The active route is placed in the forwarding table and
is used to forward traffic toward the route’s destination. In general, the active route is
also advertised to a router’s neighbors.
Active and Inactive Routes

When multiple routes for a destination exist in the routing table, the protocol selects an
active route and that route is placed in the appropriate routing table. For equal-cost
routes, the Junos OS places multiple next hops in the appropriate routing table.
When a protocol is exporting routes from the routing table, it exports active routes only.
This applies to actions specified by both default and user-defined export policies.
When evaluating routes for export, the Routing Engine uses only active routes from the
routing table. For example, if a routing table contains multiple routes to the same
destination and one route has a preferable metric, only that route is evaluated. In other
words, an export policy does not evaluate all routes; it evaluates only those routes that
a routing protocol is allowed to advertise to a neighbor.
NOTE: By default, BGP advertises active routes. However, you can configure
BGP to advertise inactive routes, which go to the same destination as other
routes but have less preferable metrics.
Explicitly Configured Routes

An explicitly configured route is a route that you have configured. Direct routes are not
explicitly configured. They are created as a result of IP addresses being configured on an
interface. Explicitly configured routes include aggregate, generated, local, and static
routes. (An aggregate route is a route that distills groups of routes with common addresses
into one route. A generated route is a route used when the routing table has no information
about how to reach a particular destination. A local route is an IP address assigned to a
router interface. A static route is an unchanging route to a destination.)
The policy framework software treats direct and explicitly configured routes as if they
are learned through routing protocols; therefore, they can be imported into the routing
table. Routes cannot be exported from the routing table to the pseudoprotocol, because
this protocol is not a real routing protocol. However, aggregate, direct, generated, and

IS-IS Feature Guide
static routes can be exported from the routing table to routing protocols, whereas local
routes cannot.
Dynamic Database
In Junos OS Release 9.5 and later, you can configure routing policies and certain routing
policy objects in a dynamic database that is not subject to the same verification required
by the standard configuration database. As a result, you can quickly commit these routing
policies and policy objects, which can be referenced and applied in the standard
configuration as needed. BGP is the only protocol to which you can apply routing policies
that reference policies configured in the dynamic database. After a routing policy based
on the dynamic database is configured and committed in the standard configuration,
you can quickly make changes to existing routing policies by modifying policy objects in
the dynamic database. Because Junos OS does not validate configuration changes to
the dynamic database, when you use this feature, you should test and verify all
configuration changes before committing them.
Related • Example: Configuring Dynamic Routing Policies

Documentation
Understanding Backup Selection Policy for IS-IS Protocol
Support for IS-IS loop-free alternate (LFA) routes essentially adds IP fast-reroute
capability for IS-IS. Junos OS precomputes multiple loop-free backup routes for all IS-IS
routes. These backup routes are pre-installed in the Packet Forwarding Engine, which
performs a local repair and implements the backup path when the link for a primary next
hop for a particular route is no longer available. The selection of LFA is done randomly
by selecting any matching LFA to progress to the given destination. This does not ensure
best backup coverage available for the network. In order to choose the best LFA, Junos
OS allows you to configure network-wide backup selection policies for each destination
(IPv4 and IPv6) and a primary next-hop interface. These policies are evaluated based
on admin-group, srlg, bandwidth, protection-type, metric, and neighbor information.
During backup shortest-path-first (SPF) computation, each node and link attribute of
the backup path is accumulated by IGP and is associated with every node (router) in the
topology. The next hop in the best backup path is selected as the backup next hop in the
routing table. In general, backup evaluation policy rules are categorized into the following
types:
• Pruning — Rules configured to select the eligible backup path.
• Ordering — Rules configured to select the best among the eligible backup paths.
The backup selection policies can be configured with both pruning and ordering rules.
While evaluating the backup policies, each backup path is assigned a score, an integer
value that signifies the total weight of the evaluated criteria. The backup path with the
highest score is selected.
To enforce LFA selection, configure various rules for the following attributes:

• admin-group– Administrative groups, also known as link coloring or resource class,

are manually assigned attributes that describe the “color” of links, such that links with
the same color conceptually belong to the same class. These configured administrative
groups are defined under protocol MPLS. You can use administrative groups to
implement a variety of backup selection policies using exclude, include-all, include-any,
or preference.
• backup-neighbor— A neighbor ID to either prefer or exclude in the backup path selection.
• node— A list of loop-back IP addresses of the adjacent nodes to either prefer or exclude
in the backup path selection. The node can be a local (adjacent router) node, remote
node, or any other router in the backup path. The nodes are identified through the
TE-router-ID TLV advertised by a node in the LSP.
• node-tag— A node tag identifies a group of nodes in the network based on criteria such
as the same neighbor tag values for all PE nodes to either prefer or exclude in the a
backup path selection. This is implemented using IS-IS admin-tags. The routers are
not identified with the explicit router-id but with an admin-tag prefix to their lo0 address
prefix. These tags are advertised as part of extended IP reachability with a /32 prefix
length that represents the TE-router _ID or node-ID of a router.
• srlg— A shared risk link group (SRLG) is a set of links sharing a common resource, which
affects all links in the set if the common resource fails. These links share the same risk
of failure and are therefore considered to belong to the same SRLG. For example, links
sharing a common fiber are said to be in the same SRLG because a fault with the fiber
might cause all links in the group to fail. An SRLG is represented by a 32-bit number
unique within an IGP (IS-IS) domain. A link might belong to multiple SRLGs. You can
define the backup selection to either allow or reject the common SRLGs between the
primary and the backup path.
• bandwidth—The bandwidth specifies the bandwidth constraints between the primary

and the backup path. The backup next-hop link can be used only if the bandwidth of
the backup next-hop interface is greater than or equal to the bandwidth of the primary
next hop.
• protection-type— The protection-type protects the destination from node failure of

the primary node or link failure of the primary link. You can configure node, link, or
node-link to protect the destination.. If link-node is configured , then the node-protecting
LFA is preferred over link-protection LFA.
• metric— Metric decides how the LFAs should be preferred. In backup selection path,
root metric and dest-metric are the two types of metrics. root-metric indicates the
metric to the one-hop neighbor or a remote router such as an RSVP backup LSP tail-end
router. The dest-metric indicates the metric from a one-hop neighbor or remote router
such as an RSVP backup LSP tail-end router to the final destination. The metric
evaluation is done either in ascending or descending order. By default, the first
preference is given to backup paths with lowest destination evaluation and then to
backup paths with lowest root metrics.
The evaluation-order allows you to control the order and criteria of evaluating these
attributes in the backup path. You can explicitly configure the evaluation order. Only the
configured attributes influence the backup path selection. The default order of evaluation

IS-IS Feature Guide
of these attributes for the LFA is [ admin-group srlg bandwidth protection-type neighbor
neighbor-tag metric ] .
Related • Example: Configuring Backup Selection Policy for IS-IS Protocol on page 50
Documentation
• backup-selection (Protocols ISIS) on page 459
Example: Configuring Backup Selection Policy for IS-IS Protocol
This example shows how to configure the backup selection policy for the IS-IS protocol.
When you enable backup selection policies, Junos OS allows selection of LFA based on
the policy rules and attributes of the links and nodes in the network. These attributes are
admin-group, srlg, bandwidth, protection-type, metric, neighbor, and neighbor-tag.
Requirements
This example uses the following hardware and software components:
• Eight routers that can be a combination of M Series Multiservice Edge Routers, MX

Series 5G Universal Routing Platforms, and T Series Core Routers
• Junos OS Release 14.1 or later running on all devices
Before you begin:
1. Configure the device interfaces.
2. Configure IS-IS.
Overview
Starting with Junos OS Release 14.1, the default loop free alternative (LFA) selection
algorithm or criteria can be overridden with an LFA policy. These policies are configured
for each destination (IPv4 and IPv6) and a primary next-hop interface . These backup
policies enforce LFA selection based on admin-group, srlg, bandwidth, protection-type,
metric, neighbor, and neighbor-tag attributes of the backup path. During backup
shortest-path-first (SPF) computation, each attribute (both node and link) of the backup
path, stored per backup next-hop, is accumulated by IGP. For the routes created internally
by IGP, the attribute set of every backup path is evaluated against the policy configured
for each destination (IPv4 and IPv6) and a primary next-hop interface. The first or the
best backup path is selected and installed as the backup next hop in the routing table.
To configure the backup selection policy, include the backup-selection configuration
statement at the [edit routing-options] hierarchy level. The show backup-selection
command displays the configured policies for a given interface and destination. The
display can be filtered against a particular destination, prefix, interface, or logical systems.

Topology
In this topology, backup selection policy is configured on Device R3.
Figure 8: Backup Selection Path
Configuration
level.
R0 set interfaces ge-4/0/1 unit 0 family inet address 100.0.1.1/24

set interfaces ge-4/0/1 unit 0 family inet6 address 2001:100:0:1::1/64
set interfaces ge-4/0/1 unit 0 family mpls

IS-IS Feature Guide

set interfaces lo0 unit 0 family inet6 address abcd::10:255:102:146/128
set interfaces lo0 unit 0 family mpls
set protocols rsvp interface all
set protocols mpls admin-groups c0 0
set protocols mpls interface all
set protocols isis interface ge-4/0/1 level 2 metric 10
set protocols isis interface all level 2 metric 10
set routing-options srlg srlg1 srlg-value 101




IS-IS Feature Guide

set protocols mpls interface ge-0/1/2 srlg srlg9
set protocols mpls interface ge-0/1/2 admin-group c1



set protocols isis interface ge-1/0/2 link-protection

IS-IS Feature Guide


set policy-options policy-statement ecmp term 1 then load-balance per-packet


set protocols isis interface ge-1/3/5 link-protection
set routing-options forwarding-table export ecmp
set routing-options backup-selection destination 0.0.0.0/0 interface all admin-group
include-all c1
include-any c2
preference c3
set routing-options backup-selection destination 0.0.0.0/0 interface all srlg loose
set routing-options backup-selection destination 0.0.0.0/0 interface all
downstream-paths-only
bandwidth-greater-equal-primary
set routing-options backup-selection destination 0.0.0.0/0 interface all neighbor
preference 10.255.102.178

IS-IS Feature Guide
set routing-options backup-selection destination 0.0.0.0/0 interface all neighbor-tag

preference 1004
set routing-options backup-selection destination 0.0.0.0/0 interface all metric-order
dest
set routing-options backup-selection destination 0.0.0.0/0 interface all evaluation-order
admin-group
srlg
bandwidth
set routing-options backup-selection destination 100.0.1.0/24 interface all srlg strict
set routing-options backup-selection destination 100.0.7.0/24 interface all srlg strict





IS-IS Feature Guide





IS-IS Feature Guide





IS-IS Feature Guide

Configuring Device R3
Step-by-Step The following example requires that you navigate various levels in the configuration
To configure Device R3:
1. Configure the interfaces.
[edit interfaces]
user@R3# set ge-1/3/5 unit 0 family inet address 100.2.3.2/24
user@R3# set ge-1/3/5 unit 0 family iso
user@R3# set ge-1/3/5 unit 0 family inet6 address 2001:100:2:3::2/64
user@R3# set ge-1/3/5 unit 0 family mpls
user@R3# set interfaces lo0 unit 0 family inet address 10.255.102.128/32
user@R3# set interfaces lo0 unit 0 family iso address 49.0001.0010.0100.1004.00
user@R3# set interfaces lo0 unit 0 family inet6 address abcd::10:255:102:128/128
user@R3# set interfaces lo0 unit 0 family mpls
2. Configure routing policy.
[edit policy-options]
user@R3#set policy-statement ecmp term 1 then load-balance per-packet

3. Enable RSVP on all the interfaces.
[edit protocols]
user@R3# set rsvp interface all
4. Configure administrative groups.
[edit protocols mpls]

user@R3# set admin-groups c0 0
5. Configure srlg values.
[edit routing-options]
user@R3# set srlg srlg1 srlg-value 101

IS-IS Feature Guide

6. Enable MPLS on all the interfaces.

user@R3# set interface all
7. Configure srlg on the interfaces.

user@R3# set interface ge-0/3/1 srlg srlg1
user@R3# set interface ge-0/3/1 srlg srlg2
8. Configure administrative groups on the interfaces.

user@R3# set interface ge-0/3/1 admin-group c1
9. Enable link protection and configure metric values on the interfaces.
[edit protocols]
user@R3# set isis interface ge-1/3/5 link-protection
user@R3# set isis interface ge-0/3/1 level 2 metric 21
10. Configure the metric value on all the interfaces.
[edit protocols]
user@R3# set isis interface all level 2 metric 10
11. Apply the routing policy to all equal cost multi paths exported from the routing table
to the forwarding table.

user@R3# set forwarding-table export ecmp
12. Configure attributes of the backup selection policy.
user@R3# set backup-selection destination 0.0.0.0/0 interface all admin-group
include-all c1
include-any c2
preference c3
user@R3# set backup-selection destination 0.0.0.0/0 interface all srlg loose
user@R3# set backup-selection destination 0.0.0.0/0 interface all
user@R3# set backup-selection destination 0.0.0.0/0 interface all neighbor
preference 10.255.102.178
user@R3# set backup-selection destination 0.0.0.0/0 interface all neighbor-tag
preference 1004
user@R3# set backup-selection destination 0.0.0.0/0 interface all metric-order
dest
user@R3# set backup-selection destination 0.0.0.0/0 interface all evaluation-order
admin-group
srlg
bandwidth
user@R3# set backup-selection destination 100.0.1.0/24 interface all srlg strict
user@R3# set backup-selection destination 100.0.7.0/24 interface all srlg strict
Results
From configuration mode, confirm your configuration by entering the show interfaces,
show protocols, and show routing-options commands. If the output does not display the
intended configuration, repeat the instructions in this example to correct the configuration.

ge-1/3/5 {
unit 0 {
family inet {
address 100.2.3.2/24;
}
family iso;
family inet6 {
address 2001:100:2:3::2/64;
}
family mpls;

IS-IS Feature Guide
}
}
ge-0/3/1 {
unit 0 {
family inet {
address 100.3.4.1/24;
}
family iso;
family inet6{
address 2001:100:3:4::1/64;
}
family mpls;
}
}
ge-0/3/6 {
unit 0 {
family inet {
address 100.3.5.1/24;
}
family iso;
family inet6{
address 2001:100:3:5::1/64;
}
family mpls;
}
}
ge-2/0/4 {
unit 0 {
family inet {
address 100.3.6.1/24;
}
family iso;
family inet6{
address 2001:100:3:6::1/64;
}
family mpls;
}
}
ge-1/1/0 {
unit 0 {
family inet {
address 100.3.7.1/24;
}
family iso;
family inet6{
address 2001:100:3:7::1/64;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.102.128/32;
}

family iso {
address 49.0001.0010.0100.1004.00;
}
family inet6{
address abcd::10:255:102:128/128;
}
family mpls;
}
}

rsvp {
interface all;
}
mpls {
admin-groups {
c0 0;
c1 1;
c2 2;
c3 3;
c4 4;
c5 5;
c6 6;
c7 7;
c8 8;
c9 9;
c10 10;
c11 11;
c12 12;
c13 13;
c14 14;
c15 15;
c16 16;
c17 17;
c18 18;
c19 19;
c20 20;
c21 21;
c22 22;
c23 23;
c24 24;
c25 25;
c26 26;
c27 27;
c28 28;
c29 29;
c30 30;
c31 31;
}
interface all;
interface ge-0/3/1 {
srlg [ srlg1 srlg2 ];
admin-group [ c1 c2 c3 c5 ];
}

IS-IS Feature Guide
admin-group [ c1 c2 ];
}
admin-group [ c1 c2 c5 ];
}
admin-group [ c2 c12 ];
}
isis {
link-protection;
}
level 2 metric 21;
}
level 2 metric 13;
}
level 2 metric 15;
}
level 2 metric 22;
}
interface all {
level 2 metric 10;
}
}
user@R3# show routing-options

srlg {
srlg1 {
srlg-value 101;
}
srlg2 {
srlg-value 102;
}
srlg3 {
srlg-value 103;
}
srlg4 {
srlg-value 104;
}
srlg5 {
srlg-value 105;
}
srlg6 {
srlg-value 106;
}
srlg7 {
srlg-value 107;
}
srlg8 {

srlg-value 108;
}
srlg9 {
srlg-value 109;
}
srlg10 {
srlg-value 110;
}
srlg111 {
srlg-value 111;
}
srlg112 {
srlg-value 112;
}
}
backup-selection {
destination 0.0.0.0/0 {
interface all {
admin-group {
include-all c1;
include-any c2;
preference c3;
}
srlg loose;
downstream-paths-only;
bandwidth-greater-equal-primary;
neighbor {
preference 10.255.102.178;
}
neighbor-tag {
preference 1004;
}
metric-order dest;
evaluation-order [ admin-group srlg bandwidth ];
}
}
interface all {
srlg strict;
}
}
interface all {
srlg strict;
}
}
}

IS-IS Feature Guide
Verification
Verify that the configuration is working properly.
• Verifying the Routes on page 72

• Verifying the IS-IS Route on page 76
• Verifying the Backup SPF Roots for Device R3. on page 78
• Verifying the Backup Selection Policy for Device R3 on page 80
Verifying the Routes
Purpose Verify that the expected routes are learned.

Action From operational mode, run the show route command for the routing table.
user@R3> show route
inet.0: 32 destinations, 32 routes (32 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both
10.255.102.128/32 *[Direct/0] 1w0d 04:14:44

> via lo0.31
10.255.102.146/32 *[IS-IS/18] 6d 07:19:57, metric 40
> to 100.2.3.1 via ge-1/3/5.0
to 100.3.4.2 via ge-0/3/1.0
10.255.102.154/32 *[IS-IS/18] 1w0d 04:12:02, metric 25
> to 100.3.6.2 via ge-2/0/4.0
10.255.102.156/32 *[IS-IS/18] 06:38:55, metric 30
> to 100.2.3.1 via ge-1/3/5.0
to 100.3.6.2 via ge-2/0/4.0
10.255.102.166/32 *[IS-IS/18] 1w0d 04:11:57, metric 23
> to 100.3.5.2 via ge-0/3/6.0
10.255.102.172/32 *[IS-IS/18] 1w0d 04:12:03, metric 31
> to 100.3.4.2 via ge-0/3/1.0
10.255.102.178/32 *[IS-IS/18] 06:38:55, metric 20
> to 100.2.3.1 via ge-1/3/5.0
10.255.102.180/32 *[IS-IS/18] 1w0d 04:12:51, metric 32
> to 100.3.7.2 via ge-1/1/0.0
100.0.1.0/24 *[IS-IS/18] 1w0d 04:11:57, metric 30
> to 100.2.3.1 via ge-1/3/5.0
to 100.3.4.2 via ge-0/3/1.0
100.0.4.0/24 *[IS-IS/18] 1w0d 04:12:03, metric 39
> to 100.3.4.2 via ge-0/3/1.0
100.0.5.0/24 *[IS-IS/18] 1w0d 04:11:57, metric 64
> to 100.3.5.2 via ge-0/3/6.0
100.0.6.0/24 *[IS-IS/18] 1w0d 04:12:02, metric 67
> to 100.3.6.2 via ge-2/0/4.0
100.0.7.0/24 *[IS-IS/18] 1w0d 04:12:51, metric 45
> to 100.3.7.2 via ge-1/1/0.0
100.1.2.0/24 *[IS-IS/18] 06:38:55, metric 20
> to 100.2.3.1 via ge-1/3/5.0
100.1.4.0/24 *[IS-IS/18] 06:38:55, metric 30
> to 100.2.3.1 via ge-1/3/5.0
to 100.3.6.2 via ge-2/0/4.0
100.1.7.0/24 *[IS-IS/18] 06:38:55, metric 30
> to 100.2.3.1 via ge-1/3/5.0
to 100.3.6.2 via ge-2/0/4.0
100.2.3.0/24 *[Direct/0] 1w0d 04:13:11
> via ge-1/3/5.0
100.2.3.2/32 *[Local/0] 1w0d 04:13:11
Local via ge-1/3/5.0
100.2.4.0/24 *[IS-IS/18] 06:38:55, metric 22
> to 100.2.3.1 via ge-1/3/5.0
100.2.5.0/24 *[IS-IS/18] 06:38:55, metric 20
> to 100.2.3.1 via ge-1/3/5.0
100.2.6.0/24 *[IS-IS/18] 06:38:55, metric 22
> to 100.2.3.1 via ge-1/3/5.0
100.2.7.0/24 *[IS-IS/18] 06:38:55, metric 23
> to 100.2.3.1 via ge-1/3/5.0
100.3.4.0/24 *[Direct/0] 1w0d 04:13:10
> via ge-0/3/1.0
100.3.4.1/32 *[Local/0] 1w0d 04:13:10

IS-IS Feature Guide

100.3.5.0/24 *[Direct/0] 1w0d 04:13:10
> via ge-0/3/6.0
100.3.5.1/32 *[Local/0] 1w0d 04:13:10
100.3.6.0/24 *[Direct/0] 1w0d 04:13:10
> via ge-2/0/4.0
100.3.6.1/32 *[Local/0] 1w0d 04:13:10
100.3.7.0/24 *[Direct/0] 1w0d 04:13:10
> via ge-1/1/0.0
100.3.7.1/32 *[Local/0] 1w0d 04:13:10
100.4.5.0/24 *[IS-IS/18] 1w0d 04:11:57, metric 23
> to 100.3.5.2 via ge-0/3/6.0
100.6.7.0/24 *[IS-IS/18] 1w0d 04:12:02, metric 25
> to 100.3.6.2 via ge-2/0/4.0
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

49.0001.0010.0100.1004/72
*[Direct/0] 1w0d 04:14:44
> via lo0.0
mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

0 *[MPLS/0] 1w0d 04:14:47, metric 1

Receive
1 *[MPLS/0] 1w0d 04:14:47, metric 1
Receive
2 *[MPLS/0] 1w0d 04:14:47, metric 1
Receive
13 *[MPLS/0] 1w0d 04:14:47, metric 1
Receive
inet6.0: 39 destinations, 43 routes (39 active, 0 holddown, 0 hidden)

2001:100:0:1::/64 *[IS-IS/18] 1w0d 04:11:57, metric 30

> to fe80::2a0:a514:0:1749 via ge-1/3/5.0
to fe80::2a0:a514:0:2b49 via ge-0/3/1.0
2001:100:0:4::/64 *[IS-IS/18] 1w0d 04:12:03, metric 39
> to fe80::2a0:a514:0:2b49 via ge-0/3/1.0
2001:100:0:5::/64 *[IS-IS/18] 1w0d 04:11:57, metric 64
> to fe80::2a0:a514:0:3549 via ge-0/3/6.0
2001:100:0:6::/64 *[IS-IS/18] 1w0d 04:12:02, metric 67
> to fe80::2a0:a514:0:3f49 via ge-2/0/4.0
2001:100:0:7::/64 *[IS-IS/18] 1w0d 04:12:51, metric 45
> to fe80::2a0:a514:0:4949 via ge-1/1/0.0
2001:100:1:2::/64 *[IS-IS/18] 1w0d 04:11:57, metric 20
> to fe80::2a0:a514:0:1749 via ge-1/3/5.0
to fe80::2a0:a514:0:3549 via ge-0/3/6.0
2001:100:1:4::/64 *[IS-IS/18] 1w0d 04:11:57, metric 30
> to fe80::2a0:a514:0:1749 via ge-1/3/5.0
to fe80::2a0:a514:0:2b49 via ge-0/3/1.0
2001:100:1:7::/64 *[IS-IS/18] 1w0d 04:11:57, metric 30
> to fe80::2a0:a514:0:1749 via ge-1/3/5.0
to fe80::2a0:a514:0:2b49 via ge-0/3/1.0

2001:100:2:3::/64 *[Direct/0] 1w0d 04:13:00

> via ge-1/3/5.0
2001:100:2:3::2/128*[Local/0] 1w0d 04:13:11
2001:100:2:4::/64 *[IS-IS/18] 1w0d 04:11:57, metric 22
> to fe80::2a0:a514:0:1749 via ge-1/3/5.0
to fe80::2a0:a514:0:3549 via ge-0/3/6.0
2001:100:2:5::/64 *[IS-IS/18] 1w0d 04:11:57, metric 20
> to fe80::2a0:a514:0:1749 via ge-1/3/5.0
to fe80::2a0:a514:0:3549 via ge-0/3/6.0
2001:100:2:6::/64 *[IS-IS/18] 1w0d 04:11:57, metric 22
> to fe80::2a0:a514:0:1749 via ge-1/3/5.0
to fe80::2a0:a514:0:3549 via ge-0/3/6.0
2001:100:2:7::/64 *[IS-IS/18] 1w0d 04:11:57, metric 23
> to fe80::2a0:a514:0:1749 via ge-1/3/5.0
to fe80::2a0:a514:0:3549 via ge-0/3/6.0
2001:100:3:4::/64 *[Direct/0] 1w0d 04:12:59
> via ge-0/3/1.0
2001:100:3:4::1/128*[Local/0] 1w0d 04:13:10
2001:100:3:5::/64 *[Direct/0] 1w0d 04:12:59
> via ge-0/3/6.0
2001:100:3:5::1/128*[Local/0] 1w0d 04:13:10
2001:100:3:6::/64 *[Direct/0] 1w0d 04:12:59
> via ge-2/0/4.0
2001:100:3:6::1/128*[Local/0] 1w0d 04:13:10
2001:100:3:7::/64 *[Direct/0] 1w0d 04:12:59
> via ge-1/1/0.0
2001:100:3:7::1/128*[Local/0] 1w0d 04:13:10
2001:100:4:5::/64 *[IS-IS/18] 1w0d 04:11:57, metric 23
> to fe80::2a0:a514:0:3549 via ge-0/3/6.0
2001:100:6:7::/64 *[IS-IS/18] 1w0d 04:12:02, metric 25
> to fe80::2a0:a514:0:3f49 via ge-2/0/4.0
abcd::10:255:102:128/128
*[Direct/0] 1w0d 04:14:43
> via lo0.0
abcd::10:255:102:146/128
*[IS-IS/18] 1w0d 04:11:57, metric 40
> to fe80::2a0:a514:0:1749 via ge-1/3/5.0
to fe80::2a0:a514:0:2b49 via ge-0/3/1.0
abcd::10:255:102:154/128
*[IS-IS/18] 1w0d 04:12:02, metric 25
> to fe80::2a0:a514:0:3f49 via ge-2/0/4.0
abcd::10:255:102:156/128
*[IS-IS/18] 1w0d 04:11:57, metric 30
> to fe80::2a0:a514:0:1749 via ge-1/3/5.0
to fe80::2a0:a514:0:2b49 via ge-0/3/1.0
abcd::10:255:102:166/128
*[IS-IS/18] 1w0d 04:11:57, metric 23
> to fe80::2a0:a514:0:3549 via ge-0/3/6.0
abcd::10:255:102:172/128
*[IS-IS/18] 1w0d 04:12:03, metric 31
> to fe80::2a0:a514:0:2b49 via ge-0/3/1.0
abcd::10:255:102:178/128
*[IS-IS/18] 1w0d 04:11:57, metric 20
> to fe80::2a0:a514:0:1749 via ge-1/3/5.0
to fe80::2a0:a514:0:3549 via ge-0/3/6.0

IS-IS Feature Guide
abcd::10:255:102:180/128
*[IS-IS/18] 1w0d 04:12:51, metric 32
> to fe80::2a0:a514:0:4949 via ge-1/1/0.0
fe80::/64 *[Direct/0] 1w0d 04:13:00
> via ge-1/3/5.0
[Direct/0] 1w0d 04:12:59
> via ge-0/3/1.0
[Direct/0] 1w0d 04:12:59
> via ge-0/3/6.0
[Direct/0] 1w0d 04:12:59
> via ge-2/0/4.0
[Direct/0] 1w0d 04:12:59
> via ge-1/1/0.0
fe80::2a0:a50f:fc64:7649/128
*[Direct/0] 1w0d 04:14:43
> via lo0.0
fe80::2a0:a514:0:2049/128
*[Local/0] 1w0d 04:13:11
fe80::2a0:a514:0:2249/128
*[Local/0] 1w0d 04:13:10
fe80::2a0:a514:0:2349/128
*[Local/0] 1w0d 04:13:10
fe80::2a0:a514:0:2449/128
*[Local/0] 1w0d 04:13:10
fe80::2a0:a514:0:2549/128
*[Local/0] 1w0d 04:13:10
Meaning The output shows all Device R3 routes.
Verifying the IS-IS Route
Purpose Verify the routing table of IS-IS.

Action From operational mode, run the show isis route command for Device R3.
user@R3> show isis route
IS-IS routing table Current version: L1: 0 L2: 5023

IPv4/IPv6 Routes
----------------
Prefix L Version Metric Type Interface NH Via Backup Score
10.255.102.146/32 2 5023 40 int ge-1/3/5.0 IPV4 R2
ge-0/3/1.0 IPV4 R4 0000000000200000
10.255.102.154/32 2 5023 25 int ge-2/0/4.0 IPV4 R6

10.255.102.156/32 2 5023 30 int ge-1/3/5.0 IPV4 R2
ge-2/0/4.0 IPV4 R6 0000000000000000
10.255.102.166/32 2 5023 23 int ge-0/3/6.0 IPV4 R5

10.255.102.172/32 2 5023 31 int ge-0/3/1.0 IPV4 R4
10.255.102.178/32 2 5023 20 int ge-1/3/5.0 IPV4 R2
10.255.102.180/32 2 5023 32 int ge-1/1/0.0 IPV4 R7
100.0.1.0/24 2 5023 30 int ge-1/3/5.0 IPV4 R2
ge-0/3/1.0 IPV4 R4 0000000002003100
100.0.4.0/24 2 5023 39 int ge-0/3/1.0 IPV4 R4

100.0.5.0/24 2 5023 64 int ge-0/3/6.0 IPV4 R5
100.0.6.0/24 2 5023 67 int ge-2/0/4.0 IPV4 R6
100.0.7.0/24 2 5023 45 int ge-1/1/0.0 IPV4 R7
100.1.2.0/24 2 5023 20 int ge-1/3/5.0 IPV4 R2
100.1.4.0/24 2 5023 30 int ge-1/3/5.0 IPV4 R2
ge-2/0/4.0 IPV4 R6 0000000000000000
100.1.7.0/24 2 5023 30 int ge-1/3/5.0 IPV4 R2

ge-2/0/4.0 IPV4 R6 0000000000000000
100.2.4.0/24 2 5023 22 int ge-1/3/5.0 IPV4 R2

100.2.5.0/24 2 5023 20 int ge-1/3/5.0 IPV4 R2
100.2.6.0/24 2 5023 22 int ge-1/3/5.0 IPV4 R2
100.2.7.0/24 2 5023 23 int ge-1/3/5.0 IPV4 R2
100.4.5.0/24 2 5023 23 int ge-0/3/6.0 IPV4 R5
100.6.7.0/24 2 5023 25 int ge-2/0/4.0 IPV4 R6
2001:100:0:1::/64 2 5023 30 int ge-1/3/5.0 IPV6 R2
ge-0/3/1.0 IPV6 R4
2001:100:0:4::/64 2 5023 39 int ge-0/3/1.0 IPV6 R4
2001:100:0:5::/64 2 5023 64 int ge-0/3/6.0 IPV6 R5
2001:100:0:6::/64 2 5023 67 int ge-2/0/4.0 IPV6 R6
2001:100:0:7::/64 2 5023 45 int ge-1/1/0.0 IPV6 R7
2001:100:1:2::/64 2 5023 20 int ge-1/3/5.0 IPV6 R2
ge-0/3/6.0 IPV6 R5
2001:100:1:4::/64 2 5023 30 int ge-1/3/5.0 IPV6 R2
ge-0/3/1.0 IPV6 R4
2001:100:1:7::/64 2 5023 30 int ge-1/3/5.0 IPV6 R2
ge-0/3/1.0 IPV6 R4
2001:100:2:4::/64 2 5023 22 int ge-1/3/5.0 IPV6 R2
ge-0/3/6.0 IPV6 R5
2001:100:2:5::/64 2 5023 20 int ge-1/3/5.0 IPV6 R2
ge-0/3/6.0 IPV6 R5
2001:100:2:6::/64 2 5023 22 int ge-1/3/5.0 IPV6 R2
ge-0/3/6.0 IPV6 R5
2001:100:2:7::/64 2 5023 23 int ge-1/3/5.0 IPV6 R2
ge-0/3/6.0 IPV6 R5

IS-IS Feature Guide
2001:100:4:5::/64 2 5023 23 int ge-0/3/6.0 IPV6 R5

2001:100:6:7::/64 2 5023 25 int ge-2/0/4.0 IPV6 R6
abcd::10:255:102:146/128 2 5023 40 int ge-1/3/5.0 IPV6 R2
ge-0/3/1.0 IPV6 R4
abcd::10:255:102:154/128 2 5023 25 int ge-2/0/4.0 IPV6 R6
abcd::10:255:102:156/128 2 5023 30 int ge-1/3/5.0 IPV6 R2
ge-0/3/1.0 IPV6 R4
abcd::10:255:102:166/128 2 5023 23 int ge-0/3/6.0 IPV6 R5
abcd::10:255:102:172/128 2 5023 31 int ge-0/3/1.0 IPV6 R4
abcd::10:255:102:178/128 2 5023 20 int ge-1/3/5.0 IPV6 R2
ge-0/3/6.0 IPV6 R5
abcd::10:255:102:180/128 2 5023 32 int ge-1/1/0.0 IPV6 R7
Meaning The output displays the routing table of IS-IS routers.
Verifying the Backup SPF Roots for Device R3.
Purpose Verify the potential IS-IS backup SPF roots for Device R3.

Action From operational mode, run the show isis backup spf results command for Device R3.
user@R3> show isis backup spf results
IS-IS level 1 SPF results:

0 nodes

R0.00
Primary next-hop: ge-1/3/5, IPV4, R2, SNPA: b0:c6:9a:2a:f4:bc
Primary next-hop: ge-1/3/5, IPV6, R2, SNPA: b0:c6:9a:2a:f4:bc
Root: R4, Root Metric: 21, Metric: 18, Root Preference: 0x0
track-item: R4.04-00, track-item-isnbr: R4.00
Eligible, Backup next-hop: ge-0/3/1, IPV4, R4, SNPA: b0:c6:9a:2a:f4:bd
track-item: R1.02-00
Not eligible, IPV4, Reason: Primary next-hop link fate sharing
R7.00
Primary next-hop: ge-1/1/0, IPV4, R7, SNPA: b0:c6:9a:2a:f4:bd
Primary next-hop: ge-1/1/0, IPV6, R7, SNPA: b0:c6:9a:2a:f4:bd
Not eligible, IPV4, Reason: Interface protection not configured
Not eligible, IPV6, Reason: Interface protection not configured
. . .

IS-IS Feature Guide
Meaning The output displays the root calculations through each directly connected router.
Verifying the Backup Selection Policy for Device R3
Action From operational mode, run the show backup-selection command for Device R3.
user@R3> show backup-selection
Prefix: 0.0.0.0/0
Interface: all
Admin-group include-all: c1
Admin-group include-any: c2
Admin-group preference: c3
Neighbor preference: 10.255.102.178
Neighbor-tag preference: 1004
Protection Type: Link, Downstream Paths Only: Enabled, SRLG: Loose, B/w >=
Primary: Enabled, Root-metric: lowest, Dest-metric: lowest
Metric Evaluation Order: Dest-metric, Root-metric
Policy Evaluation Order: Admin-group, SRLG, Bandwidth
Prefix: 100.0.1.0/24
Interface: all
Protection Type: Link, Downstream Paths Only: Disabled, SRLG: Strict, B/w >=
Policy Evaluation Order: Admin-group, SRLG, Bandwidth, Protection, Neighbor,
Metric, Neighbor-Tag
Prefix: 100.0.7.0/24
Interface: all
Primary: Disabled, Root-metric: lowest, Dest-metric: lowest
Policy Evaluation Order: Admin-group, SRLG, Bandwidth, Protection, Neighbor,
Metric, Neighbor-Tag
Meaning The output displays the configured policies per prefix per primary next-hop interface.
Related • Understanding Backup Selection Policy for IS-IS Protocol on page 48

Documentation

Configuring Backup Selection Policy for the IS-IS Protocol
Support for IS-IS loop-free alternate (LFA) routes essentially adds IP fast-reroute
capability for IS-IS. Junos OS precomputes multiple loop-free backup routes for all IS-IS
routes. These backup routes are pre-installed in the Packet Forwarding Engine, which
performs a local repair and implements the backup path when the link for a primary next
hop for a particular route is no longer available. The selection of LFA is done randomly
by selecting any matching LFA to progress to the given destination. This does not ensure
best backup coverage available for the network. In order to choose the best LFA, Junos
OS allows you to configure network-wide backup selection policies for each destination
(IPv4 and IPv6) and a primary next-hop interface. These policies are evaluated based
on admin-group, srlg, bandwidth, protection-type, metric, and neighbor information.
Before you begin to configure the backup selection policy for the IS-IS protocol:
• Configure the router interfaces. See the Junos OS Network Management Administration
Guide for Routing Devices
• Configure an interior gateway protocol or static routing. See the Junos OS Routing
Protocols Library for Routing Devices
To configure the backup selection policy for the IS-IS protocol:
1. Configure per-packet load balancing.
user@host# set policy-statement ecmp term 1 then load-balance per-packet
2. Enable RSVP on all the interfaces.
[edit protocols]
user@host# set rsvp interface all
3. Configure administrative groups.

user@host# set admin-groups group-name
4. Configure srlg values.
user@host# set srlg srlg-name srlg-value srlg-value
5. Enable MPLS on all the interfaces.

user@host# set interface all

IS-IS Feature Guide
6. Configure srlg on the interfaces.

user@host# set interface interface-name srlg srlg-name
7. Configure the administrative groups on the interfaces.

user@host# set interface interface-name admin-group group-name
8. Enable link protection and configure the metric value on all the interfaces.
[edit protocols]
user@host# set isis interface all level 2 metric 10
9. Apply the routing policy to all equal cost multipaths exported from the routing table
to the forwarding table.
user@host# set forwarding-table export ecmp
10. Configure the administrative group of the backup selection policy for an IP address.
You can choose to exclude, include all, include any, or prefer the administrative groups
from the backup path.
user@host# set backup-selection destination ip-address interface interface-name
admin-group
• Specify the administrative group to be excluded.
[edit routing-options backup-selection destination ip-address interface interface-name

admin-group]
user@host# set exclude group-name
The backup path is not selected as the loop-free alternate (LFA) or backup nexthop
if any of the links in the path have any one of the listed administrative groups.
For example, to exclude the group c1 from the administrative group:
[edit routing-options backup-selection destination 0.0.0.0/0 interface all

admin-group]
user@host# set exclude c1
• Configure all the administrative groups if each link in the backup path requires all
the listed administrative groups in order to accept the path.

admin-group]
user@host# set include-all group-name

For example, to set all the administrative groups if each link requires all the listed
administrative groups in order to accept the path:

admin-group]
user@host# set include-all c2
• Configure any administrative group if each link in the backup path requires at least
one of the listed administrative groups in order to select the path.

admin-group]
user@host# set include-any group-name
For example, to set any administrative group if each link in the backup path requires
at least one of the listed administrative groups in order to select the path:

admin-group]
user@host# set include-any c3
• Define an ordered set of administrative group that specifies the preference of the
backup path.
The leftmost element in the set is given the highest preference.

admin-group]
user@host# set preference group-name
For example, to set an ordered set of administrative group that specifies the
preference of the backup path:

admin-group]
user@host# set preference c4
11. Configure the backup path to allow the selection of the backup next hop only if the
bandwidth is greater than or equal to the bandwidth of the primary next hop.
12. Configure the backup path to specify the metric from the one-hop neighbor or from
the remote router such as an RSVP backup label-switched-path (LSP) tail-end router
to the final destination.
The destination metric can be either highest or lowest.
• Configure the backup path that has the highest destination metric.

IS-IS Feature Guide

dest-metric highest
• Configure the backup path that has the lowest destination metric.
dest-metric lowest
13. Configure the backup path that is a downstream path to the destination.
14. Set the order of preference of the root and the destination metric during backup path
selection.
The preference order can be :
• [root dest] — Backup path selection or preference is first based on the root-metric
criteria. If the criteria of all the root-metric is the same, then the selection or
preference is based on the dest-metric.
• [dest root] — Backup path selection or preference is first based on the dest-metric
criteria. If the criteria of all the dest-metric is the same, then the selection is based
on the root-metric.
metric-order root
metric-order dest
15. Configure the backup path to define a list of loop-back IP addresses of the adjacent
neighbors to either exclude or prefer in the backup path selection.
The neighbor can be a local (adjacent router) neighbor, remote neighbor, or any other
router in the backup path.
neighbor
• Configure the list of neighbors to be excluded.

neighbor]
user@host# set exclude neighbor-address
The backup path that has a router from the list is not selected as the loop-free
alternative or backup next hop.

• Configure an ordered set of neighbors to be preferred.

neighbor]
user@host# set preference neighbor-address
The backup path having the leftmost neighbor is selected.
16. Define the backup path per-neighbor policy, to either exclude or prefer a backup path.
user@host# set backup-selection destination ip-address interface all neighbor-tag
• Configure to not select the backup path as the loop-free alternative or backup-next
hop if any node or router with route-tag is present in the path.

neighbor-tag]
user@host# set exclude route-tag
For example, to not select the backup path as the loop-free alternative or
backup-next hop if any node or router with 1004 route-tag is present in the path:

neighbor-tag]
user@host# set exclude 1004
• Configure the set of route tags in descending order of preference.

neighbor-tag]
user@host# set preference route-tag
For example, to configure the set of route tags in descending order of preference:

neighbor-tag]
user@host# set preference 1006
17. Configure the backup path to specify the required protection type of the backup path
to be link, node, or node-link.
• Select the backup path that provides link protection.
protection-type link
• Select the backup path that provides node protection.
protection-type node

IS-IS Feature Guide
• Select the backup path that allows either node or link protection LFA where
node-protection LFA is preferred over link-protection LFA.
protection-type node-link
18. Specify the metric to the one-hop neighbor or to the remote router such as an RSVP
backup label-switched-path (LSP) tail-end router.
• Select the path with highest root metric.
user@host# set backup-selection destination ip-address interface all root-metric
highest
• Select the path with lowest root metric.
user@host# set backup-selection destination ip-address interface all root-metric
lowest
19. Configure the backup selection path to either allow or reject the common shared risk
link groups (SRLGs) between the primary link and each link in the backup path.
• Configure the backup path to allow common srlgs between the primary link and
each link in the backup path.
user@host# set backup-selection destination ip-address interface all srlg loose
A backup path with a fewer number of srlg collisions is preferred.
• Configure the backup path to reject the backup path that has common srlgs between
the primary link and each link in the backup path.
user@host# set backup-selection destination ip-address interface all srlg strict
20. Configure the backup path to control the order and the criteria of evaluating the backup
path based on the administrative group, srlg, bandwidth, protection type, neighbor,
neighbor-tag, and metric. The default order of evaluation is admin-group, srlg,
bandwidth, protection-type, neighbor, neighbor-tag, and metric.
user@host# set backup-selection destination ip-address interface all evaluation-order
admin-group
srlg
bandwidth


Documentation
Example: Redistributing OSPF Routes into IS-IS
This example shows how to redistribute OSPF routes into an IS-IS network.
Requirements
example.
Overview
Export policy can be applied to IS-IS to facilitate route redistribution.
Junos OS does not support the application of import policy for link-state routing protocols
like IS-IS because such policies can lead to inconsistent link-state database (LSDB)
entries, which in turn can result in routing inconstancies.
In this example, OSPF routes 192.168.0/24 through 192.168.3/24 are redistributed into
IS-IS area 49.0002 from Device R2.
In addition, policies are configured to ensure that Device R1 can reach destinations on
the 10.0.0.44/30 network, and that Device R3 can reach destinations on the 10.0.0.36/30
network. This enables end-to-end reachability.

IS-IS Feature Guide
Figure 9: IS-IS Route Redistribution Topology
IS-IS
49.0002
lo0:172.16.3.5 lo0:172.16.9.7
fe-1/2/0 fe-1/2/1
.38 10.0.0.36/30 .37
R1 R2
.45 fe-1/2/0
10.0.0.44/30
.46 fe-1/2/0
R3
g041258
OSPF
(192.168.0-3/24)
steps on Device R2. “Step-by-Step Procedure” on page 91 describes the steps on Device
R3.
Configuration
level.

set protocols isis interface fe-1/2/0.0

set interfaces fe-1/2/0 unit 0 description to-OSPF-network
set protocols isis export ospf-isis

set protocols isis export send-direct-to-isis-neighbors

set protocols ospf export send-direct-to-ospf-neighbors
set protocols ospf area 0.0.0.1 interface fe-1/2/0.0
set protocols ospf area 0.0.0.1 interface lo0.0 passive
set policy-options policy-statement ospf-isis term 1 from protocol ospf
set policy-options policy-statement ospf-isis term 1 from route-filter 192.168.0.0/22
longer
set policy-options policy-statement ospf-isis term 1 then accept
set policy-options policy-statement send-direct-to-isis-neighbors from protocol direct
set policy-options policy-statement send-direct-to-isis-neighbors from route-filter
10.0.0.44/30 exact
set policy-options policy-statement send-direct-to-isis-neighbors then accept
set policy-options policy-statement send-direct-to-ospf-neighbors from protocol direct
set policy-options policy-statement send-direct-to-ospf-neighbors from route-filter
10.0.0.36/30 exact
set policy-options policy-statement send-direct-to-ospf-neighbors then accept
Device R3 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.46/30

set protocols ospf export ospf
set protocols ospf area 0.0.0.1 interface fe-1/2/0.0
set protocols ospf area 0.0.0.1 interface lo0.0 passive
set policy-options policy-statement ospf term 1 from protocol static
set policy-options policy-statement ospf term 1 then accept
set routing-options static route 192.168.0.0/24 discard
Step-by-Step To configure Device R2:

Procedure
[edit interfaces]
user@R2# set fe-1/2/0 unit 0 description to-OSPF-network
user@R2# set lo0 unit 0 family inet address 172.16.9.7/32
user@R2# set lo0 unit 0 family iso address 49.0002.0172.0016.0907.00
2. Configure IS-IS on the interface facing Device R1 and the loopback interface.

user@R2# set interface fe-1/2/1.0

IS-IS Feature Guide
3. Configure the policy that enables Device R1 to reach the 10.0.0.44/30 network.
[edit policy-options policy-statement send-direct-to-isis-neighbors]

user@R2# set from protocol direct
user@R2# set from route-filter 10.0.0.44/30 exact
user@R2# set then accept
4. Apply the policy that enables Device R1 to reach the 10.0.0.44/30 network.

user@R2# set export send-direct-to-isis-neighbors
5. Configure OSPF on the interfaces.
[edit protocols ospf]

user@R2# set area 0.0.0.1 interface fe-1/2/0.0
user@R2# set area 0.0.0.1 interface lo0.0 passive
6. Configure the OSPF route redistribution policy.
[edit policy-options policy-statement ospf-isis term 1]

user@R2# set from protocol ospf
user@R2# set from route-filter 192.168.0.0/22 longer
7. Apply the OSPF route redistribution policy to the IS-IS instance.

user@R2# set export ospf-isis
8. Configure the policy that enables Device R3 to reach the 10.0.0.36/30 network.
[edit policy-options policy-statement send-direct-to-ospf-neighbors]

user@R2# set from protocol direct
user@R2# set from route-filter 10.0.0.36/30 exact
9. Apply the policy that enables Device R3 to reach the 10.0.0.36/30 network.

user@R2# set export send-direct-to-ospf-neighbors

Multiple addresses are configured on the loopback interface to simulate multiple

route destinations.
[edit interfaces]
2. Configure static routes to the loopback interface addresses.
These are the routes that are redistributed into IS-IS.
[edit routing-options static]

user@R3# set route 192.168.0.0/24 discard
3. Configure OSPF on the interfaces.
[edit protocols ospf area 0.0.0.1]

user@R3# set interface lo0.0 passive
4. Configure the OSPF policy to export the static routes.
[edit policy-options policy-statement ospf term 1]

user@R3# set from protocol static
5. Apply the OSPF export policy.

user@R3# set export ospf
show protocols, show policy-options, and show routing-options commands. If the output
does not display the intended configuration, repeat the instructions in this example to
correct the configuration.

IS-IS Feature Guide
Device R2 user@R2# show interfaces

fe-1/2/1 {
unit 0 {
description to-R5;
family inet {
address 10.0.0.37/30;
}
family iso;
}
}
fe-1/2/0 {
unit 0 {
description to-OSPF-network;
family inet {
address 10.0.0.45/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 172.16.9.7/32;
}
family iso {
address 49.0002.0172.0016.0907.00;
}
}
}

isis {
export [ ospf-isis send-direct-to-isis-neighbors ];
interface fe-1/2/1.0;
interface lo0.0;
}
ospf {
export send-direct-to-ospf-neighbors;
area 0.0.0.1 {
interface lo0.0 {
passive;
}
}
}
user@R2# show policy-options

policy-statement ospf-isis {
term 1 {
from {
protocol ospf;
route-filter 192.168.0.0/22 longer;
}
then accept;

}
}
policy-statement send-direct-to-isis-neighbors {
from {
protocol direct;
route-filter 10.0.0.44/30 exact;
}
then accept;
}
policy-statement send-direct-to-ospf-neighbors {
from {
protocol direct;
}
then accept;
}
Device R3 user@R3# show interfaces

fe-1/2/0 {
unit 0 {
family inet {
address 10.0.0.46/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.1.1/32;
address 192.168.2.1/32;
address 192.168.3.1/32;
address 192.168.0.1/32;
}
}
}

ospf {
export ospf;
area 0.0.0.1 {
interface lo0.0 {
passive;
}
}
}

policy-statement ospf {
term 1 {
from protocol static;
then accept;

IS-IS Feature Guide
}
}

static {
route 192.168.0.0/24 discard;
}
Verification
• Verifying OSPF Route Advertisement on page 94

• Verifying Route Redistribution on page 95
• Verifying Connectivity on page 95
Verifying OSPF Route Advertisement
Purpose Make sure that the expected routes are advertised by OSPF.
Action From operational mode on Device R2, enter the show route protocol ospf command.
user@R2> show route protocol ospf

192.168.0.0/24 *[OSPF/150] 03:54:21, metric 0, tag 0

> to 10.0.0.46 via fe-1/2/0.0
192.168.0.1/32 *[OSPF/10] 03:54:21, metric 1
> to 10.0.0.46 via fe-1/2/0.0
192.168.1.0/24 *[OSPF/150] 03:54:21, metric 0, tag 0
> to 10.0.0.46 via fe-1/2/0.0
192.168.1.1/32 *[OSPF/10] 03:54:21, metric 1
> to 10.0.0.46 via fe-1/2/0.0
192.168.2.0/24 *[OSPF/150] 03:54:21, metric 0, tag 0
> to 10.0.0.46 via fe-1/2/0.0
192.168.2.1/32 *[OSPF/10] 03:54:21, metric 1
> to 10.0.0.46 via fe-1/2/0.0
192.168.3.0/24 *[OSPF/150] 03:54:21, metric 0, tag 0
> to 10.0.0.46 via fe-1/2/0.0
192.168.3.1/32 *[OSPF/10] 03:54:21, metric 1
> to 10.0.0.46 via fe-1/2/0.0
224.0.0.5/32 *[OSPF/10] 03:56:03, metric 1
MultiRecv

Meaning The 192.168/16 routes are advertised by OSPF.
Verifying Route Redistribution
Purpose Make sure that the expected routes are redistributed from OSPF into IS-IS.
Action From operational mode on Device R1, enter the show route protocol isis command.
user@R1> show route protocol isis

10.0.0.44/30 *[IS-IS/160] 03:45:24, metric 20

> to 10.0.0.37 via fe-1/2/0.0
172.16.9.7/32 *[IS-IS/15] 03:49:46, metric 10
> to 10.0.0.37 via fe-1/2/0.0
192.168.0.0/24 *[IS-IS/160] 03:49:46, metric 10
> to 10.0.0.37 via fe-1/2/0.0
192.168.0.1/32 *[IS-IS/160] 03:49:46, metric 11, tag2 1
> to 10.0.0.37 via fe-1/2/0.0
192.168.1.0/24 *[IS-IS/160] 03:49:46, metric 10
> to 10.0.0.37 via fe-1/2/0.0
192.168.1.1/32 *[IS-IS/160] 03:49:46, metric 11, tag2 1
> to 10.0.0.37 via fe-1/2/0.0
192.168.2.0/24 *[IS-IS/160] 03:49:46, metric 10
> to 10.0.0.37 via fe-1/2/0.0
192.168.2.1/32 *[IS-IS/160] 03:49:46, metric 11, tag2 1
> to 10.0.0.37 via fe-1/2/0.0
192.168.3.0/24 *[IS-IS/160] 03:49:46, metric 10
> to 10.0.0.37 via fe-1/2/0.0
192.168.3.1/32 *[IS-IS/160] 03:49:46, metric 11, tag2 1
> to 10.0.0.37 via fe-1/2/0.0
Meaning The 192.168/16 routes are redistributed into IS-IS.
Verifying Connectivity
Purpose Check that Device R1 can reach the destinations on Device R3.
Action From operational mode, enter the ping command.
user@R1> ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes

64 bytes from 192.168.1.1: icmp_seq=0 ttl=63 time=2.089 ms

IS-IS Feature Guide

Meaning These results confirm that Device R1 can reach the destinations in the OSPF network.
Related • Understanding Routing Policies on page 45

Documentation
Example: Configuring IS-IS Route Leaking from a Level 2 Area to a Level 1 Area
This example shows how to leak prefixes in an IS-IS network from a Level 2 area to a
Level 1 area.
Requirements
example.
Overview
Every routing protocol passes routing information up or down the routing hierarchy. This
bidirectional flow of routing information is known as route leaking.
By default, IS-IS protocol leaks routing information from a Level 1 area to a Level 2 area.
However, to leak routing information from a Level 2 area to a Level 1 area, an export policy
must be explicitly configured.
Topology
In this example, Devices R3 and R4 are configured in a Level 2 area. Devices R5, R6, and
R7 are configured in a Level 1 area.

Figure 10: Route Leaking from a Level 2 Area to a Level 1 Area
LEVEL 2 LEVEL 1
10.0.0.0/30 10.0.0.0/30
192.168.0.3/32 192.168.0.6/32
.21
R3 R6
.17 .33
R5
.22 .29
.26 .38
.18 .34
.25 .37
R4 192.168.0.5/32 R7
192.168.0.4/32 192.168.0.7/32
g040934
49.0001 49.0002
Configuration
Configuring Route Leaking from a Level 2 Area to a Level 1 Area
CLI Quick To quickly configure route leaking from a Level 2 area to a Level 1 area, copy the following
Configuration commands, paste them into a text file, remove any line breaks, change any details
necessary to match your network configuration, and then copy and paste the commands
into the CLI at the [edit] hierarchy level.

set policy-options policy-statement leak-L2-to-L1 from route-filter 192.168.0.0/24 orlonger
set policy-options policy-statement leak-L2-to-L1 from protocol isis
set policy-options policy-statement leak-L2-to-L1 from level 2
set policy-options policy-statement leak-L2-to-L1 to protocol isis
set policy-options policy-statement leak-L2-to-L1 to level 1
set policy-options policy-statement leak-L2-to-L1 then accept
set protocols isis export leak-L2-to-L1


IS-IS Feature Guide

set policy-options policy-statement leak-L2-to-L1 from route-filter 192.168.0.0/24 orlonger
set policy-options policy-statement leak-L2-to-L1 from protocol isis
set policy-options policy-statement leak-L2-to-L1 from level 2
set policy-options policy-statement leak-L2-to-L1 to protocol isis
set policy-options policy-statement leak-L2-to-L1 to level 1
set policy-options policy-statement leak-L2-to-L1 then accept
set protocols isis export leak-L2-to-L1





Configuring Route Leaking from a Level 2 Area to a Level 1 Area
To configure route leaking from a Level 2 area to a Level 1 area:
Enable IS-IS on the interfaces by including the ISO address family on each interface.
[edit interfaces]
Similarly, configure other routers.
2. Configure two loopback interface addresses.
One address is for IPv4, and the other address is to enable the router to form
adjacencies with other routers in the area.

3. Specify the IS-IS level on a per-interface basis.
[edit protocols isis interface]

user@R3# set fe-1/2/0.0 level 1 disable
user@R3# set fe-1/2/1.0 level 1 disable
user@R3# set lo0.0 level 1 disable
4. Configure a route leaking policy on the routers configured in the Level 2 area to leak
routes into the Level 1 area.
[edit policy-options policy-statement leak-L2-to-L1]

user@R3# set from route-filter 192.168.0.0/24 orlonger
user@R3# set from protocol isis
user@R3# set from level 2

IS-IS Feature Guide
user@R3# set to protocol isis

user@R3# set to level 1

user@R3# set export leak-L2-to-L1
Similarly, configure Device R4.
Results
show protocols isis, and show policy-options commands.
If the output does not display the intended configuration, repeat the instructions in this
example to correct the configuration.
fe-1/2/0 {
unit 0 {
description to-R4;
family inet {
address 10.0.0.17/30;
}
family iso;
}
}
fe-1/2/1 {
unit 0 {
description to-R5;
family inet {
address 10.0.0.21/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.3/32;
}
family iso {
address 49.0001.0192.0168.0003.00;
}
}
}
user@R3# show protocols isis
export leak-L2-to-L1;
level 1 disable;
}

level 1 disable;
}
interface lo0.0 {
level 1 disable;
}
policy-statement leak-L2-to-L1 {
from {
protocol isis;
level 2;
route-filter 192.168.0.0/24 orlonger;
}
to {
protocol isis;
level 1;
}
then accept;
}
Similarly, confirm the configuration on all other routers. If you are done configuring the
routers, enter commit from configuration mode.
Verification
Verifying Route Leaking from a Level 2 Area to a Level 1 Area
Purpose Verify that IS-IS leaks routes from a Level 2 area to a Level 1 area.
Action To verify that route leaking is taking place, use the following commands:
• show isis adjacency (to verify that the IS-IS network is up and adjacencies have been
established)
• show isis database detail (to verify the presence of leaked routes)
1. From operational mode on Device R3, run the show isis adjacency command.
user@R3> show isis adjacency

fe-1/2/0.0 R4 2 Up 7 0:5:85:8f:94:bd
fe-1/2/1.0 R5 2 Up 7 0:5:85:8f:94:bd
The output verifies that the interfaces on Device R3 are up and have established
adjacencies with the connecting interfaces on Routers R4 and R5. If you don’t see the
interfaces being functional, see the “Results” on page 100 section for troubleshooting
your configuration.
2. From operational mode on Device R3, run the show isis database detail command.

IS-IS Feature Guide

IP prefix: 192.168.0.4/32 Metric: 10 Internal Down
R3.00-00 Sequence: 0x1c, Checksum: 0xc657, Lifetime: 1078 secs

R4.00-00 Sequence: 0x19, Checksum: 0xea13, Lifetime: 1076 secs

R4.02-00 Sequence: 0x17, Checksum: 0xecab, Lifetime: 1076 secs

R5.00-00 Sequence: 0x12, Checksum: 0xf4e5, Lifetime: 1076 secs

R5.02-00 Sequence: 0xb, Checksum: 0x2d74, Lifetime: 1076 secs

R5.03-00 Sequence: 0xb, Checksum: 0x6c32, Lifetime: 1076 secs

The Down keyword identifies the routes that have successfully leaked from the Level
2 area to the Level 1 area.
Meaning Route leaking from a Level 2 to a Level 1 area is functioning as expected.

Understanding BGP Communities, Extended Communities, and Large Communities

as Routing Policy Match Conditions
A BGP community is a group of destinations that share a common property. Community

information is included as a path attribute in BGP update messages. This information
identifies community members and enables you to perform actions on a group without
having to elaborate upon each member. You can use community and extended
communities attributes to trigger routing decisions, such as acceptance, rejection,
preference, or redistribution.
You can assign community tags to non-BGP routes through configuration (for static,
aggregate, or generated routes) or an import routing policy. These tags can then be
matched when BGP exports the routes.
A community value is a 32-bit field that is divided into two main sections. The first 16 bits
of the value encode the AS number of the network that originated the community, while
the last 16 bits carry a unique number assigned by the AS. This system attempts to
guarantee a globally unique set of community values for each AS in the Internet. Junos
OS uses a notation of as-number:community-value, where each value is a decimal number.
The AS values of 0 and 65,535 are reserved, as are all of the community values within
those AS numbers. Each community, or set of communities, is given a name within the
[edit policy-options] configuration hierarchy. The name of the community uniquely
identifies it to the routing device and serves as the method by which routes are categorized.
For example, a route with a community value of 64510:1111 might belong to the community
named AS64510-routes. The community name is also used within a routing policy as a
match criterion or as an action. The command syntax for creating a community is:
policy-options community name members [community-ids]. The community-ids are either
a single community value or multiple community values. When more than one value is
assigned to a community name, the routing device interprets this as a logical AND of the
community values. In other words, a route must have all of the configured values before
being assigned the community name.
The regular community attribute is four octets. Networking enhancements, such as VPNs,
have functionality requirements that can be satisfied by an attribute such as a community.
However, the 4-octet community value does not provide enough expansion and flexibility
to accommodate VPN requirements. This leads to the creation of extended communities.
An extended community is an 8-octet value that is also divided into two main sections.
The first 2 octets of the community encode a type field while the last 6 octets carry a
unique set of data in a format defined by the type field. Extended communities provide
a larger range for grouping or categorizing communities.
The BGP extended communities attribute format has three fields:

type:administrator:assigned-number. The routing device expects you to use the words
target or origin to represent the type field. The administrator field uses a decimal number
for the AS or an IPv4 address, while the assigned number field expects a decimal number
no larger than the size of the field (65,535 for 2 octets or 4,294,967,295 for 4 octets).
When specifying community IDs for standard and extended community attributes, you
can use UNIX-style regular expressions. The only exception is for VPN import policies

IS-IS Feature Guide
(vrf-import), which do not support regular expressions for the extended communities
attribute.
Regular BGP communities attributes are a variable length attribute consisting of a set
of one or more 4-byte values that was split into 16 bit values. The most significant word
is interpreted as an AS number and least significant word is a locally defined value
assigned by the operator of the AS. Since the adoption of 4-byte ASNs, the 4-byte BGP
regular community and 6-byte BGP extended community can no longer support BGP
community attributes. Operators often encode AS number in the local portion of the BGP
community that means that sometimes the format of the community is ASN:ASN. With
the 4-byte ASN , you need 8-bytes to encode it. Although BGP extended community
permits a 4-byte AS to be encoded as the global administrator filed, the local
administrator field has only 2-byte of available space. Thus, 6-byte extended community
attribute is also unsuitable. To overcome this, Junos OS allows you to configure optional
transitive path attribute - a 12-byte BGP large community that provides the most
significant 4-byte value to encode autonomous system number as the global administrator
and the remaining two 4-byte assigned numbers to encode the local values as defined
in RFC 8092. You can configure BGP large community at the [edit policy-options
community community-name members] and [edit routing-options static route ip-address
community] hierarchy levels. The BGP large community attributes format has four fields:
large:global administrator:assigned number:assigned number.
NOTE: The length of the BGP large communities attribute value should be
a non-zero multiple of 12.
Related • Understanding How to Define BGP Communities and Extended Communities

Documentation
• How BGP Communities and Extended Communities Are Evaluated in Routing Policy
Match Conditions
• Example: Configuring a Routing Policy That Removes BGP Communities
• Example: Configuring Communities in a Routing Policy
• Example: Configuring Extended Communities in a Routing Policy

Example: Configuring a Routing Policy to Redistribute BGP Routes with a Specific

Community Tag into IS-IS
This example defines a policy that takes BGP routes from the Edu community and places
them into IS-IS with a metric of 63.



Requirements
example.
Overview
Figure 11: Redistributing BGP Routes with a Specific Community Tag into IS-IS
AS 1
IS-IS
A D
.5 .14
10.0.0.4/30 IBGP 10.0.0.12/30 AS 2
fe-1/2/0 .6 .13 fe-1/2/1
.9 10.0.0.8/30 .10 .25 10.0.0.24/30 .26
B C E
fe-1/2/1 IBGP fe-1/2/0 fe-1/2/2 EBGP
10.2/16
10.3/16
g041311
In this example, Device A, Device B, Device C, and Device D are in autonomous system
(AS) 1 and are running IS-IS. All of the AS 1 devices, except Device D, are running internal
BGP (IBGP).
Device E is in AS 2 and has an external BGP (EBGP) peering session with Device C. Device
E has two static routes, 10.2.0.0/16 and 10.3.0.0/16. These routes are tagged with the
Edu 2:5 community attribute and are advertised by way of EBGP to Device C.
Device C accepts the BGP routes that are tagged with the Edu 2:5 community attribute,
redistributes the routes into IS-IS, and applies an IS-IS metric of 63 to these routes.
steps on Device C and Device E.
Configuration
level.
Device A set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.5/30


IS-IS Feature Guide

set protocols bgp group int type internal
set protocols bgp group int local-address 192.168.0.1
set protocols bgp group int neighbor 192.168.0.2
set routing-options router-id 192.168.0.1
set routing-options autonomous-system 1
Device B set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.6/30

Device C set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.10/30

set protocols bgp group external-peers type external
set protocols bgp group external-peers export send-isis-and-direct
set protocols bgp group external-peers peer-as 2
set protocols bgp group external-peers neighbor 10.0.0.26
set protocols isis export Edu-to-isis
set protocols isis interface fe-1/2/2.0 level 2 passive
set policy-options policy-statement Edu-to-isis term 1 from protocol bgp
set policy-options policy-statement Edu-to-isis term 1 from community Edu
set policy-options policy-statement Edu-to-isis term 1 then metric 63

set policy-options policy-statement Edu-to-isis term 1 then accept

set policy-options policy-statement send-isis-and-direct term 1 from protocol isis
set policy-options policy-statement send-isis-and-direct term 1 from protocol direct
set policy-options policy-statement send-isis-and-direct term 1 from route-filter
10.0.0.0/16 orlonger
set policy-options policy-statement send-isis-and-direct term 1 from route-filter
192.168.0.0/16 orlonger
set policy-options policy-statement send-isis-and-direct term 1 then accept
set policy-options community Edu members 2:5
Device D set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.14/30

Device E set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.26/30

set interfaces lo0 unit 7 family inet address 192.168.0.5/32 primary
set protocols bgp group external-peers export statics
set policy-options policy-statement statics from protocol static
set policy-options policy-statement statics then community add Edu
set policy-options policy-statement statics then accept
set policy-options community Edu members 2:5
set routing-options static route 10.2.0.0/16 reject
set routing-options static route 10.2.0.0/16 install
To configure Device E:
[edit interfaces]
user@E# set fe-1/2/0 unit 0 family inet address 10.0.0.26/30

IS-IS Feature Guide
user@E# set lo0 unit 7 family inet address 192.168.0.5/32 primary

user@E# set lo0 unit 7 family inet address 10.2.0.1/32
2. Configure the statics policy, which adds the Edu community attribute to the static
routes.
user@E# set policy-statement statics from protocol static
user@E# set policy-statement statics then community add Edu
user@E# set policy-statement statics then accept
user@E# set community Edu members 2:5
3. Configure EBGP and apply the statics policy.
[edit protocols bgp group external-peers]

user@E# set type external
user@E# set export statics
user@E# set peer-as 1
user@E# set protocols bgp group external-peers neighbor 10.0.0.25
4. Configure the static routes.

user@E# set route 10.2.0.0/16 reject
user@E# set route 10.2.0.0/16 install
user@E# set route 10.3.0.0/16 reject
user@E# set route 10.3.0.0/16 install
5. Configure the router ID and the AS number.
user@E# set router-id 192.168.0.5
user@E# set autonomous-system 2
To configure Device C:
[edit interfaces]
user@C# set fe-1/2/0 unit 0 family inet address 10.0.0.10/30
user@C# set fe-1/2/0 unit 0 family iso


user@C# set lo0 unit 0 family inet address 192.168.0.3/32
user@C# set lo0 unit 0 family iso address 49.0002.0192.0168.0003.00
2. Configure IBGP.
[edit protocols bgp group int]

user@C# set type internal
user@C# set local-address 192.168.0.3
user@C# set neighbor 192.168.0.1
3. Configure the Edu-to-isis policy, which redistributes the Edu-tagged BGP routes
learned from Device E and applies a metric of 63.
user@C# set policy-statement Edu-to-isis term 1 from protocol bgp
user@C# set policy-statement Edu-to-isis term 1 from community Edu
user@C# set policy-statement Edu-to-isis term 1 then metric 63
user@C# set policy-statement Edu-to-isis term 1 then accept
user@C# set community Edu members 2:5
4. Enable IS-IS on the interfaces, and apply the Edu-to-isis policy.

user@C# set export Edu-to-isis
user@C# set interface fe-1/2/0.0 level 1 disable
user@C# set interface fe-1/2/2.0 level 2 passive
user@C# set interface lo0.0
5. Configure the send-isis-and-direct policy, which redistributes routes to Device E,

through EBGP.
Without this policy, Device E would not have connectivity to the networks in AS 1.
[edit policy-options policy-statement send-isis-and-direct term 1]

user@C# set from protocol isis
user@C# set from protocol direct
user@C# set from route-filter 10.0.0.0/16 orlonger
user@C# set from route-filter 192.168.0.0/16 orlonger
user@C# set then accept
6. Configure EBGP and apply the send-isis-and-direct policy.
[edit protocols bgp group external-peers]

user@C# set type external

IS-IS Feature Guide
user@C# set export send-isis-and-direct

user@C# set peer-as 2
7. Configure the router ID and the autonomous system (AS) number.
user@C# set router-id 192.168.0.3
user@C# set autonomous-system 1
Device E user@E# show interfaces

fe-1/2/0 {
unit 0 {
family inet {
address 10.0.0.26/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.5/32 {
primary;
}
address 10.2.0.1/32;
address 10.3.0.1/32;
}
}
}
user@E# show protocols

bgp {
group external-peers {
type external;
export statics;
peer-as 1;
neighbor 10.0.0.25;
}
}
user@E# show policy-options

policy-statement statics {
from protocol static;
then {

community add Edu;

accept;
}
}
community Edu members 2:5;
user@E# show routing-options

static {
route 10.2.0.0/16 {
reject;
install;
}
route 10.3.0.0/16 {
reject;
install;
}
}
router-id 192.168.0.5;
autonomous-system 2;
Device C user@C# show interfaces

fe-1/2/0 {
unit 0 {
family inet {
address 10.0.0.10/30;
}
family iso;
}
}
fe-1/2/1 {
unit 0 {
family inet {
address 10.0.0.13/30;
}
family iso;
}
}
fe-1/2/2 {
unit 0 {
family inet {
address 10.0.0.25/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.3/32;
}
family iso {
address 49.0002.0192.0168.0003.00;
}

IS-IS Feature Guide
}
}
user@C# show protocols

bgp {
group int {
type internal;
local-address 192.168.0.3;
neighbor 192.168.0.1;
neighbor 192.168.0.2;
}
group external-peers {
type external;
export send-isis-and-direct;
peer-as 2;
neighbor 10.0.0.26;
}
}
isis {
export Edu-to-isis;
level 1 disable;
}
level 1 disable;
}
level 1 disable;
level 2 passive;
}
interface lo0.0;
}
user@C# show policy-options

policy-statement Edu-to-isis {
term 1 {
from {
protocol bgp;
community Edu;
}
then {
metric 63;
accept;
}
}
}
policy-statement send-isis-and-direct {
term 1 {
from {
protocol [ isis direct ];
}

then accept;
}
}
community Edu members 2:5;
user@C# show routing-options

router-id 192.168.0.3;
Verification
Verifying the IS-IS Neighbor
Purpose Verify that the BGP routes from Device E are communicated on the IS-IS network in AS
1.
Action From operational mode, enter the show route protocol isis command.
user@D> show route protocol isis

10.0.0.4/30 *[IS-IS/18] 22:30:53, metric 30

> to 10.0.0.13 via fe-1/2/0.0
10.0.0.8/30 *[IS-IS/18] 22:30:53, metric 20
> to 10.0.0.13 via fe-1/2/0.0
10.0.0.24/30 *[IS-IS/18] 03:31:21, metric 20
> to 10.0.0.13 via fe-1/2/0.0
10.2.0.0/16 *[IS-IS/165] 02:36:31, metric 73
> to 10.0.0.13 via fe-1/2/0.0
10.3.0.0/16 *[IS-IS/165] 02:36:31, metric 73
> to 10.0.0.13 via fe-1/2/0.0
192.168.0.1/32 *[IS-IS/18] 03:40:28, metric 30
> to 10.0.0.13 via fe-1/2/0.0
192.168.0.2/32 *[IS-IS/18] 22:30:53, metric 20
> to 10.0.0.13 via fe-1/2/0.0
192.168.0.3/32 *[IS-IS/18] 22:30:53, metric 10
> to 10.0.0.13 via fe-1/2/0.0
Meaning As expected, the 10.2.0.0/16 and 10.3.0.0/16 routes are in Device D’s routing table as
IS-IS external routes with a metric of 73. If Device C had not added 63 to the metric,
Device D would have a metric of 10 for these routes.

IS-IS Feature Guide
Related • Advertising LSPs into IGPs

Documentation
IS-IS Extensions to Support Route Tagging
To control the transmission of routes into IS-IS, or to control transmission of IS-IS routes
between different IS-IS levels, you can tag routes with certain attributes. IS-IS routes
can carry these attributes, which the routing policies can use to export and import routes
between different IS-IS levels. A sub-TLV to the IP prefix TLV is used to carry the tag or
attribute on the routes.
NOTE: Route tagging does not work when IS-IS traffic engineering is disabled.
protocols {
isis {
export tag-lo0;
}
}
policy-options {
policy-statement tag-lo0 {
from {
interface lo0.0;
}
then {
accept;
tag 200;
}
}
}
You can verify that the tag has been correctly applied by using the show isis database
extensive command. In the command output, look for the Administrative tag field.
After verifying that the routes are tagged correctly, you can apply a route leaking policy
to match against the presence of administrative tags, rather than specifying a list of route
filters.
protocols {
isis {
export leak-tagged-L2-to-L1;
}
}
policy-options {
policy-statement leak-tagged-L2-to-L1 {
from {
tag 200;
protocol isis;
level 2;
}
to {

protocol isis;
level 1;
}
then accept;
}
}
Related • Example: Configuring IS-IS Route Leaking from a Level 2 Area to a Level 1 Area on
Example: Configuring a Routing Policy to Prioritize IS-IS Routes
In a network with a large number of IS-IS routes, it can be useful to control the order in
which routes are updated in response to a network topology change. This example shows
how to define a routing policy to prioritize some IS-IS routes over others. In the event of
an IS-IS topology change, high priority prefixes are updated in the routing table first,
followed by medium and then low priority prefixes. Internet Service Providers (ISP) can
use this feature to ensure faster convergence for important customers.

Requirements
example.
• Three routers that can be a combination of M Series, MX Series, or T Series routers
• Junos OS Release 17.1 or later on the device
Overview
Beginning with Junos OS Release 17.1, you can prioritize or reject IS-IS routes that are
installed in the routing table. Use the reject policy option to reject routes from a specific
prefix or routes marked with a particular tag.
You can prioritize IS-IS routes for better convergence and to provide differentiated services.
In a network with a large number of IGP prefixes with BGP Layer 3 VPN or label-based
psuedowire service established on top of some IGP prefixes, it is important to control the
order in which routes get updated in the forwarding table. You can configure an import
policy and use a route tag or filter the routes based on their prefix before setting a priority
of high, medium, or low as per your network requirements. The IS-IS protocol downloads
routes to the rpd routing table based on the configured priority. If you do not configure
an import policy, all routes are set to a medium priority by default.

IS-IS Feature Guide
An IS-IS import policy can be used to set priority or to filter IS-IS external routes based
on the following criteria:
Prefix—Use route-filter policy option to filter known prefixes.
Route Tag—Use tag policy option to assign a specific priority for prefixes that contain a
particular tag.
NOTE: If an IS-IS import policy is applied that results in a reject terminating

action for a non-external route, then the reject action is ignored and the route
is accepted anyway. By default, such a route is now installed in the routing
table with a priority of low. This behavior prevents traffic black holes, that is,
silently discarded traffic, by ensuring consistent routing. However, you can
use the the reject policy option to reject routes based on the prefix or the
configured tag.
CAUTION: You might see an increase in micro loop traffic as order of route
download changes.
In Figure 12 on page 116, Router R1 is connected to Router R3 via Router R2. We need to
set a high priority to a route to Router R3 to ensure quicker convergence. An import routing
policy is configured on Router R1, which sets a high priority to routes connecting to Router
R3. Routes matching 203.0.113.3/32 are installed first because they have a priority of
high. LDP imports routes and their configure priority from IS-IS. This route is restored first
in the event of a network topology change.
Figure 12: Example: Configuring a Routing Policy to prioritize IS-IS Routes
AS 64496
ge-1/0/1 ge-0/0/1 ge-0/0/7 ge-2/0/3
192.0.2.1/24 192.0.2.2/24 198.0.2.1/24 198.0.2.2/24
ge-5/0/9 ge-1/0/5 ge-1/1/0 ge-3/0/3

R1 192.0.10.1/24 192.0.10.2/24 R2 198.0.11.1/24 198.0.11.2/24 R3
lo0:
R1 203.0.113.1
g043570
R2
203.0.113.2
Configuration
configuration, copy and paste the commands into the CLI at the [edit] hierarchy level,
and then enter commit from configuration mode.
Router R1 set interfaces ge-1/0/1 unit 0 description R1->R2


set interfaces ge-1/0/1 unit 0 family inet6 address 2001:db8:1:2::1/64

set interfaces ge-5/0/9 unit 0 description R1->R2
set interfaces lo0 unit 0 family inet6 address 2001:db8:1:1::1/128
set protocols mpls ipv6-tunneling
set protocols mpls interface ge-5/0/9.0
set protocols isis level 1 disable
set protocols isis interface lo0.0 passive
set protocols ldp interface ge-1/0/1.0
set protocols ldp interface lo0.0
set policy-options policy-statement test_rf term t1 from route-filter 203.0.113.3/32 exact
set policy-options policy-statement test_rf term t1 then priority high
set protocols isis import test_rf

set interfaces ge-1/1/0 unit 0 family inet6 address 2001:db8:::1::1/64

IS-IS Feature Guide


set interfaces ge-3/0/10unit 0 description R3->R4
set interfaces ge-3/0/0 unit 0 family inet6 address 2001:db8::1:1::2/64
set protocols mpls ipv6-tunneling
set policy-options policy-statement add_tag term t1 from route-filter 203.0.113.3/32 exact
set policy-options policy-statement add_tag term t1 then tag 18
set protocols isis export add_tag

Configuring Router R1
To configure Router R1:
NOTE: Repeat this procedure for other routers after modifying the appropriate
interface names, addresses, and other parameters.
1. Configure the interfaces with IPv4 and IPv6 addresses.
[edit interfaces]
user@R1# set ge-1/0/1 unit 0 description R1->R2
user@R1# set ge-1/0/1 unit 0 family inet6 address 2001:db8:1:2::1/64

2. Configure the loopback address.
[edit interfaces]
user@R1# set lo0 unit 0 family inet6 address 2001:db8:1:1::1/128
user@R1# set lo0 unit 0 family mpls
3. Configure MPLS.
[edit protocols]
user@R1# set mpls ipv6-tunneling
user@R1# set mpls interface ge-5/0/9.0
user@R1# set mpls interface ge-1/0/1.0
4. Enable IS-IS protocol on the interfaces.
[edit protocols]
user@R1# set isis level 1 disable
user@R1# set isis interface ge-1/0/1.0

IS-IS Feature Guide
user@R1# set isis interface lo0.0 passive

user@R1# set isis import test_rf
5. Configure LDP protocol on the interfaces.
[edit protocols]
user@R1# set ldp interface ge-1/0/1.0
user@R1# set ldp interface ge-5/0/9.0
user@R1# set ldp interface lo0.0
6. Define a policy to prioritize IS-IS routes to Router R3. .
user@R1# set policy-statement test_rf term t1 from route-filter 203.0.113.3/32 exact
user@R1# set policy-statement test_rf term t1 then priority high
7. Configure the router ID and autonomous system (AS) number.
[edit routing--options]
user@R1# set routing-options router-id 203.0.113.1
user@R1# set routing-options autonomous-system 64496
Results
show protocols, show policy-options and show routing-options commands. If the
output does not display the intended configuration, repeat the instructions in this example
to correct the configuration.
[edit]
user@R1> show interfaces
ge-1/0/1 {
unit 0 {
family inet {
address 192.0.2.1/24;
}
family iso;
family inet6 {
address 2001:db8:1:2::1/64;
}
family mpls;
}
}
ge-5/0/9 {
unit 0 {
family inet {
address 192.0.2.1/24;
}
family iso;

family inet6 {
address 2001:db8:1:1::1/64;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 203.0.113.1/32;
}
family iso {
address 49.0002.0103.0000.0010.00;
}
family inet6 {
address 2001:db8:1:1::1/128;
}
family mpls;
}
}
[edit]
user@R1> show protocols
mpls {
ipv6-tunneling;
}
isis {
import test_rf;
level 1 disable;
interface lo0.0 {
passive;
}
}
ldp {
interface lo0.0;
}
[edit]
user@R1> show routing-options
router-id 203.0.113.1;
user@R1> sshow configuration policy-options

policy-statement test_rf {
term t1 {
from {

IS-IS Feature Guide
}
then priority high;
}
}
Verification
• Verifying the Priority for LDP Routes on page 122

• Verifying the Priority of IS-IS Routes on page 124
Verifying the Priority for LDP Routes
Purpose Verify that LDP has inherits route 203.0.113.3 from IS-IS protocol.

Action From operational mode, run the show route extensive command on Router R1.
user@R1> show route 203.0.113.3 extensive
203.0.113.3/32 (1 entry, 1 announced)

State: <FlashAll>
TSI:
KRT in-kernel 203.0.113.3/32 -> {16.1.2.2}
*IS-IS Preference: 18
Level: 2
Next hop type: Router, Next hop index: 0
Address: 0x4a1f43c
Next-hop reference count: 4
Next hop: 16.1.2.2 via ge-1/0/1.0, selected
Session Id: 0x0
Next hop: 16.1.1.2 via ge-5/0/9.0
Session Id: 0x0
State: <Active Int HighPriority>
Local AS: 64496
Age: 59 Metric: 20
Validation State: unverified
ORR Generation-ID: 0
Tag: 18
Task: IS-IS
Announcement bits (2): 0-KRT 4-LDP
AS path: I
203.0.113.3/32 (1 entry, 1 announced)

State: <FlashAll>
*LDP Preference: 9
Address: 0x4a1e55c
Label operation: Push 299776
Label TTL action: prop-ttl
Load balance label: Label 299776: None;
Label element ptr: 0x4b99100
Label parent element ptr: 0x0
Label element references: 2
Label element child references: 0
Label element lsp id: 0
Session Id: 0x0
Next hop: 16.1.1.2 via ge-5/0/9.0
Label element ptr: 0x4b99100
Session Id: 0x0
State:<Active Int HighPriority>
Local AS: 64496

IS-IS Feature Guide
Age: 59 Metric: 1
Task: LDP
Announcement bits (1): 2-Resolve tree 1
AS path: I
Secondary Tables: inet6.3
Meaning The output shows that LDP inherits the route 203.0.113.3, with priority high from IS-IS.
Verifying the Priority of IS-IS Routes
Purpose Verify that the priority is set for route 203.0.113.3 in IS-IS.
Action user@R1> show isis route download-priority

IPv4/IPv6 Routes
----------------
Prefix L Version Metric Type Interface NH Via
Backup Score
203.0.113.3/32 2 122 20 int ge-1/0/1.0 IPV4 R2
ge-5/0/9.0 IPV4 R2
203.0.113.2/32 2 122 10 int ge-1/0/1.0 IPV4 R2
ge-5/0/9.0 IPV4 R2
198.1.1.0/24 2 122 20 int ge-1/0/1.0 IPV4 R2
ge-5/0/9.0 IPV4 R2
198.1.2.0/24 2 122 20 int ge-1/0/1.0 IPV4 R2
ge-5/0/9.0 IPV4 R2
2001:db8:2:2::1/128 2 122 10 int ge-1/0/1.0 IPV6 R2
ge-5/0/9.0 IPV6 R2
2001:db8:3:3::3/128 2 122 20 int ge-1/0/1.0 IPV6 R2
ge-5/0/9.0 IPV6 R2
2001:db8:1:1::/64 2 122 20 int ge-1/0/1.0 IPV6 R2
ge-5/0/9.0 IPV6 R2
2001:db8:1:2::/64 2 122 20 int ge-1/0/1.0 IPV6 R2
ge-5/0/9.0 IPV6 R2
Meaning The routes are displayed in the order of the set priorities. Route 203.0.113.3, which is set
with high priority is displayed at the very top followed by routes with medium or low
priority.
Related • import (Protocols IS-IS) on page 493

Documentation
• show isis route download priority on page 704
• show isis route on page 699

Configuring Overloading of Stub Networks
Starting in Junos OS Release 18.3R1, new configuration options external-prefixes and

internal-prefixes are available at the [edit protocols isis overload] hierarchy level to control
overload of internal prefixes, external prefixes or both internal and external prefixes as
per network requirement. The user can choose not to receive any traffic for internal and
external prefixes advertised by the overloaded IS-IS routers unless the router is the only
node in the network which hosts the prefix. In previous Junos OS releases, overloaded
IS-IS routers continued to receive traffic for prefixes even if the user did not want to
receive traffic for directly connected prefixes.
Related •
Documentation

IS-IS Feature Guide

CHAPTER 5
Configuring IS-IS Bidirectional Forwarding

Detection
• Understanding BFD for IS-IS on page 127

• Example: Configuring BFD for IS-IS on page 129
• Understanding BFD Authentication for IS-IS on page 136
• Configuring BFD Authentication for IS-IS on page 138
• Example: Configuring BFD Authentication for IS-IS on page 141
Understanding BFD for IS-IS
The Bidirectional Forwarding Detection (BFD) protocol is a simple hello mechanism that
detects failures in a network. Hello packets are sent at a specified, regular interval. A
neighbor failure is detected when the routing device stops receiving a reply after a specified
interval. BFD works with a wide variety of network environments and topologies. The
failure detection timers for BFD have shorter time limits than the failure detection
mechanisms of IS-IS, providing faster detection.
The BFD failure detection timers are adaptive and can be adjusted to be faster or slower.
For example, the timers can adapt to a higher value if the adjacency fails, or a neighbor
can negotiate a higher value for a timer than the configured value. The timers adapt to
a higher value when a BFD session flap occurs more than three times in a span of 15
seconds. A back-off algorithm increases the receive (RX) interval by two if the local BFD
instance is the reason for the session flap. The transmission (TX) interval is increased by
two if the remote BFD instance is the reason for the session flap.
You can use the clear bfd adaptation command to return BFD interval timers to their
configured values. The clear bfd adaptation command is hitless, meaning that the
command does not affect traffic flow on the routing device.

IS-IS Feature Guide
NOTE: Starting with Junos OS Release 16.1R1, you can configure IS-IS BFD
sessions for IPv6 by including the bfd-liveness-detection statement at the
[edit protocols isis interface interface-name family inet|inet6] hierarchy level.
• For interfaces that support both IPv4 and IPv6 routing, the
bfd-liveness-detection statement must be configured separately for each
inet family.
• BFD over IPv6 link local address is currently not distributed because IS-IS
uses link local addresses for forming adjacencies.
• BFD sessions over IPv6 must not have the same aggressive detection
intervals as IPv4 sessions.
• BFD IPv6 sessions with detection intervals less than 2.5 seconds are
currently not supported when nonstop active routing (NSR) is enabled.
To detect failures in the network, the set of statements in Table 3 on page 128 are used
in the configuration.
Table 3: Configuring BFD for IS-IS
Statement Description
bfd-liveness-detection Enable failure detection.
minimum-interval Specify the minimum transmit and receive intervals for failure detection.
milliseconds
This value represents the minimum interval at which the local router transmits hellos packets as
well as the minimum interval at which the router expects to receive a reply from a neighbor with
which it has established a BFD session. You can configure a number from 1 through
255,000 milliseconds. You can also specify the minimum transmit and receive intervals separately.
NOTE: BFD is an intensive protocol that consumes system resources. Specifying a minimum interval
for BFD less than 100 ms for Routing Engine-based sessions and 10 ms for distributed BFD sessions
can cause undesired BFD flapping.
Depending on your network environment, these additional recommendations might apply:
• For large-scale network deployments with a large number of BFD sessions, specify a minimum
interval of 300 ms for Routing Engine-based sessions and 100 ms for distributed BFD sessions.
• For very large-scale network deployments with a large number of BFD sessions, please contact
Juniper Networks customer support for more information.
• For BFD sessions to remain up during a Routing Engine switchover event when nonstop active
routing (NSR) is configured, specify a minimum interval of 2500 ms for Routing Engine-based
sessions. For distributed BFD sessions with nonstop active routing configured, the minimum
interval recommendations are unchanged and depend only on your network deployment.
minimum-receive-interval Specify only the minimum receive interval for failure detection.
milliseconds
This value represents the minimum interval at which the local router expects to receive a reply
from a neighbor with which it has established a BFD session. You can configure a number from 1
through 255,000 milliseconds.

Chapter 5: Configuring IS-IS Bidirectional Forwarding Detection
Table 3: Configuring BFD for IS-IS (continued)
multiplier number Specify the number of hello packets not received by the neighbor that causes the originating
interface to be declared down.
The default is 3, and you can configure a value from 1 through 225.
no-adaptation Disable BFD adaptation.
In Junos OS Release 9.0 and later, you can specify that the BFD sessions not adapt to changing
network conditions.
NOTE: We recommend that you not disable BFD adaptation unless it is preferable not to have
BFD adaptation enabled in your network.
threshold Specify the threshold for the following:
• Adaptation of the detection time

When the BFD session detection time adapts to a value equal to or greater than the threshold,
a single trap and a system log message are sent.
• Transmit interval
NOTE: The threshold value must be greater than the minimum transmit interval multiplied by the
multiplier number.
transmit-interval Specify the minimum transmit interval for failure detection.

minimum-interval
This value represents the minimum interval at which the local routing device transmits hello packets
to the neighbor with which it has established a BFD session. You can configure a value from 1
through 255,000 milliseconds.
version Specify the BFD version used for detection.
The default is to have the version detected automatically.
NOTE: You can trace BFD operations by including the traceoptions statement
at the [edit protocols bfd] hierarchy level.
Related • Example: Configuring BFD for IS-IS on page 129

Documentation
Example: Configuring BFD for IS-IS
This example describes how to configure the Bidirectional Forwarding Detection (BFD)
protocol to detect failures in an IS-IS network.

IS-IS Feature Guide
NOTE: BFD is not supported with ISIS for IPV6 on QFX10000 series switches.

Requirements
page 14 for information about the required IS-IS configuration.
• Junos OS Release 7.3 or later
• M Series, MX Series, and T Series routers
Overview
This example shows two routers connected to each other. A loopback interface is
configured on each router. IS-IS and BFD protocols are configured on both routers.
Figure 13 on page 130 shows the sample network.
Figure 13: Configuring BFD for IS-IS
Configuration
level.
Router R1
set protocols isis interface so-0/0/0 bfd-liveness-detection detection-time threshold 5

set protocols isis interface so-0/0/0 bfd-liveness-detection minimum-interval 2
set protocols isis interface so-0/0/0 bfd-liveness-detection minimum-receive-interval 1
set protocols isis interface so-0/0/0 bfd-liveness-detection no-adaptation
set protocols isis interface so-0/0/0 bfd-liveness-detection transmit-interval threshold 3
set protocols isis interface so-0/0/0 bfd-liveness-detection transmit-interval
minimum-interval 1
set protocols isis interface so-0/0/0 bfd-liveness-detection multiplier 2
set protocols isis interface so-0/0/0 bfd-liveness-detection version automatic

Router R2
set protocols isis interface so-0/0/0 bfd-liveness-detection detection-time threshold 6

set protocols isis interface so-0/0/0 bfd-liveness-detection minimum-interval 3
set protocols isis interface so-0/0/0 bfd-liveness-detection minimum-receive-interval 1
set protocols isis interface so-0/0/0 bfd-liveness-detection no-adaptation
set protocols isis interface so-0/0/0 bfd-liveness-detection transmit-interval threshold 4
set protocols isis interface so-0/0/0 bfd-liveness-detection transmit-interval
minimum-interval 1
set protocols isis interface so-0/0/0 bfd-liveness-detection multiplier 2
set protocols isis interface so-0/0/0 bfd-liveness-detection version automatic
Mode.
NOTE: To simply configure BFD for IS-IS, only the minimum-interval statement
is required. The BFD protocol selects default parameters for all the other
configuration statements when you use the bfd-liveness-detection statement
without specifying any parameters.
NOTE: You can change parameters at any time without stopping or restarting
the existing session. BFD automatically adjusts to the new parameter value.
However, no changes to BFD parameters take place until the values
resynchronize with each BFD peer.
To configure BFD for IS-IS on Routers R1 and R2:
1. Enable BFD failure detection for IS-IS.

user@R1# set interface so-0/0/0 bfd-liveness-detection

user@R2# set interface so-0/0/0 bfd-liveness-detection
2. Configure the threshold for the adaptation of the detection time, which must be
greater than the multiplier number multiplied by the minimum interval.
[edit protocols isis interface so-0/0/0 bfd-liveness-detection]

user@R1# set detection-time threshold 5

user@R2# set detection-time threshold 6

IS-IS Feature Guide
3. Configure the minimum transmit and receive intervals for failure detection.

user@R1# set minimum-interval 2

4. Configure only the minimum receive interval for failure detection.

user@R1# set minimum-receive-interval 1

user@R2# set minimum-receive-interval 1
5. Disable BFD adaptation.

user@R1# set no-adaptation

user@R2# set no-adaptation
6. Configure the threshold for the transmit interval, which must be greater than the
minimum transmit interval.

user@R1# set transmit-interval threshold 3

user@R2# set transmit-interval threshold 4
7. Configure the minimum transmit interval for failure detection.

user@R1# set transmit-interval minimum-interval 1

user@R2# set transmit-interval minimum-interval 1
8. Configure the multiplier number, which is the number of hello packets not received
by the neighbor that causes the originating interface to be declared down.

user@R1# set multiplier 2


user@R2# set multiplier 2
9. Configure the BFD version used for detection.
The default is to have the version detected automatically.

user@R1# set version automatic

user@R2# set version automatic
Results
From configuration mode, confirm your configuration by issuing the show protocols isis
interface command. If the output does not display the intended configuration, repeat the
user@R1# show protocols isis interface so-0/0/0
bfd-liveness-detection {
version automatic;
minimum-interval 2;
minimum-receive-interval 1;
multiplier 2;
no-adaptation;
transmit-interval {
minimum-interval 1;
threshold 3;
}
detection-time {
threshold 5;
}
}
...
user@R2# show protocols isis interface so-0/0/0
version automatic;
minimum-interval 3;
minimum-receive-interval 1;
multiplier 2;
no-adaptation;
transmit-interval {
minimum-interval 1;
threshold 4;
}
detection-time {
threshold 6;
}

IS-IS Feature Guide
}
...
Verification
• Verifying the Connection Between Routers R1 and R2 on page 134

• Verifying That IS-IS Is Configured on page 134
• Verifying That BFD Is configured on page 135
Verifying the Connection Between Routers R1 and R2
Purpose Make sure that Routers R1 and R2 are connected to each other.
Action Ping the other router to check the connectivity between the two routers as per the network
topology.
user@R1> ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes

^C
--- 10.0.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.291/1.440/1.662/0.160 ms
PING 10.0.0.1 (10.0.0.1): 56 data bytes

^C
Meaning Routers R1 and R2 are connected to each other.
Verifying That IS-IS Is Configured
Purpose Make sure that the IS-IS instance is running on both routers.

Action Use the show isis database statement to check if the IS-IS instance is running on both
routers, R1 and R2.
user@R1> show isis database

LSP ID Sequence Checksum Lifetime Attributes
R1.00-00 0x4a571 0x30c5 1195 L1 L2
R2.00-00 0x4a586 0x4b7e 1195 L1 L2
R2.02-00 0x330ca1 0x3492 1196 L1 L2
3 LSPs

R1.00-00 0x4a856 0x5db0 1194 L1 L2
R2.00-00 0x4a89d 0x149b 1194 L1 L2
R2.02-00 0x1fb2ff 0xd302 1194 L1 L2
3 LSPs

R1.00-00 0x4b707 0xcc80 1195 L1 L2
R2.00-00 0x4b71b 0xeb37 1198 L1 L2
R2.02-00 0x33c2ce 0xb52d 1198 L1 L2
3 LSPs

R1.00-00 0x4b9f2 0xee70 1192 L1 L2
R2.00-00 0x4ba41 0x9862 1197 L1 L2
R2.02-00 0x3 0x6242 1198 L1 L2
3 LSPs
Meaning IS-IS is configured on both routers, R1 and R2.
Verifying That BFD Is configured
Purpose Make sure that the BFD instance is running on both routers, R1 and R2.
Action Use the show bfd session detail statement to check if BFD instance is running on the
routers.
user@R1> show bfd session detail
Detect Transmit
Address State Interface Time Interval Multiplier
10.0.0.2 Up so-0/0/0 2.000 1.000 2
Client ISIS R2, TX interval 0.001, RX interval 0.001
Session down time 00:00:00, previous up time 00:00:15
Local diagnostic NbrSignal, remote diagnostic NbrSignal

IS-IS Feature Guide
Remote state AdminDown, version 1

Router 3, routing table index 17
1 sessions, 2 clients
Cumulative transmit rate 1.0 pps, cumulative receive rate 1.0 pps
user@R2> show bfd session detail
Detect Transmit
10.0.0.1 Up so-0/0/0 2.000 1.000 2
Local diagnostic NbrSignal, remote diagnostic NbrSignal
Remote state AdminDown, version 1
Router 2, routing table index 15
Meaning BFD is configured on Routers R1 and R2 for detecting failures in the IS-IS network.
Related • Understanding BFD for IS-IS on page 127

Documentation
Understanding BFD Authentication for IS-IS
Bidirectional Forwarding Detection (BFD) enables rapid detection of communication

failures between adjacent systems. By default, authentication for BFD sessions is disabled.
However, when running BFD over Network Layer protocols, the risk of service attacks can
be significant. We strongly recommend using authentication if you are running BFD over
multiple hops or through insecure tunnels. Beginning with Junos OS Release 9.6, Junos
OS supports authentication for BFD sessions running over IS-IS. BFD authentication is
only supported in the domestic image and is not available in the export image.
You authenticate BFD sessions by specifying an authentication algorithm and keychain,

and then associating that configuration information with a security authentication
keychain using the keychain name.
The following sections describe the supported authentication algorithms, security

keychains, and level of authentication that can be configured:
• BFD Authentication Algorithms on page 137

• Security Authentication Keychains on page 137
• Strict Versus Loose Authentication on page 138

BFD Authentication Algorithms

Junos OS supports the following algorithms for BFD authentication:
• simple-password—Plain-text password. One to 16 bytes of plain text are used to

authenticate the BFD session. One or more passwords might be configured. This method
is the least secure and should be used only when BFD sessions are not subject to packet
interception.
• keyed-md5—Keyed Message Digest 5 hash algorithm for sessions with transmit and
receive intervals greater than 100 ms. To authenticate the BFD session, keyed MD5
uses one or more secret keys (generated by the algorithm) and a sequence number
that is updated periodically. With this method, packets are accepted at the receiving
end of the session if one of the keys matches and the sequence number is greater than
or equal to the last sequence number received. Although more secure than a simple
password, this method is vulnerable to replay attacks. Increasing the rate at which the
sequence number is updated can reduce this risk.
• meticulous-keyed-md5—Meticulous keyed Message Digest 5 hash algorithm. This

method works in the same manner as keyed MD5, but the sequence number is updated
with every packet. Although more secure than keyed MD5 and simple passwords, this
method might take additional time to authenticate the session.
• keyed-sha-1—Keyed Secure Hash Algorithm I for sessions with transmit and receive
intervals greater than 100 ms. To authenticate the BFD session, keyed SHA uses one
or more secret keys (generated by the algorithm) and a sequence number that is
updated periodically. The key is not carried within the packets. With this method,
packets are accepted at the receiving end of the session if one of the keys matches
and the sequence number is greater than the last sequence number received.
• meticulous-keyed-sha-1—Meticulous keyed Secure Hash Algorithm I. This method

works in the same manner as keyed SHA, but the sequence number is updated with
every packet. Although more secure than keyed SHA and simple passwords, this method
might take additional time to authenticate the session.
NOTE: Nonstop active routing (NSR) is not supported with

meticulous-keyed-md5 and meticulous-keyed-sha-1 authentication
algorithms. BFD sessions using these algorithms might go down after a
switchover.
Security Authentication Keychains

The security authentication keychain defines the authentication attributes used for
authentication key updates. When the security authentication keychain is configured and
associated with a protocol through the keychain name, authentication key updates can
occur without interrupting routing and signaling protocols.
The authentication keychain contains one or more keychains. Each keychain contains
one or more keys. Each key holds the secret data and the time at which the key becomes
valid. The algorithm and keychain must be configured on both ends of the BFD session,

IS-IS Feature Guide
and they must match. Any mismatch in configuration prevents the BFD session from
being created.
BFD allows multiple clients per session, and each client can have its own keychain and
algorithm defined. To avoid confusion, we recommend specifying only one security
authentication keychain.
Strict Versus Loose Authentication

By default, strict authentication is enabled and authentication is checked at both ends
of each BFD session. Optionally, to smooth migration from nonauthenticated sessions
to authenticated sessions, you can configure loose checking. When loose checking is
configured, packets are accepted without authentication being checked at each end of
the session. This feature is intended for transitional periods only.
Related • Example: Configuring BFD Authentication for IS-IS on page 141

Documentation
Configuring BFD Authentication for IS-IS
Beginning with Junos OS Release 9.6, you can configure authentication for BFD sessions
running over IS-IS. Routing instances are also supported. Only three steps are needed to
configure authentication on a BFD session:
1. Specify the BFD authentication algorithm for the IS-IS protocol.
2. Associate the authentication keychain with the IS-IS protocol.
3. Configure the related security authentication keychain.
The following sections provide instructions for configuring and viewing BFD authentication
on IS-IS:
• Configuring BFD Authentication Parameters on page 138

• Viewing Authentication Information for BFD Sessions on page 140
Configuring BFD Authentication Parameters

To configure BFD authentication:
1. Specify the algorithm (keyed-md5, keyed-sha-1, meticulous-keyed-md5,

meticulous-keyed-sha-1, or simple-password) to use for BFD authentication on an
IS-IS route or routing instance.
[edit]
user@host# set protocols isis interface if1-isis bfd-liveness-detection authentication
algorithm keyed-sha-1

NOTE: Nonstop active routing (NSR) is not supported with the

meticulous-keyed-md5 and meticulous-keyed-sha-1 authentication
algorithms. BFD sessions using these algorithms might go down after a
switchover.
2. Specify the keychain to be used to associate BFD sessions on the specified IS-IS route
or routing instance with the unique security authentication keychain attributes.
This should match the keychain name configured at the [edit security authentication
key-chains] hierarchy level.
[edit]
user@host# set protocols isis interface if1-isis bfd-liveness-detection authentication
keychain bfd-isis
NOTE: The algorithm and keychain must be configured on both ends of

the BFD session, and they must match. Any mismatch in configuration
prevents the BFD session from being created.
3. Specify the unique security authentication information for BFD sessions:
• The matching keychain name as specified in Step 2.
• At least one key, a unique integer between 0 and 63. Creating multiple keys allows
multiple clients to use the BFD session.
• The secret data used to allow access to the session.
• The time at which the authentication key becomes active, yyyy-mm-dd.hh:mm:ss.
[edit security]
user@host# set authentication-key-chains key-chain bfd-sr4 key 53 secret
$9$ggaJDmPQ6/tJgF/AtREVsyPsnCtUHm start-time 2009-06-14.10:00:00
4. (Optional) Specify loose authentication checking if you are transitioning from

nonauthenticated sessions to authenticated sessions.
[edit]
user@host> set protocols isis interface if1-isis bfd-liveness-detection authentication
loose-check
5. (Optional) View your configuration using the show bfd session detail or show bfd
session extensive command.
6. Repeat these steps to configure the other end of the BFD session.

IS-IS Feature Guide
NOTE: BFD authentication is only supported in the domestic image and is

not available in the export image.
Viewing Authentication Information for BFD Sessions

You can view the existing BFD authentication configuration using the show bfd session
detail and show bfd session extensive commands.
The following example shows BFD authentication configured for the if1-isis interface. It
specifies the keyed SHA-1 authentication algorithm and a keychain name of bfd-isis. The
authentication keychain is configured with two keys. Key 1 contains the secret data
“$9$ggaJDmPQ6/tJgF/AtREVsyPsnCtUHm” and a start time of June 1, 2009, at 9:46:02
AM PST. Key 2 contains the secret data “$9$a5jiKW9l.reP38ny.TszF2/9” and a start time
of June 1, 2009, at 3:29:20 PM PST.

interface if1-isis {
authentication {
algorithm keyed-sha-1;
key-chain bfd-isis;
}
}
}
[edit security]
authentication key-chains {
key-chain bfd-isis {
key 1 {
secret “$9$ggaJDmPQ6/tJgF/AtREVsyPsnCtUHm”;
start-time “2009-6-1.09:46:02 -0700”;
}
key 2 {
secret “$9$a5jiKW9l.reP38ny.TszF2/9”;
start-time “2009-6-1.15:29:20 -0700”;
}
}
}
If you commit these updates to your configuration, you see output similar to the following.
In the output for the show bfd sessions detail command, Authenticate is displayed to
indicate that BFD authentication is configured. For more information about the
configuration, use the show bfd sessions extensive command. The output for this
command provides the keychain name, the authentication algorithm and mode for each
client in the session, and the overall BFD authentication configuration status, keychain
name, and authentication algorithm and mode.
show bfd sessions detail
user@host# show bfd session detail
Detect Transmit


10.9.1.29 Up ge-4/0/0.0 0.600 0.200 3
Client ISIS L2, TX interval 0.200, RX interval 0.200, multiplier 3, Authenticate
Session up time 3d 00:34, previous down time 00:00:01

Local diagnostic NbrSignal, remote diagnostic AdminDown
Remote state Up, version 1
show bfd sessions extensive
user@host# show bfd session extensive

Detect Transmit
10.9.1.29 Up ge-4/0/0.0 0.600 0.200 3
Client ISIS L2, TX interval 0.200, RX interval 0.200, multiplier 3, Authenticate
keychain bfd-isis, algo keyed-sha-1, mode strict

Session up time 00:04:42
Local diagnostic None, remote diagnostic NbrSignal
Replicated
Min async interval 0.300, min slow interval 1.000
Adaptive async TX interval 0.300, RX interval 0.300
Local min TX interval 0.300, minimum RX interval 0.300, multiplier 3
Remote min TX interval 0.300, min RX interval 0.300, multiplier 3
Local discriminator 2, remote discriminator 2
Echo mode disabled/inactive
Authentication enabled/active, keychain bfd-isis, algo keyed-sha-1, mode strict
Related • Understanding BFD Authentication for IS-IS on page 136

Documentation
Example: Configuring BFD Authentication for IS-IS
This example shows how to configure BFD authentication for IS-IS.


IS-IS Feature Guide
Requirements
Overview
In this example, a BFD authentication keychain is configured with meticulous keyed MD5
authentication.
Figure 14: IS-IS BFD Authentication Topology

10.0.0.0/30
.1 .2
R1 R2
lo0:192.168.0.1 lo0:192.168.0.2
g041282
“CLI Quick Configuration” on page 142 shows the configuration for both of the devices in
steps on Device R1.
Configuration
level.
Device R1 set security authentication-key-chains key-chain secret123 description for-isis-bfd

set security authentication-key-chains key-chain secret123 key 1 secret $ABC123
set security authentication-key-chains key-chain secret123 key 1 start-time
"2012-5-31.13:00:00 -0700"
"2013-5-31.13:00:00 -0700"
"2014-5-31.13:00:00 -0700"
set protocols isis interface ge-1/2/0.0 bfd-liveness-detection minimum-interval 100
set protocols isis interface ge-1/2/0.0 bfd-liveness-detection authentication key-chain
secret123
set protocols isis interface ge-1/2/0.0 bfd-liveness-detection authentication algorithm
meticulous-keyed-md5
Device R2 set security authentication-key-chains key-chain secret123 description for-isis-bfd

"2012-5-31.13:00:00 -0700"


"2013-5-31.13:00:00 -0700"
"2014-5-31.13:00:00 -0700"
set protocols isis interface ge-1/2/0.0 bfd-liveness-detection minimum-interval 100
set protocols isis interface ge-1/2/0.0 bfd-liveness-detection authentication key-chain
secret123
set protocols isis interface ge-1/2/0.0 bfd-liveness-detection authentication algorithm
meticulous-keyed-md5
To configure IS-IS BFD authentication:
1. Configure the authentication keychain.
[edit security authentication-key-chains key-chain secret123]

user@R1# set description for-isis-bfd
user@R1# set key 1 secret “$ABC123”
user@R1# set key 1 start-time "2012-5-31.13:00:00 -0700"
2. Enable BFD.
[edit protocols isis interface ge-1/2/0.0 bfd-liveness-detection]

3. Apply the authentication keychain.

user@R1# set authentication key-chain secret123
4. Set the authentication type.

user@R1# set authentication algorithm meticulous-keyed-md5
Results From configuration mode, confirm your configuration by entering the show protocols and
show security commands. If the output does not display the intended configuration,

IS-IS Feature Guide

isis {
minimum-interval 100;
authentication {
key-chain secret123;
algorithm meticulous-keyed-md5;
}
}
}
}
user@R1# show security

authentication-key-chains {
key-chain secret123 {
description for-isis-bfd;
key 1 {
secret “$ABC123”’;
start-time "2012-5-31.13:00:00 -0700";
}
key 2 {
secret “$ABC123”’;
start-time "2013-5-31.13:00:00 -0700";
}
key 3 {
secret “$ABC123”;
start-time "2014-5-31.13:00:00 -0700";
}
}
}
Verification
Verifying IS-IS BFD Authentication
Purpose Verify the status of IS-IS BFD authentication.
Action From operational mode, enter the show bfd session extensive command.
user@R1> show bfd session extensive
Detect Transmit
10.0.0.2 Down ge-1/2/0.0 0.300 1.000 3
Client ISIS L1, TX interval 0.100, RX interval 0.100, Authenticate
keychain secret123, algo meticulous-keyed-md5, mode strict
Client ISIS L2, TX interval 0.100, RX interval 0.100, Authenticate
keychain secret123, algo meticulous-keyed-md5, mode strict

Local diagnostic None, remote diagnostic None

Logical system 2, routing table index 85
Echo mode disabled/inactive, no-absorb, no-refresh
Authentication enabled/active, keychain secret123, algo meticulous-keyed-md5,
mode strict
Session ID: 0x100101
Meaning The output shows that BFD authentication is enabled on IS-IS Level 1 and Level 2.
Related • Configuring BFD Authentication for IS-IS on page 138

Documentation

IS-IS Feature Guide

CHAPTER 6
Configuring IS-IS Flood Groups
• Understanding IS-IS Flood Group on page 147

• Example: Configuring IS-IS Flood Group on page 147
Understanding IS-IS Flood Group
IS-IS supports flood-group. This feature limits link-state packet data unit (PDU) flooding
over IS-IS interfaces.
A link-state packet (LSP) that is not self-originated will be flooded only through the
interface belonging to the flood group that has the configured area ID in the LSP. This
helps minimize the routes and topology information, thus ensuring optimal convergence.
You can segregate both Level 1 and Level 2 IS-IS routers into flood groups by using area
IDs as tags to identify a flood group. Configure interfaces with specific area IDs to modify
the flooding behavior as per your requirements. To enable IS-IS flood group, include the
flood-group flood-group-area-ID statement at the [edit protocols isis interface] hierarchy
level.

Documentation
• Example: Configuring IS-IS Flood Group on page 147
Example: Configuring IS-IS Flood Group
Requirements
• Four MX Series routers.
• Junos OS Release 16.2 or future release.
Before you begin:
1. Configure IS-IS routing protocol on the routers.
2. Configure IS-IS interfaces with specific area IDs to modify the flood behavior as per
your requirements.

IS-IS Feature Guide
Overview
Starting with Junos OS Release 16.2, IS-IS has support for flood-group.
Topology
In this topology, flood-group is configured on router R2.
AREA 49.0001 AREA 49.0002
ge-0/0/1 ge-0/0/1
ge-0/0/0 ge-0/0/0
ge-0/0/8 ge-0/0/8
ge-0/0/2 ge-0/0/2
R1 R2 R3 R4
g043541
Configuration
level.
R1 set interfaces ge-0/0/0 description "Connected To R2"

set protocols isis interface all
set protocols isis interface fxp0.0 disable

set interfaces ge-0/0/2 description "Connected To R3"


Chapter 6: Configuring IS-IS Flood Groups


NOTE: 1. commit after every configuration.
2. Following is the output before configuring flood-group on R2. You will see
the link-state packets (LSPs) of R1, R2, R3 and R4.
From operational mode, run the show isis database command on router R1.
user@R1# run show isis database

R2.00-00 0x3 0xea11 1175 L1 L2
R1.00-00 0x5 0x34f8 1197 L1 L2
R1.02-00 0x2 0 0 L1 L2
3 LSPs

R2.00-00 0x1b 0x2ccc 1175 L1 L2
R3.00-00 0x21 0xb15e 865 L1 L2
R3.02-00 0xb 0xdac3 839 L1 L2
R3.03-00 0xc 0xd1ca 865 L1 L2
R3.04-00 0x8 0x33ff 618 L1 L2
R1.00-00 0xb 0x2cfa 1197 L1 L2
R1.02-00 0x8 0 0 L1 L2
R4.00-00 0xc 0x40c3 621 L1 L2

IS-IS Feature Guide
Flood-group functionality check:
1. Deactivate protocol IS-IS on routers R1 and R2
[edit protocols]
user@R1# deactivate protocols isis
user@R1# commit
[edit protocols]
user@R2# deactivate protocols isis
user@R2# commit
2. Configure flood-group on interface of router R2: set protocol isis interface interface
flood-group flood-group-area-ID
[edit protocols]
user@R2# set protocols isis interface ge-0/0/8.0 flood-group 49.0001
user@R2# commit
3. Activate protocol IS-IS on routers R1 and R2 and wait until the adjacency comes
up.
[edit protocols]
user@R1# activate protocols isis
user@R1# commit
[edit protocols]
user@R2# activate protocols isis
user@R2# commit
Verification
Verifying the IS-IS Database
Purpose Verify IS-IS database.
Action NOTE: Following is the output after configuring flood-group on R2. show isis
database on router R1 will show LSPs from router R1 and router R2 only.
flood-group is applicable to non self-originated LSPs only.
From operational mode, run the show isis database command on router R1.

Chapter 6: Configuring IS-IS Flood Groups
user@R1# run show isis database

R2.00-00 0x2 0x43b9 1123 L1 L2
R1.00-00 0x2 0x8e60 1125 L1 L2
R1.02-00 0x1 0x88e9 1125 L1 L2
3 LSPs

R2.00-00 0x1a 0x7485 1148 L1 L2
R1.00-00 0x9 0xddaf 1150 L1 L2
R1.02-00 0x1 0x88e9 1150 L1 L2
3 LSPs
Related • Understanding IS-IS Flood Group on page 147

Documentation
• show isis database on page 667

IS-IS Feature Guide

CHAPTER 7
Configuring IS-IS Multitopology Routing

and IPv6 Support
• IS-IS Multicast Topologies Overview on page 153

• Example: Configuring IS-IS Multicast Topology on page 155
• Understanding Dual Stacking of IPv4 and IPv6 Unicast Addresses on page 170
• Example: Configuring IS-IS Dual Stacking of IPv4 and IPv6 Unicast Addresses on page 171
• Understanding IS-IS IPv4 and IPv6 Unicast Topologies on page 177
• Example: Configuring IS-IS IPv4 and IPv6 Unicast Topologies on page 178
IS-IS Multicast Topologies Overview
Most multicast routing protocols perform a reverse-path forwarding (RPF) check on the
source of multicast data packets. If a packet comes in on the interface that is used to
send data to the source, the packet is accepted and forwarded to one or more
downstream interfaces. Otherwise, the packet is discarded and a notification is sent to
the multicast routing protocol running on the interface.
In certain instances, the unicast routing table used for the RPF check is also the table
used for forwarding unicast data packets. Thus, unicast and multicast routing are
congruent. In other cases, where it is preferred that multicast routing be independent of
unicast routing, the multicast routing protocols are configured to perform the RPF check
using an alternate unicast routing table inet.2.
You can configure IS-IS to calculate an alternate IPv4 multicast topology, in addition to
the normal IPv4 unicast topology, and add the corresponding routes to inet.2. The IS-IS
interface metrics for the multicast topology can be configured independently of the
unicast metrics. You can also selectively disable interfaces from participating in the
multicast topology while continuing to participate in the regular unicast topology. This
enables you to exercise control over the paths that multicast data takes through a network
so that it is independent of unicast data paths. You can also configure IS-IS to calculate
an alternate IPv6 multicast topology, in addition to the normal IPv6 unicast topology.
NOTE: IS-IS only starts advertising the routes when the interface routes are
in inet.2.

IS-IS Feature Guide
NOTE: For the multicast metric commands, these are interface-specific

settings, not global.
Table 4 on page 154 lists the various IPv4 statements you can use to configure IS-IS
topologies.
Table 4: IPv4 Statements
ipv4-multicast Enables an alternate IPv4 multicast topology.
ipv4-multicast-metric number Configures the multicast metric for an alternate IPv4 multicast topology.
no-ipv4-multicast Excludes an interface from the IPv4 multicast topology.
no-unicast-topology Excludes an interface from the IPv4 unicast topologies.
Table 5 on page 154 lists the various IPv6 statements you can use to configure IS-IS
topologies.
Table 5: IPv6 Statements
ipv6-multicast Enables an alternate IPv6 multicast topology.
ipv6-unicast Enables an alternate IPv6 unicast topology.
ipv6-multicast-metric number Configures the multicast metric for an alternate IPv6 multicast topology.
ipv6-unicast-metric number Configures the unicast metric for an alternate IPv6 multicast topology.
no-ipv6-multicast Excludes an interface from the IPv6 multicast topology.
no-ipv6-unicast Excludes an interface from the IPv6 unicast topologies.
Related • Example: Configuring IS-IS Multicast Topology on page 155

Documentation

Chapter 7: Configuring IS-IS Multitopology Routing and IPv6 Support
Example: Configuring IS-IS Multicast Topology
This example shows how to configure a multicast topology for an IS-IS network.

Requirements
Before you begin, configure IS-IS on all routers. See “Example: Configuring IS-IS” on
• Junos OS Release 7.3 or later
• M Series, MX Series, and T Series routers
Overview
This example shows an IS-IS multicast topology configuration. Three routers are
connected to each other. A loopback interface is configured on each router.
Figure 16: Configuring IS-IS Multicast Topology

IS-IS Feature Guide
Configuration
level.
Router R1
set protocols isis traceoptions file isis size 5m world-readable

set protocols isis traceoptions flag error
set protocols isis topologies ipv4-multicast
set protocols isis interface so-0/0/0 level 1 metric 15
set protocols isis interface so-0/0/0 level 1 ipv4-multicast-metric 18
Router R2

Router R3


The following example requires you to navigate various levels in the configuration
hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration
To configure IS-IS multicast topologies:
1. Enable the multicast topology for IS-IS by using the ipv4-multicast statement.
Routers R1, R2, and R3

user@host# set traceoptions file isis size 5m world-readable
user@host# set traceoptions flag error
user@host# set topologies ipv4-multicast
2. Enable multicast metrics on the first SONET/SDH Interface by using the

ipv4-multicast-metric statement.
Router R1
[edit protocols isis interface so-0/0/0 ]

user@R1# set level 1 metric 15
user@R1# set level 1 ipv4-multicast-metric 18
Router R2
[edit protocols isis interface so-0/0/0]

Router R3

3. Enable multicast metrics on a second sonet Interface by using the ipv4-multicast-metric

statement.
Router R1


IS-IS Feature Guide
Router R2

Router R3

4. Disable the out-of-band management port, fxp0.

user@host# set interface fxp0.0 disable
5. If you are done configuring the routers, commit the configuration.
[edit]
user@host# commit
Results From configuration mode, confirm your configuration by using the show protocols isis
statement. If the output does not display the intended configuration, repeat the
Router R1
traceoptions {
file isis size 5m world-readable;
flag error;
}
topologies ipv4-multicast;
interface so-0/0/0 {
level 1 {
metric 15;
ipv4-multicast-metric 18;
}
level 2 {
metric 20;
}
}

level 1 {
metric 13;
}
level 2 {
metric 29;
}
}
interface fxp0.0 {
disable;
}
Router R2
traceoptions {
flag error;
}
level 1 {
metric 13;
}
level 2 {
metric 29;
}
}
level 1 {
metric 14;
}
level 2 {
metric 32;
}
}
interface fxp0.0 {
disable;
}
Router R3
traceoptions {
flag error;
}

IS-IS Feature Guide
level 1 {
metric 19;
}
level 2 {
metric 27;
}
}
level 1 {
metric 16;
}
level 2 {
metric 30;
}
}
interface fxp0.0 {
disable;
}
Verification
• Verifying the Connection Between Routers R1, R2, and R3 on page 160
• Verifying That IS-IS Is Configured on page 162
• Verifying the Configured Multicast Metric Values on page 164
• Verifying the Configuration of the Multicast Topology on page 165
Verifying the Connection Between Routers R1, R2, and R3
Purpose Make sure that Routers R1, R2, and R3 are connected to each other.
Action Ping the other two routers from any router, to check the connectivity between the three
routers as per the network topology.
PING 10.0.3.9 (10.0.3.9): 56 data bytes

^C

user@R1> ping 10.0.3.10
PING 10.0.3.10 (10.0.3.10): 56 data bytes

^C
PING 10.0.2.9 (10.0.2.9): 56 data bytes

^C
user@R2> ping 10.0.2.10
PING 10.0.2.10 (10.0.2.10): 56 data bytes

^C
user@R3> ping 10.0.1.10
PING 10.0.1.10 (10.0.1.10): 56 data bytes

^C
PING 10.0.1.9 (10.0.1.9): 56 data bytes


IS-IS Feature Guide
^C
Meaning Routers R1, R2, and R3 have a peer relationship with each other.
Verifying That IS-IS Is Configured
Purpose Make sure that the IS-IS instance is running on Routers R1, R2, and R3, and that they are
adjacent to each other.
Action Use the show isis adjacency detail command to check the adjacency between the routers.
Router R1
R2
Interface: so-0/0/0, Level: 1, State: Up, Expires in 8 secs
Priority: 64, Up/Down transitions: 1, Last transition: 2d 19:23:59 ago
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bd
Topologies: IPV4-Multicast
R2
R3
R3
Router R2

R1
Circuit type: 3, Speaks: IP, MAC address: 0:1b:c0:86:54:bc
R1
R3
R3
Router R3
R2
R2
R1

IS-IS Feature Guide

R1
Meaning IS-IS is configured on Routers R1, R2, and R3, and they are adjacent to each other.
Verifying the Configured Multicast Metric Values
Purpose Make sure that the SPF calculations are accurate as per the configured multicast metric
values on Routers R1, R2, and R3.
Action Use the show isis spf results command to check the SPF calculations for the network.
Router R1
user@R1> show isis spf results
...
IPV4 Multicast IS-IS level 1 SPF results:
Node Metric Interface NH Via SNPA
R3.03 28 so-1/0/0 IPV4 R3 0:1b:c0:86:54:bd
R2.00 18 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bd
R3.00 17 so-1/0/0 IPV4 R3 0:1b:c0:86:54:bd
R1.00 0
4 nodes

R3.03 40 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bd
R3.00 22 so-1/0/0 IPV4 R3 0:1b:c0:86:54:bd
R2.00 14 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bd
R1.00 0
4 nodes
Router R2
...
R3.02 29 so-0/0/0 IPV4 R1 0:1b:c0:86:54:bc
R3.00 18 so-1/0/0 IPV4 R3 0:1b:c0:86:54:bd
R1.00 12 so-0/0/0 IPV4 R1 0:1b:c0:86:54:bc
R2.02 12
R2.00 0
5 nodes


R3.02 45 so-0/0/0 IPV4 R1 0:1b:c0:86:54:bc
R3.00 26 so-1/0/0 IPV4 R3 0:1b:c0:86:54:bd
R1.00 23 so-0/0/0 IPV4 R1 0:1b:c0:86:54:bc
R2.02 23
R2.00 0
5 nodes
Router R3
...
R3.02 26
R1.00 23 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bc
R2.02 23 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bc
R2.00 11 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bc
R3.03 11
R3.00 0
6 nodes

R2.02 34 so-1/0/0 IPV4 R1 0:1b:c0:86:54:bc
R2.00 21 so-0/0/0 IPV4 R2 0:1b:c0:86:54:bc
R3.03 21
R1.00 20 so-1/0/0 IPV4 R1 0:1b:c0:86:54:bc
R3.02 20
R3.00 0
6 nodes
Meaning The configured multicast metric values are used in SPF calculations for the IS-IS network.
Verifying the Configuration of the Multicast Topology
Purpose Make sure that the multicast topology is configured on Routers R1, R2, and R3.
Action Use the show isis database detail command to verify the multicast topology configuration
on the routers.
Router R1
R1.00-00 Sequence: 0x142, Checksum: 0xd07, Lifetime: 663 secs

IPV4 Unicast IS neighbor: R2.02 Metric: 15

IS-IS Feature Guide
IPV4 Multicast IS neighbor: R2.02 Metric: 18

IP IPV4 Unicast prefix: 10.0.1.8/30 Metric: 15 Internal Up
R2.00-00 Sequence: 0x13f, Checksum: 0xf02b, Lifetime: 883 secs

R2.02-00 Sequence: 0x13c, Checksum: 0x57e2, Lifetime: 913 secs

R3.00-00 Sequence: 0x13c, Checksum: 0xc8de, Lifetime: 488 secs

R3.02-00 Sequence: 0x139, Checksum: 0xfb0e, Lifetime: 625 secs

R3.03-00 Sequence: 0x138, Checksum: 0xad56, Lifetime: 714 secs

R1.00-00 Sequence: 0x142, Checksum: 0x2c7c, Lifetime: 816 secs

R2.00-00 Sequence: 0x13f, Checksum: 0x4826, Lifetime: 966 secs


R3.00-00 Sequence: 0x13d, Checksum: 0x1b19, Lifetime: 805 secs




R3.03-00 Sequence: 0x139, Checksum: 0xab57, Lifetime: 844 secs

Router R2
R1.00-00 Sequence: 0x142, Checksum: 0xd07, Lifetime: 524 secs



R3.00-00 Sequence: 0x13d, Checksum: 0xc6df, Lifetime: 1102 secs




IS-IS Feature Guide






Router R3
R1.00-00 Sequence: 0x143, Checksum: 0xb08, Lifetime: 1155 secs





R3.00-00 Sequence: 0x13d, Checksum: 0xc6df, Lifetime: 1044 secs









IS-IS Feature Guide

Meaning Multicast topology is configured on Routers R1, R2, and R3.
Related • IS-IS Multicast Topologies Overview on page 153

Documentation
Understanding Dual Stacking of IPv4 and IPv6 Unicast Addresses
Service providers and enterprises are faced with growing their networks using IPv6, while
continuing to serve IPv4 customers.
Increasingly, the public side of network address translation (NAT) devices is IPv6 rather
than IPv4. Service providers cannot continue giving customers globally routable IPv4
addresses, they cannot get new globally routable IPv4 addresses for expanding their
own networks, and yet they must continue to serve both IPv4 customers and new
customers, all of whom are primarily trying to reach IPv4 destinations.
IPv4 and IPv6 must coexist for some number of years, and their coexistence must be
transparent to end users. If an IPv4-to-IPv6 transition is successful, end users should not
even notice it.
A dual-stack device is a device with network interfaces that can originate and understand
both IPv4 and IPv6 packets.
Other strategies, such as manually or dynamically configured tunnels and translation

devices exist, but dual stacking is often the preferable solution in many scenarios. The
dual-stacked device can interoperate equally with IPv4 devices, IPv6 devices, and other
dual-stacked devices. When both devices are dual stacked, the two devices agree on
which IP version to use.
The transition is driven by DNS. If a dual-stacked device queries the name of a destination
and DNS gives it an IPv4 address (a DNS A Record), it sends IPv4 packets. If DNS responds
with an IPv6 address (a DNS AAAA Record), it sends IPv6 packets.
Keep in mind that if you are going to dual stack all of your network devices, the interfaces
need both an IPv6 and an IPv4 address. This raises the issue that the Internet has run
out of IPv4 addresses, which is the main reason IPv6 is needed in the first place. If you
do not have an abundant supply of IPv4 addresses to apply to your devices, you can still
use dual stacking, but you will need to conserve your supply of IPv4 addresses by using
network address translation (NAT). Building dual-stacked networks with a mix of global
IPv6 addresses and NAT-ed IPv4 addresses is quite feasible. Some specific solutions
include carrier-grade NAT (CGN), NAT44(4), NAT64, NAT464, and dual-stack lite.
Table 6 on page 171 describes at a high level how to pick a network addressing technique.
In reality, a complete solution might include a set of techniques to satisfy multiple service
needs. It is important to understand the backbone technology being used on the network

and also to know if the provider has control over the access customer premises equipment
(CPE).
Table 6: Choosing the Right Solution to Address Next-Generation Addressing Requirements
CPE Access Network Destinations

Network Solution
IPv4 IPv4 IPv4 Internet NAT44(4)
IPv4/IPv6 IPv6 IPv4 Internet DS-Lite with NAT44
IPv4/IPv6 IPv4 IPv6 Internet 6rd (6to4)
IPv4 IPv6 IPv4 Internet NAT64
Related • Understanding IPv6 Dual-Stack Lite

Documentation
• Understanding IPv6
• Example: Configuring IS-IS Dual Stacking of IPv4 and IPv6 Unicast Addresses on
page 171
Example: Configuring IS-IS Dual Stacking of IPv4 and IPv6 Unicast Addresses
This example shows how to configure IPv4 and IPv6 dual stacking in IS-IS.

Requirements
example.
Overview
Video: IS-IS Dual Stacking
You can use IPv4 and IPv6 dual stacking to begin your migration from IPv4 to IPv6 by
implementing IPv6 alongside IPv4 in your existing networks. This allows you to implement
IPv6 so that you can provide the same services over IPv6—for example, video, voice,
high-quality data—that you currently provide in your IPv4 networks. You can then perform
incremental upgrades to IPv6 and avoid service disruptions while migrating from IPv4 to
IPv6.

IS-IS Feature Guide
Unlike RIP and OSPF, IS-IS does not require a distinct protocol or a new version to support
IPv6. Because IS-IS uses ISO addresses, the configuration for IPv6 and IPv4 is identical
in the Junos OS implementation of IS-IS. For IS-IS to carry IPv6 routes, you only need to
add IPv6 addresses to IS-IS enabled interfaces or include other IPv6 routes in your IS-IS
export policy.
The only explicit configuration needed in IS-IS with regard to IPv6 is if you want to disable
it. Alternatively, you can disable IPv4 routing and use IS-IS with IPv6 only. An example
of each is provided here:
Disable IPv6 routing in IS-IS:

user@host# set no-ipv6-routing
Use IS-IS exclusively for IPv6 routing:

user@host# set no-ipv4-routing
Figure 17: IS-IS IPv4 and IPv6 Dual Stacking Topology
IPv6
IPv4
fe-1/2/0 R1
.1 fe-1/2/1
.17
10.0.0.0/30 2001:db8:0:1::/64
10.0.0.16/30
fe-1/2/0 .2 fe-1/2/0
2001:db8:0:5::/64
.18
R2 R3
g041305
steps on Device R1.
Configuration
level.

set interfaces fe-1/2/0 unit 0 family inet6 address 2001:db8:0:5::/64 eui-64


set interfaces lo0 unit 0 family inet6 address 2001:db8::1/128


Mode in the Junos OS CLI User Guide.
To configure IS-IS dual stacking:
1. Configure the interfaces, including both IPv4 and IPv6 addresses on each interface.
Optionally, include the eui-64 statement to automatically generate the host number
portion of interface addresses.
[edit interfaces]
user@R1# set fe-1/2/0 unit 0 family inet6 address 2001:db8:0:5::/64 eui-64
user@R1# set fe-1/2/1 unit 0 family inet6 address 2001:db8:0:1::/64 eui-64
user@R1# set lo0 unit 0 family inet6 address 2001:db8::1/128

IS-IS Feature Guide


fe-1/2/0 {
unit 0 {
family inet {
address 10.0.0.1/30;
}
family iso;
family inet6 {
address 2001:db8:0:5::/64 {
eui-64;
}
}
}
}
fe-1/2/1 {
unit 0 {
family inet {
address 10.0.0.17/30;
}
family iso;
family inet6 {
address 2001:db8:0:1::/64 {
eui-64;
}
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.1/32;
}
family iso {
address 49.0002.0192.0168.0001.00;
}
family inet6 {
address 2001:db8::1/128;
}
}
}


isis {
interface lo0.0;
}
Verification
• Checking the Neighbor Adjacencies on page 175

• Pinging the IPv6 Interfaces on page 175
• Checking the IPv6 Routing Table on page 176
Checking the Neighbor Adjacencies
Purpose Determine what topologies are supported on neighboring IS-IS devices.
R2
Circuit type: 3, Speaks: IP, IPv6
Topologies: Unicast
IP addresses: 10.0.0.2
IPv6 addresses: fe80::2a0:a514:0:24c
R3
Topologies: Unicast
Meaning As expected, the output shows that the two neighbors support both IPv4 and IPv6. The
IPv4 address and the IPv6 link-local address are also shown.
Pinging the IPv6 Interfaces
Purpose Make sure that you can ping the remote IPv6 interfaces.

IS-IS Feature Guide
Action From operational mode, enter the ping command to ping from Device R2 to Device R3.
1. Determine the IPv6 address assigned to Device R3.
If you use EUI-64 addressing as shown in the example, the host portion of the IPv6
addresses is assigned automatically. To determine what addresses are assigned, use
the show interfaces terse command on Device R3.
user@R3> show interfaces terse
Interface Admin Link Proto Local Remote

fe-1/2/0
fe-1/2/0.0 up up inet 10.0.0.18/30
iso
inet6 2001:db8:0:1:2a0:a514:0:124c/64
fe80::2a0:a514:0:124c/64
lo0
lo0.0 up up inet 192.168.0.3 --> 0/0
iso 49.0002.0192.0168.0003
inet6 2001:db8::3
fe80::2a0:a50f:fc56:14c
The IPv6 addresses that should be pingable are 2001:db8:0:1:2a0:a514:0:124c and

2001:db8::3.
2. From Device R2, ping the Device R3 fe-1/2/0.0 IPv6 interface address and the lo0.0
IPv6 interface address.
user@R2> ping 2001:db8:0:1:2a0:a514:0:124c
PING6(56=40+8+8 bytes) 2001:db8:0:5:2a0:a514:0:24c -->

2001:db8:0:1:2a0:a514:0:124c
16 bytes from 2001:db8:0:1:2a0:a514:0:124c, icmp_seq=0 hlim=63 time=2.373 ms
user@R2> ping 2001:db8::3
PING6(56=40+8+8 bytes) 2001:db8:0:5:2a0:a514:0:24c --> 2001:db8::3

16 bytes from 2001:db8::3, icmp_seq=0 hlim=63 time=1.797 ms
Meaning This test confirms that IS-IS has learned the IPv6 routes.
Checking the IPv6 Routing Table
Purpose Verify that the expected routes are in the IPv6 routing table.

Action user@R1> show route table inet6.0

2001:db8::1/128 *[Direct/0] 18:52:52

> via lo0.0
2001:db8::2/128 *[IS-IS/15] 01:59:52, metric 10
> to fe80::2a0:a514:0:24c via fe-1/2/0.0
2001:db8::3/128 *[IS-IS/15] 01:59:52, metric 10
> to fe80::2a0:a514:0:124c via fe-1/2/1.0
2001:db8:0:1::/64 *[Direct/0] 18:52:15
> via fe-1/2/1.0
2001:db8:0:1:2a0:a514:0:114c/128
*[Local/0] 18:52:48
Local via fe-1/2/1.0
2001:db8:0:5::/64 *[Direct/0] 18:52:49
> via fe-1/2/0.0
2001:db8:0:5:2a0:a514:0:14c/128
*[Local/0] 18:52:49
fe80::/64 *[Direct/0] 18:52:49
> via fe-1/2/0.0
[Direct/0] 18:52:15
> via fe-1/2/1.0
fe80::2a0:a50f:fc56:14c/128
*[Direct/0] 18:52:52
> via lo0.0
fe80::2a0:a514:0:14c/128
*[Local/0] 18:52:49
fe80::2a0:a514:0:114c/128
*[Local/0] 18:52:48
Meaning The output shows the IPv6 interface routes (direct and local) and the IPv6 routes learned
through IS-IS.
Related • Example: Configuring IS-IS IPv4 and IPv6 Unicast Topologies on page 178
Documentation
Understanding IS-IS IPv4 and IPv6 Unicast Topologies
You can configure IS-IS to calculate an alternate IPv6 unicast topology, in addition to
the normal IPv4 unicast topology, and add the corresponding routes to inet6.0. The IS-IS
interface metrics for the IPv4 topology can be configured independently of the IPv6
metrics. You can also selectively disable interfaces from participating in the IPv6 topology
while continuing to participate in the IPv4 topology. This enables you to exercise control
over the paths that unicast data takes through a network.
A topology is the set of joined nodes. IS-IS evaluates all the paths in a single topology
for each IS-IS level and uses the shortest-path-first (SPF) algorithm to determine the
best path among all the feasible paths. Topology discovery and SPF calculation is

IS-IS Feature Guide
performed in a protocol-neutral fashion because it is done at Layer 2 of the OSI model.

If you load the topology with reachability information for a certain protocol (for example,
IP), the assumption is that the circuits that are supposed to provide reachability between
routing devices can carry the protocol. The SPF algorithm has a per-link orientation, not
a per-address family or per-protocol orientation.
Multitopology routing enables you to override this default behavior by enabling a

per-address family, per-protocol SPF calculation.
The additional CPU load associated with multiple runs of the SPF algorithm is generally
not an issue with the processing power available on today’s routing device control planes.
The multitopology extensions alter existing type, length, and value (TLV) tuples by adding
a topology ID. Each routing device in a given topology maintains its adjacencies and runs
a per-topology SPF calculation.
Documentation
Example: Configuring IS-IS IPv4 and IPv6 Unicast Topologies
This example shows how to configure IS-IS to calculate an alternate IPv6 unicast topology,
in addition to the normal IPv4 unicast topology.

Requirements
example.
Overview
This example focuses on IPv4 and IPv6 unicast topologies. The IS-IS interface metrics
for the IPv4 topology can be configured independently of the IPv6 metrics. You can also
selectively disable interfaces from participating in the IPv6 topology while continuing to
participate in the IPv4 topology. This enables you to exercise control over the paths that
unicast data takes through a network.
To enable an IPv6 unicast topology for IS-IS, include the ipv6-unicast statement:
isis {
topologies {
ipv6-unicast;
}
}

To configure a metric for the IPv6 unicast topology, include the ipv6-unicast-metric
statement:
isis {
interface interface-name {
level level-number {
ipv6-unicast-metric number;
}
}
}
To exclude an interface from the IPv6 unicast topologies for IS-IS, include the
no-ipv6-unicast statement:
isis {
no-ipv6-unicast;
}
}
Figure 18 on page 180 shows the topology used in this example. The black lines indicate
link membership in the IPv6 topology. The gray lines indicate membership to the IPv4
topology. Using regular TLVs, it would not be possible to build multiple topologies and
run an SPF calculation based on them. The multitopology extensions describe an
extension to carry the set of supported protocols in the hello packet. After activating
multitopology routing support on a link, the link carries all the topologies that the
underlying circuit is able to relay.

IS-IS Feature Guide
Figure 18: IS-IS IPv4 and IPv6 Unicast Topologies
so-1/2/0 R1
.1 so-1/2/2
.13 .17
10.0.0.0/30 2001:db8:0:1::/64
10.0.0.16/30
so-1/2/0 .2 so-1/2/0
2001:db8:0:5::/64
.18
R2 R3
.9 so-1/2/1 10.0.0.12/30 so-1/2/1 .25
10.0.0.8/30 2001:db8:0:4::/64 10.0.0.24/30
.10 .14 .26 so-1/2/2

so-1/2/1 so-1/2/0
.21 10.0.0.20/30 .22
R4 so-1/2/2 so-1/2/1 R5
so-1/2/3
.5
so-1/2/0
2001:db8:0:2::/64
10.0.0.4.30 2001:db8:0:3::/64
.6
so-1/2/0 so-1/2/1
R6
g041296
IPv6
IPv4
steps on Device R1.
Configuration
level.
Device R1 set interfaces so-1/2/0 unit 0 family inet address 10.0.0.1/30

set interfaces so-1/2/0 unit 0 family iso
set interfaces so-1/2/0 unit 0 family inet6 address 2001:db8:0:5::/64 eui-64
set interfaces so-1/2/1 unit 0 family inet address 10.0.0.13/30
set protocols isis topologies ipv6-unicast
set protocols isis interface so-1/2/0.0
set protocols isis interface so-1/2/1.0 no-ipv6-unicast







IS-IS Feature Guide


To configure an alternate IPv6 unicast topology:
[edit interfaces]
user@R1# set so-1/2/0 unit 0 family inet address 10.0.0.1/30
user@R1# set so-1/2/0 unit 0 family iso
user@R1# set so-1/2/0 unit 0 family inet6 address 2001:db8:0:5::/64 eui-64
user@R1# set so-1/2/2 unit 0 family inet6 address 2001:db8:0:1::/64 eui-64
user@R1# set lo0 unit 0 family inet6 address 2001:db8::1/128


user@R1# set interface so-1/2/0.0
3. Enable multitopology routing on the IS-IS interfaces.
The ipv6-unicast statement enables multitopology IS-IS routing on all interfaces

that have family iso and family inet6 configured and are listed at the [edit protocols
isis interface] hierarchy level.

user@R1# set topologies ipv6-unicast
4. Disable IPv6 unicast support on a given interface.
If you do not want to run multitopology IS-IS routing for IPv6 on a given interface,
you can disable multitopology routing by including the no-ipv6-unicast statement
in the IS-IS interface configuration.

user@R1# set interface so-1/2/1.0 no-ipv6-unicast

so-1/2/0 {
unit 0 {
family inet {
address 10.0.0.1/30;
}
family iso;
family inet6 {
address 2001:db8:0:5::/64 {
eui-64;
}
}
}
}
so-1/2/1 {
unit 0 {
family inet {
address 10.0.0.13/30;
}
family iso;
}
}

IS-IS Feature Guide
so-1/2/2 {
unit 0 {
family inet {
address 10.0.0.17/30;
}
family iso;
family inet6 {
address 2001:db8:0:1::/64 {
eui-64;
}
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.1/32;
}
family iso {
address 49.0002.0192.0168.0001.00;
}
family inet6 {
address 2001:db8::1/128;
}
}
}

isis {
topologies ipv6-unicast;
interface so-1/2/0.0;
interface so-1/2/1.0 {
no-ipv6-unicast;
}
interface lo0.0;
}
Verification
• Checking the Topologies on Neighbors on page 184

• Checking the IS-IS SPF Calculations on page 185
• Checking the Tcpdump Output on page 186
Checking the Topologies on Neighbors
Purpose Determine what topologies are supported on neighboring IS-IS devices.

R2
Interface: so-1/2/0.0, Level: 3, State: Up, Expires in 24 secs
Topologies: Unicast, IPV6-Unicast
R5
Topologies: Unicast
R3
Meaning As expected, the adjacency with Device R5 only supports the IPv4 unicast topology, while
the adjacencies with Device R2 and Device R3 support both the IPv4 and IPv6 topologies.
Checking the IS-IS SPF Calculations
Purpose Verify that separate SPF calculations are being run for IPv4 and IPv6.
Action From operational mode, enter the show isis spf brief command.
user@R1> show isis spf brief
IPV4 Unicast IS-IS level 1 SPF results:

R6.00 20 so-1/2/1.0 IPV4 R5
R4.00 20 so-1/2/0.0 IPV4 R2
R5.00 10 so-1/2/1.0 IPV4 R5
R3.00 10 so-1/2/2.0 IPV4 R3
R2.00 10 so-1/2/0.0 IPV4 R2
R1.00 0
6 nodes

R6.00 20 so-1/2/1.0 IPV4 R5
R4.00 20 so-1/2/0.0 IPV4 R2

IS-IS Feature Guide
R5.00 10 so-1/2/1.0 IPV4 R5

R3.00 10 so-1/2/2.0 IPV4 R3
R2.00 10 so-1/2/0.0 IPV4 R2
R1.00 0
6 nodes

R5.00 40 so-1/2/0.0 IPV6 R2
R6.00 30 so-1/2/0.0 IPV6 R2
R4.00 20 so-1/2/0.0 IPV6 R2
R3.00 10 so-1/2/2.0 IPV6 R3
R2.00 10 so-1/2/0.0 IPV6 R2
R1.00 0
6 nodes

R5.00 40 so-1/2/0.0 IPV6 R2
R6.00 30 so-1/2/0.0 IPV6 R2
R4.00 20 so-1/2/0.0 IPV6 R2
R3.00 10 so-1/2/2.0 IPV6 R3
R2.00 10 so-1/2/0.0 IPV6 R2
R1.00 0
6 nodes
Meaning As expected, SPF calculations are being performed for IPv4 and IPv6 topologies.
Checking the Tcpdump Output
Purpose Verify that the link can be a member of both the IPv4 unicast topology and the IPv6
unicast topology.

Action user@R1> monitor traffic detail interface so-1/2/0.0
[...]
15:52:35.719540 In IS-IS, length 82

p2p IIH, hlen: 20, v: 1, pdu-v: 1, sys-id-len: 6 (0), max-area: 3 (0)
source-id: 0192.0168.0002, holding time: 27s, Flags: [Level 1, Level
2]
circuit-id: 0x01, PDU length: 82
Point-to-point Adjacency State TLV #240, length: 15
Adjacency State: Up (0)
Extended Local circuit-ID: 0x00000054
Neighbor System-ID: 0192.0168.0001
Neighbor Extended Local circuit-ID: 0x00000043
Protocols supported TLV #129, length: 2
NLPID(s): IPv4 (0xcc), IPv6 (0x8e)
IPv4 Interface address(es) TLV #132, length: 4
IPv4 interface address: 10.0.0.2
IPv6 Interface address(es) TLV #232, length: 16
IPv6 interface address: fe80::2a0:a514:0:24c
Area address(es) TLV #1, length: 4
Area address (length: 3): 49.0002
Restart Signaling TLV #211, length: 3
Flags [none], Remaining holding time 0s
Multi Topology TLV #229, length: 4
IPv4 unicast Topology (0x000), Flags: [none]
IPv6 unicast Topology (0x002), Flags: [none]
Meaning The IS-IS hello (IIH) packet shows that IPv4 and IPv6 are supported. The hello packet
lists valid IPv4 and IPv6 addresses, and therefore the routing device can create valid
next-hop entries. The supported protocols are listed in the multitopology TLV #229.
Related • Example: Configuring IS-IS Dual Stacking of IPv4 and IPv6 Unicast Addresses on

IS-IS Feature Guide

CHAPTER 8
Configuring IS-IS Link and Node Link

Protection
• Understanding Loop-Free Alternate Routes for IS-IS on page 189

• Example: Configuring Node-Link Protection for IS-IS Routes in a Layer 3 VPN on page 193
• Understanding Remote LFA over LDP Tunnels in IS-IS Networks on page 205
• Configuring Remote LFA Backup over LDP Tunnels in an IS-IS Network on page 206
• Example: Configuring Remote LFA over LDP Tunnels in IS-IS Networks on page 208
• Understanding Weighted ECMP Traffic Distribution on One-Hop IS-IS
Neighbors on page 220
• Example: Weighted ECMP Traffic Distribution on One-Hop IS-IS Neighbors on page 221
Understanding Loop-Free Alternate Routes for IS-IS
In Junos OS Release 9.5 and later, support for IS-IS loop-free alternate routes enables
IP fast-reroute capability for IS-IS. Junos OS precomputes loop-free backup routes for
all IS-IS routes. These backup routes are preinstalled in the Packet Forwarding Engine,
which performs a local repair and implements the backup path when the link for a primary
next hop for a particular route is no longer available. With local repair, the Packet
Forwarding Engine can correct a path failure before it receives recomputed paths from
the Routing Engine. Local repair reduces the amount of time needed to reroute traffic to
less than 50 milliseconds. In contrast, global repair can take up to 800 milliseconds to
compute a new route. Local repair and global repair are thus complementary. Local repair
enables traffic to continue to be routed using a backup path until global repair is able to
calculate a new route.
A loop-free path is one that does not forward traffic back through the routing device to
reach a given destination. That is, a neighbor whose shortest path to the destination
traverses the routing device is not used as a backup route to that destination. To determine
loop-free alternate paths for IS-IS routes, Junos OS runs shortest-path-first (SPF)
calculations on each one-hop neighbor. You can enable support for alternate loop-free
routes on any IS-IS interface. Because it is common practice to enable LDP on an interface
for which IS-IS is already enabled, this feature also provides support for LDP
label-switched paths (LSPs).

IS-IS Feature Guide
NOTE: If you enable support for alternate loop-free routes on an interface

configured for both LDP and IS-IS, you can use the traceroute command to
trace the active path to the primary next hop.
The level of backup coverage available through IS-IS routes depends on the actual
network topology and is typically less than 100 percent for all destinations on any given
routing device. You can extend backup coverage to include RSVP LSPs.
Junos OS provides two mechanisms for route redundancy for IS-IS through alternate
loop-free routes: link protection and node-link protection. When you enable link protection
or node-link protection on an IS-IS interface, Junos OS creates a single alternate path to
the primary next hop for all destination routes that traverse a protected interface. Link
protection offers per-link traffic protection. Use link protection when you assume that
only a single link might become unavailable but that the neighboring node on the primary
path would still be available through another interface.
Node-link protection establishes an alternate path through a different routing device

altogether. Use node-link protection when you assume that access to a node is lost when
a link is no longer available. As a result, Junos OS calculates a backup path that avoids
the primary next-hop routing device. In Junos OS Release 9.4 and earlier, only the RSVP
protocol supports Packet Forwarding Engine local repair and fast reroute as well as link
protection and node protection.
In Figure 19 on page 191, Case 2 shows how link protection allows source Router A to
switch to Link B when the primary next hop Link A to destination Router C fails. However,
if Router B fails, Link B also fails, and the protected Link A is lost. If node-link protection
is enabled, Router A is able to switch to Link D on Router D and bypass the failed Router
B altogether. As shown in Case 1, with node-link protection enabled, Router A has a
node-link protection alternate path available through Router D to destination Router C.
That means that if Router B fails, Router A can still reach Router C because the path from
Router A to Link D remains available as an alternate backup path.

Chapter 8: Configuring IS-IS Link and Node Link Protection
Figure 19: Link Protection and Node-Link Protection Comparison for IS-IS Routes
The Junos OS implementation of support for loop-free alternate paths for IS-IS routes
is based on the following standards:
• RFC 5286, Basic Specification for IP Fast-Reroute: Loop-free Alternates
• RFC 5714, IP Fast Reroute Framework
Configuring Link Protection for IS-IS

You can configure link protection on any interface for which IS-IS is enabled. When you
enable link protection, Junos OS creates one alternate path to the primary next hop for
all destination routes that traverse a protected interface. Link protection assumes that
only a single link becomes unavailable but that the neighboring node would still be
available through another interface.
NOTE: You must also configure a per-packet load-balancing routing policy

to ensure that the routing protocol process installs all the next hops for a
given route in the routing table.
To enable link protection, include the link-protection statement at the [edit protocols isis
interface interface-name] hierarchy level:
[edit]
protocols {
isis {

IS-IS Feature Guide
link-protection;
}
}
}
Configuring Node-Link Protection for IS-IS

You can configure node-link protection on any interface for which IS-IS is enabled.
Node-link protection establishes an alternate path through a different routing device
altogether for all destination routes that traverse a protected interface. Node-link
protection assumes that the entire routing device, or node, has failed. Junos OS therefore
calculates a backup path that avoids the primary next-hop routing device.
NOTE: You must also configure a per-packet load-balancing routing policy

to ensure that the routing protocol process installs all the next hops for a
given route in the routing table.
To enable node-link protection, include the node-link-protection statement at the [edit

protocols isis interface interface-name] hierarchy level:
[edit]
protocols {
isis {
node-link-protection;
}
}
}
Excluding an IS-IS Interface as a Backup for Protected Interfaces

By default, all IS-IS interfaces that belong to the master instance or a specific routing
instance are eligible as backup interfaces for protected interfaces. You can specify that
any IS-IS interface be excluded from functioning as a backup interface to protected
interfaces. To exclude an IS-IS interface as a backup interface, include the
no-eligible-backup statement at the [edit protocols isis interface interface-name] hierarchy
level:
[edit]
protocols {
isis {
no-eligible-backup;
}
}
}

Configuring RSVP Label-Switched Paths as Backup Paths for IS-IS

Relying on the shortest-path-first (SPF) calculation of backup paths for one-hop
neighbors might result in less than 100 percent backup coverage for a specific network
topology. You can enhance coverage of IS-IS and LDP label-switched paths (LSPs) by
configuring RSVP LSPs as backup paths. To configure a specific RSVP LSP as a backup
path, include the backup statement at the [edit protocols mpls label-switched-path
lsp-name] hierarchy level:
[edit]
protocols {
mpls {
label-switched-path lsp-name {
backup;
to ip-address;
}
}
}
When configuring an LSP, you must specify the IP address of the egress routing device
with the to statement. For detailed information about configuring LSPs and RSVP, see
the Junos OS MPLS Applications Library for Routing Devices.
Using Operational Mode Commands to Monitor Protected IS-IS Routes

You can issue operational mode commands that provide more details about your
link-protected and node-link-protected IS-IS routes. The following guidelines explain
the type of information available from the output of each command:
• show isis backup label-switched-path—Displays which MPLS LSPs have been designated
as backup paths and the current status of those LSPs.
• show isis backup spf results—Displays SPF calculations for each neighbor for a given
destination. Indicates whether a specific interface or node has been designated as a
backup path and why. Use the no-coverage option to display only those nodes that do
not have backup coverage.
• show isis backup coverage—Displays the percentage of nodes and prefixes for each
type of address family that is protected.
• show isis interface detail—Displays the type of protection (link or node-link) applied
to each protected interface.
Related • Example: Configuring Node-Link Protection for IS-IS Routes in a Layer 3 VPN on page 193
Documentation
Example: Configuring Node-Link Protection for IS-IS Routes in a Layer 3 VPN
Node-link protection establishes an alternate path through a different routing device.

Use node-link protection when you assume that access to a node is lost when a link is

IS-IS Feature Guide
no longer available. Junos OS calculates a backup path that avoids the primary next-hop
routing device.

Requirements
This example requires Junos OS Release 9.5 or later.

example.
Overview
In this example, core-facing interfaces are enabled for IS-IS Level 2, LDP, and RSVP.
Node-link protection is enabled on all the core-facing interfaces, which means that if the
primary next hop for any destination that traverses the interfaces becomes unavailable,
Junos OS uses a backup link that avoids the next-hop router altogether if necessary.
You also need to configure a routing policy that requires all traffic to use per-packet load
balancing in order to enable Packet Forwarding Engine local repair. With local repair, the
Packet Forwarding Engine can correct a path failure and implement a backup loop-free
alternate route before it receives recomputed paths from the Routing Engine.
Figure 20: IS-IS Node-Link Protection Topology
10.0.0.0/30 10.0.0.4/30 10.0.0.8/30 10.0.0.12/30

.1 .2 .5 .6 .9 .10 .13 .14
CE1 PE1 P1 P2 PE2
.21 .25
.29 .17
lo0,0 Addresses
10.0.0.24/30
CE1 10.255.1.1 10.0.0.16/30
PE1 10.255.2.2
P1 10.255.3.3 .26 .18
P2 10.255.4.4 10.0.0.20/30 .22 .30
P3 10.255.7.7 P3 CE2
10.0.0.28/30
g041275
PE2 10.255.5.5
CE2 10.255.6.6
On Device PE1, an RSVP LSP is configured as a backup path for IS-IS. Relying on the
shortest-path-first (SPF) calculation of backup paths for one-hop neighbors might result
in less than 100 percent backup coverage for a specific network topology. You can enhance
coverage of IS-IS and LDP LSPs by configuring RSVP LSPs as backup paths. To configure
a specific RSVP LSP as a backup path, include the backup statement at the [edit protocols
mpls label-switched-path lsp-name] hierarchy level.
steps on Device P1.

Configuration
level.
Device CE1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.1/30
Device PE1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.2/30
set interfaces fe-1/2/0 unit 0 family mpls
set protocols rsvp interface fe-1/2/2.0
set protocols rsvp interface lo0.0
set protocols rsvp interface fxp0.0 disable
set protocols mpls label-switched-path to-p2 backup
set protocols mpls label-switched-path to-p2 to 10.255.4.4
set protocols mpls label-switched-path to-p2 ldp-tunneling
set protocols mpls interface fe-1/2/2.0
set protocols mpls interface lo0.0
set protocols mpls interface fxp0.0 disable
set protocols bgp group l3vpn type internal
set protocols bgp group l3vpn local-address 10.255.2.2
set protocols bgp group l3vpn family inet-vpn unicast
set protocols bgp group l3vpn peer-as 65534
set protocols bgp group l3vpn local-as 65534
set protocols bgp group l3vpn neighbor 10.255.5.5
set protocols isis spf-options delay 1000
set protocols isis interface all node-link-protection
set protocols isis interface all level 1 disable
set protocols isis interface lo0.0 level 2 metric 0
set protocols ldp deaggregate
set protocols ldp interface fe-1/2/1.0
set protocols ldp interface fxp0.0 disable
set routing-instances VPN-A instance-type vrf
set routing-instances VPN-A interface fe-1/2/0.0

IS-IS Feature Guide
set routing-instances VPN-A route-distinguisher 65534:1234

set routing-instances VPN-A vrf-target target:65534:1234
set routing-instances VPN-A routing-options static route 10.255.1.1/32 next-hop 10.0.0.1
Device P1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.6/30

set protocols ldp interface all




Device PE2 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.14/30
set protocols bgp group l3vpn type internal
set protocols bgp group l3vpn local-address 10.255.5.5

IS-IS Feature Guide
set protocols bgp group l3vpn family inet-vpn unicast

set protocols bgp group l3vpn peer-as 65534
set protocols bgp group l3vpn local-as 65534
set protocols bgp group l3vpn neighbor 10.255.2.2
set routing-instances VPN-A instance-type vrf
set routing-instances VPN-A interface fe-1/2/1.0
set routing-instances VPN-A route-distinguisher 65534:1234
set routing-instances VPN-A vrf-target target:65534:1234
set routing-instances VPN-A routing-options static route 10.255.1.1/32 next-hop 10.0.0.18
Device CE2 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.18/30
Enable IS-IS and MPLS.
[edit interfaces]
user@P1# set fe-1/2/0 unit 0 family inet address 10.0.0.6/30
user@P1# set fe-1/2/0 unit 0 family iso
user@P1# set fe-1/2/0 unit 0 family mpls
user@P1# set lo0 unit 0 family inet address 10.255.3.3/32
user@P1# set lo0 unit 0 family iso address 49.0001.0010.0000.0303.00
2. Configure the IS-IS interfaces for Level 2.

[edit protocols]
user@P1# set isis interface all level 2 metric 10
user@P1# set isis interface all level 1 disable
user@P1# set isis interface fxp0.0 disable
user@P1# set isis interface lo0.0 level 2 metric 0
3. Enable IS-IS node-link protection, which also automatically extends backup coverage
to all LDP LSPs.
[edit protocols]
user@P1# set isis interface all node-link-protection
4. (Optional) Configure a 1000-millisecond time interval between the detection of a

topology change and when the SPF algorithm runs.
[edit protocols]
user@P1# set isis spf-options delay 1000
5. Configure MPLS to use both RSVP and LDP label-switched paths (LSPs).
[edit protocols]
user@P1# set mpls interface all
user@P1# set mpls interface fxp0.0 disable
user@P1# set rsvp interface all
user@P1# set rsvp interface fxp0.0 disable
user@P1# set ldp interface all
user@P1# set ldp interface fxp0.0 disable
6. (Optional) For LDP, enable forwarding equivalence class (FEC) deaggregation,

which results in faster global convergence.
[edit protocols]
user@P1# set ldp deaggregate
7. To enable Packet Forwarding Engine local repair, establish a policy that forces the
routing protocol process to install all the next hops for a given route.
This policy ensures that the backup route is installed in the forwarding table used
by the Packet Forwarding Engine to forward traffic to a given destination.
[edit policy-options policy-statement ecmp term 1]

user@P1# set then load-balance per-packet
8. Apply the policy to the forwarding table of the local router with the export statement.
[edit routing-options forwarding-table]

user@P1# set export ecmp

IS-IS Feature Guide
user@P1# show interfaces

fe-1/2/0 {
unit 0 {
family inet {
address 10.0.0.6/30;
}
family iso;
family mpls;
}
}
fe-1/2/1 {
unit 0 {
family inet {
address 10.0.0.9/30;
}
family iso;
family mpls;
}
}
fe-1/2/2 {
unit 0 {
family inet {
address 10.0.0.25/30;
}
family iso;
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.3.3/32;
}
family iso {
address 49.0001.0010.0000.0303.00;
}
}
}
user@P1# show protocols

rsvp {
interface all;
interface fxp0.0 {
disable;
}
}
mpls {
interface all;
interface fxp0.0 {

disable;
}
}
isis {
spf-options delay 1000;
interface all {
level 2 metric 10;
level 1 disable;
}
interface fxp0.0 {
disable;
}
interface lo0.0 {
level 2 metric 0;
}
}
ldp {
deaggregate;
interface all;
interface fxp0.0 {
disable;
}
}
user@P1# show policy-options

policy-statement ecmp {
term 1 {
then {
load-balance per-packet;
}
}
}
user@P1# show routing-options

forwarding-table {
export ecmp;
}
Verification
• Checking the MPLS LSP Backup Path on page 202

• Checking Which Next-Hop Neighbors Are Designated as Backup Paths to the Destination
Node on page 202
• Checking the Backup Coverage on page 203
• Checking the Type of Protection Configured on page 204

IS-IS Feature Guide
Checking the MPLS LSP Backup Path
Purpose Display information about the MPLS label-switched-paths (LSPs) designated as the
backup route for the IS-IS routes.
Action On Device PE1, from operational mode, enter the show isis backup label-switched-path
command.
user@PE1> show isis backup label-switched-path
Backup MPLS LSPs:

to-p2, Egress: 10.255.4.4, Status: up, Last change: 01:17:45
TE-metric: 19, Metric: 0, Refcount: 1
Meaning The output shows that the backup path is up and operational.
Checking Which Next-Hop Neighbors Are Designated as Backup Paths to the

Destination Node
Purpose Display SPF calculations for each neighbor for a given destination.
Action On Device PE1, from operational mode, enter the show isis backup spf results command.
user@PE1> show isis backup spf results

0 nodes

PE2.00
Primary next-hop: fe-1/2/2.0, IPV4, P3, SNPA: 0:5:85:8f:c8:bd
Root: P2, Root Metric: 20, Metric: 10, Root Preference: 0x0
track-item: P2.00-00
Eligible, Backup next-hop: fe-1/2/1.0, LSP, to-p2
Not eligible, Reason: Interface is already covered
P2.00
Not eligible, Reason: Primary next-hop link fate sharing
Not eligible, Reason: Primary next-hop node fate sharing
P3.00

Eligible, Backup next-hop: fe-1/2/1.0, LSP, to-p2
P1.00
Eligible, Backup next-hop: fe-1/2/2.0, IPV4, P3, SNPA: 0:5:85:8f:c8:bd
4 nodes
Meaning The output indicates whether a specific interface or node has been designated as a
backup path and why.
Checking the Backup Coverage
Purpose Check the percentage of protected nodes and prefixes.
Action From operational mode, enter the show isis backup coverage command.
user@PE1> show isis backup coverage
Backup Coverage:
Topology Level Node IPv4 IPv6 CLNS
IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00%
IPV4 Unicast 2 75.00% 87.50% 0.00% 0.00%
user@P1> show isis backup coverage
Backup Coverage:
IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00%
IPV4 Unicast 2 75.00% 71.43% 0.00% 0.00%
Backup Coverage:
IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00%
IPV4 Unicast 2 50.00% 37.50% 0.00% 0.00%

IS-IS Feature Guide
Backup Coverage:
IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00%
IPV4 Unicast 2 75.00% 71.43% 0.00% 0.00%
user@PE2> show isis backup coverage
Backup Coverage:
IPV4 Unicast 1 0.00% 0.00% 0.00% 0.00%
IPV4 Unicast 2 50.00% 37.50% 0.00% 0.00%
Meaning The level of backup coverage available through IS-IS routes depends on the actual
network topology and is typically less than 100 percent for all destinations on any given
routing device. You can extend backup coverage to include RSVP LSPs.
Checking the Type of Protection Configured
Purpose On all nodes in the IS-IS domain, check the type and percentage of protected nodes and
prefixes.
Action From operational mode, enter the show isis interface detail command.
user@PE1> show isis interface detail

lo0.0
1 0 64 0 Passive
2 0 64 0 Passive
fe-1/2/2.0
Protection Type: Node Link
2 1 64 10 9.000 27 P3.03 (not us)
fe-1/2/1.0
Protection Type: Node Link
2 1 64 10 9.000 27 P1.02 (not us)
Meaning The output shows that node-link protection is configured on the interfaces.

Related • Understanding Loop-Free Alternate Routes for IS-IS on page 189

Documentation
Understanding Remote LFA over LDP Tunnels in IS-IS Networks
In an IS-IS network, a loop free alternate (LFA) is a directly connected neighbor that
provides precomputed backup paths to the destinations reachable through the protected
link on the point of local repair (PLR). A remote LFA is not directly connected to the PLR
and provides precomputed backup paths using dynamically created LDP tunnels to the
remote LFA node. The PLR uses this remote LFA backup path when the primary link fails.
The primary goal of the remote LFA is to increase backup coverage for the IS-IS networks
and provide protection for Layer 1 metro-rings.
LFAs do not provide full backup coverage for IS-IS networks. This is a major setback for
metro Ethernet networks that are often shaped as ring topologies. To overcome this
setback, Resource Reservation Protocol - Traffic Engineering (RSVP-TE) backup tunnels
are commonly used to extend the backup coverage. However, a majority of network
providers have already implemented LDP as the MPLS tunnel setup protocol and do not
want to implement the RSVP-TE protocol merely for backup coverage. LDP automatically
brings up transport tunnels to all potential destinations in an IS-IS network and hence is
the preferred protocol. The existing LDP implemented for the MPLS tunnel setup can be
reused for protection of IS-IS networks and subsequent LDP destinations, thereby
eliminating the need for RSVP-TE backup tunnels for backup coverage.
To calculate the remote LFA backup path, the IS-IS protocol determines the remote LFA
node in the following manner:
1. Calculates the reverse shortest path first from the adjacent router across the protected
link of a PLR. The reverse shortest path first uses the incoming link metric instead of
the outgoing link metric to reach a neighboring node.
The result is a set of links and nodes, which is the shortest path from each leaf node
to the root node.
2. Calculates the shortest path first (SPF) on the remaining adjacent routers to find the
list of nodes that can be reached without traversing the link being protected.
The result is another set of links and nodes on the shortest path from the root node
to all leaf nodes.
3. Determines the common nodes from the above results, These nodes are the remote
LFAs.
IS-IS listens to the advertised labels for the LDP routes. For each advertised LDP route,
IS-IS checks whether it contains an LDP supplied next hop. If the corresponding IS-IS
route does have a backup next hop, then IS-IS runs the backup policy and adds an
additional tracking route with the corresponding LDP label-switched path next hop as
the backup next hop. If there are no backup next hops, LDP builds a dynamic LDP tunnel
to the remote LFA, and LDP establishes a targeted adjacency between the remote LFA

IS-IS Feature Guide
node and the PLR node. This backup route has two LDP labels. The top label is the IS-IS
route, which denotes the backup path from the PLR to the remote LFA route. The bottom
label is the LDP MPLS label-switched path that denotes the route for reaching the ultimate
destination from the remote LFA. When an LDP session goes down and a remote tunnel
is no longer available, IS-IS changes all the routes that have been using this backup LDP
tunnel.
NOTE: Currently, Junos OS supports only IPv4 transport LSPs. If you need to
reuse IPv4 transport LSPs for IPv6 IGP networks, add an IPv6 explicit NULL
label to the label stack of the tracking route. The system automatically
converts the IPv4 LSP to an IPv6 LSP.
LDP might be vulnerable by an automatically targeted adjacency, and these threats can
be mitigated using all or some of the following mechanisms:
• Remote LFAs that are several hops away use extended hello messages to indicate
willingness to establish a targeted LDP session. A remote LFA can reduce the threat
of spoofed extended hellos by filtering them and accepting only those originating at
sources permitted by an access or filter list.
• There is a need to authenticate with TCP-MD5 all auto-targeted LDP sessions in the
given IGP/LDP domain using apply groups or LDP global-level authentication.
• As an added security measure, the repair or remote tunnel endpoint routers should be
assigned from a set of addresses that are not reachable from outside of the routing
domain.
Related • auto-targeted-session
Documentation
• no-eligible-remote-backup on page 544
• remote-backup-calculation on page 571
• Configuring Remote LFA Backup over LDP Tunnels in an IS-IS Network on page 206
Configuring Remote LFA Backup over LDP Tunnels in an IS-IS Network
Starting in Junos OS Release 14.2, the primary goal of a remote loop-free alternate (LFA)
is to increase backup coverage for IS-IS routes and provide protection especially for Layer
1 metro-rings. The existing LDP implemented for the MPLS tunnel setup can be reused
for protection of IS-IS networks and subsequent LDP destinations. The IS-IS protocol
creates a dynamic LDP tunnel to reach the remote LFA node from the point of local repair
(PLR). The PLR uses this remote LFA backup path when the primary link fails.
Before you configure remote LFA over LDP tunnels in an IS-IS network, you must do the
following:
1. Enable LDP on the loopback interface.

Configure a loopback interface because an LDP targeted adjacency cannot be formed

without a loopback interface. LDP targeted adjacency is essential for determining
remote LFA backup paths.
2. Make sure that remote LFA allows asymmetric remote neighbor discovery—that is, it
must send periodic targeted hello messages to the router that initiated the remote
neighbor for LDP auto-targeted adjacency.
3. Configure link protection or node-link protection on the PLR.
To configure remote LFA backup over LDP tunnels in an IS-IS network:
1. Enable remote LFA backup to determine the backup next hop using dynamic LDP
label-switched path.
[edit protocols isis backup-spf-options]

user@host# set remote-backup-calculation
2. (Optional) Include the node-link-degradation statement even if node-link protection

is not configured for a given interface.
The device uses the configured link protection LFA as the backup for the primary link.

user@host# set node-link-degradation
3. Enable automatically targeted LDP sessions using the loopback addresses between
the PLR and the remote LFA node.
[edit protocols ldp]

user@host# set auto-targeted-session
4. Specify a time interval for which the targeted LDP sessions are kept up even after the
remote LFA node goes down.
[edit protocols ldp auto-targeted-session]

user@host# set teardown-delay seconds
For example, to set a teardown delay value of 60 seconds:

user@host# set teardown-delay 60
5. Specify the maximum number of automatically targeted LDP sessions to optimize

memory usage.

IS-IS Feature Guide
user@host# set maximum-sessions number of sessions
For example, to set a maximum sessions allowed to 20:

user@host# set maximum-sessions 20
Release History Table Release Description
14.2 Starting in Junos OS Release 14.2, the primary goal of a remote loop-free
alternate (LFA) is to increase backup coverage for IS-IS routes and provide
protection especially for Layer 1 metro-rings.
Documentation
• Understanding Remote LFA over LDP Tunnels in IS-IS Networks on page 205
Example: Configuring Remote LFA over LDP Tunnels in IS-IS Networks
This example shows how to configure remote LFA for LDP tunnels in an IS-IS network
for extending backup protection.

Requirements
• Six MX Series routers with IS-IS protocol and LDP enabled on the connected interfaces.
• Junos OS Release 14.2 or later running on all devices.
Before you configure remote LFA over LDP tunnels in IS-IS networks, make sure of the
following:
• LDP is enabled on the loopback interface. Without a loopback interface, LDP targeted
adjacency cannot be formed. Remote LFA cannot be configured without LDP targeted
adjacency.

• Remote LFA must allow asymmetric remote neighbor discovery, that is, it must send
periodic targeted hellos to the router that initiated the remote neighbor for LDP auto
targeted adjacency.
• Link protection or node-link protection must be configured on the point of local repair
(PLR).
Overview
The example includes six routers in a ring topology. Configure the IS-IS protocol on the
directly connected interfaces. Device R1 is the PLR. This example verifies that Junos OS
updates the routing table of Device R1 with LDP next-hop routes as the backup route.
Topology
Figure 21: Configuring Remote LFA over LDP Tunnels in IS-IS Networks
Configuration

IS-IS Feature Guide

set protocols isis interface ge-1/5/0.12 link-protection
set protocols isis backup-spf-options remote-backup-calculation
set protocols isis backup-spf-options node-link-degradation
set protocols ldp auto-targeted-session
set protocols ldp auto-targeted-session teardown-delay 60
set protocols ldp auto-targeted-session maximum-sessions 20
Router R2 set interfaces ge-1/0/1 unit 2 description R2>R1






IS-IS Feature Guide


set ldp auto-targeted-session
set ldp auto-targeted-session teardown-delay 60
set ldp auto-targeted-session maximum-sessions 20


NOTE: Repeat this procedure except Step 4 and 5 for every Juniper Networks
router in the IGP domain, modifying the appropriate interface names,
addresses, and any other parameters.
[edit interfaces]

2. Assign a loopback address to the device.

3. Configure the IS-IS interface for level 2 and the metric value on all the interfaces,
and enable link protection on the protected interface.

user@R1# set interface all level 2 metric 10
user@R1# set interface fxp0.0 disable
user@R1# set interface ge-1/5/0.12 link-protection
4. Enable IS-IS node-link protection, which also automatically extends backup coverage
to all LDP label-switched paths.

user@R1# set spf-options delay 1000

IS-IS Feature Guide
user@R1# set interface all node-link-protection
5. Enable remote LFA backup which calculates the backup next hop using dynamic
LDP label-switched path.
(Optional) When you include the node link degradation statement even if node
protection LFA is not configured for a given destination, the device uses the
configured link protection LFA as the backup for the primary link.

user@R1# set backup-spf-options remote-backup-calculation
user@R1# set backup-spf-options node-link-degradation
6. Configure MPLS to use LDP label-switched paths for all interfaces on the device.
[edit protocols]
user@R1# set mpls interface all
user@R1# set mpls interface fxp0.0 disable
user@R1# set ldp interface all
user@R1# set ldp interface fxp0.0 disable
7. Specify a time interval for which the targeted LDP sessions are kept up when the
remote LFA goes down, and specify a maximum number of automatically, targeted
LDP sessions to optimize the use of memory.

user@R1# set auto-targeted-session
user@R1# set auto-targeted-session teardown-delay 60
user@R1# set auto-targeted-session maximum-sessions 20
8. (Optional) Enable forwarding equivalence class (FEC) deaggregation, which results

in faster global convergence.

user@R1# set deaggregate
9. To enable Packet Forwarding Engine local repair, establish a policy that forces the
routing protocol process to install all the next hops for a given route.
This policy ensures that the backup route is installed in the forwarding table used
by the Packet Forwarding Engine to forward traffic to a given destination.
user@R1# set policy-options policy-statement ecmp term 1
user@R1# set then load-balance per-packet
10. Apply the policy to the forwarding table of the local router with the export statement.

[edit routing-options forwarding-table]

user@R1# set export ecmp
Results
show protocols, show policy-options, and show routing-options commands. If the
output does not display the intended configuration, repeat the instructions in this example
to correct the configuration.

ge-1/0/0 {
unit 1 {
description R1->R2;
family inet {
address 1.1.1.1/24;
}
family iso;
family mpls;
}
}
ge-1/5/0 {
unit 12 {
description R1->R6;
family inet {
address 1.1.6.12/24;
}
family iso;
family mpls;
}
}
lo0 {
unit 10 {
family inet {
address 10.255.102.128/32;
}
family iso {
address 49.0001.1720.1600.1010.00;
}
}
}

mpls {
interface all;
interface fxp0.0 {
disable;
}
}
isis {
spf-options delay 1000;
backup-spf-options {

IS-IS Feature Guide
remote-backup-calculation;
node-link-degradation;
}
interface ge-1/5/0.12; {
link-protection;
}
interface all {
level 2 metric 10;
}
interface fxp0.0 {
disable;
}
interface lo0.12 {
passive;
}
}
ldp {
auto-targeted-session {
teardown-delay 60;
maximum-sessions 20;
}
deaggregate;
interface all;
interface fxp0.0 {
disable;
}
}

policy-options {
policy-statement ecmp {
term 1 {
then {
}
}
}
}

forwarding-table {
export ecmp;
}
If you are done configuring the device, enter commit from the configuration mode.

Verification
• Verifying the Routes on page 217

• Verifying the IS-IS Routes on page 218
• Verifying the LDP Routes on page 218
• Verifying the Designated Backup Path Node on page 219
Verifying the Routes
Purpose Verify that the expected routes are learned.
Action On Device R1, from operational mode, run the show route command to display the routes
in the routing table.
user@R1> show route 1.1.4/24

1.1.4.0/24 *[IS-IS/15] 11:37:58, metric 30

> to 1.1.6.11 via ge-1/5/0
to 1.1.1.2 via ge-1/0/0, Push 299824
user@R1> show route 1.1.4/24 detail

1.1.4.0/24 (1 entry, 1 announced)
State: <FlashAll>
Level: 1
Address: 0x98047cc
Next hop: 1.1.6.11 via ge-1/5/0 weight 0x1, selected
Session Id: 0x14b
Next hop: 1.1.1.2 via ge-1/0/0 weight 0x101 uflags Remote neighbor path

Session Id: 0x142
State:<Active Int>
Age: 11:38:00
Metric: 30
Task: IS-IS
Announcement bits (3): 0-LDP 1-IS-IS 3-KRT
AS path: I
Meaning The output shows all the routes in the routing table of Device R1.

IS-IS Feature Guide
Verifying the IS-IS Routes
Purpose Display all the LDP backup routes in the IS-IS routing table of Device R1.
Action On Device R1, from operational mode, run the show isis route command to display the
routes in the IS-IS routing table.
user@R1> show isis route

IPv4/IPv6 Routes
----------------
Backup Score
1.1.2.0/24 1 558 20 int lt-1/2/0.1 IPV4 tp3-R2
1.1.3.0/24 1 558 30 int lt-1/2/0.1 IPV4 tp3-R2
1.1.4.0/24 1 558 30 int lt-1/2/0.12 IPV4 tp3-R6
lt-1/2/0.1 LSP
LDP->tp3-R4(10.255.102.156)
1.1.5.0/24 1 558 20 int lt-1/2/0.12 IPV4 tp3-R6
lt-1/2/0.1 LSP
LDP->tp3-R4(10.255.102.156)
10.255.102.136/32 1 558 10 int lt-1/2/0.12 IPV4 tp3-R6
lt-1/2/0.1 LSP
LDP->tp3-R4(10.255.102.156)
10.255.102.146/32 1 558 20 int lt-1/2/0.1 IPV4 tp3-R2
10.255.102.156/32 1 558 30 int lt-1/2/0.1 IPV4 tp3-R2
lt-1/2/0.12 IPV4 tp3-R6
10.255.102.166/32 1 558 20 int lt-1/2/0.12 IPV4 tp3-R6
lt-1/2/0.1 LSP
LDP->tp3-R4(10.255.102.156)
10.255.102.178/32 1 558 10 int lt-1/2/0.1 IPV4 tp3-R2
Meaning The output shows all the LDP backup routes in the IS-IS routing table of Device R1.
Verifying the LDP Routes
Purpose Verify the automatically targeted LDP routes.

Action From operational mode, enter the show ldp session auto-targeted detail command.
user@R1> show ldp session auto-targeted detail
Address: 10.255.102.156, State: Operational, Connection: Open, Hold time: 21

Session ID: 10.255.102.128:0--10.255.102.156:0
Next keepalive in 1 seconds
Passive, Maximum PDU: 4096, Hold time: 30, Neighbor count: 1
Neighbor types: auto-targeted
Keepalive interval: 10, Connect retry interval: 1
Local address: 10.255.102.128, Remote address: 10.255.102.156
Up for 11:38:23
Capabilities advertised: none
Capabilities received: none
Protection: disabled
Session flags: none
Local - Restart: disabled, Helper mode: enabled
Remote - Restart: disabled, Helper mode: enabled
Local maximum neighbor reconnect time: 120000 msec
Local maximum neighbor recovery time: 240000 msec
Local Label Advertisement mode: Downstream unsolicited
Remote Label Advertisement mode: Downstream unsolicited
Negotiated Label Advertisement mode: Downstream unsolicited
MTU discovery: disabled
Nonstop routing state: Not in sync
Next-hop addresses received:
1.1.3.6
1.1.4.7
10.255.102.156
Meaning The output shows automatically targeted LDP next hops.
Verifying the Designated Backup Path Node
Purpose Display the remote LFA next hop determined for a given destination.
Action From operational mode, enter the show isis backup spf results command.
user@R1> show isis backup spf results R6

R6.00
Primary next-hop: ge-1/5/0, IPV4, R6, SNPA: 0:5:85:88:f0:bc
Not eligible, IPV4, Reason: Path loops
Eligible, Backup next-hop: ge-1/0/0, LSP, LDP->R4(10.255.102.156), Prefixes: 2
1 nodes

IS-IS Feature Guide

R6.00
Primary next-hop: ge-1/5/0, IPV4, R6, SNPA: 0:5:85:88:f0:bc
Not eligible, IPV4, Reason: Path loops
Eligible, Backup next-hop: ge-1/0/0, LSP, LDP->R4(10.255.102.156), Prefixes: 0
1 nodes
Meaning The output indicates whether a specific interface or node has been designated as a
remote backup path and why.
Related • Understanding Remote LFA over LDP Tunnels in IS-IS Networks on page 205
Documentation
• auto-targeted-session
Understanding Weighted ECMP Traffic Distribution on One-Hop IS-IS Neighbors
Equal-cost multipath (ECMP) is a popular technique to load balance traffic across

multiple paths. With ECMP enabled, If paths to a remote destination have the same cost,
then traffic is distributed between them in equal proportion. Equal distribution of traffic
across multiple paths is not desirable if the local links to adjacent routers towards the
ultimate destination have unequal capacity. Commonly the traffic distribution between
two links is equal and the link utilization is the same. However, if the capacity of an
aggregated Ethernet bundle changes, equal traffic distribution results in imbalance of
link utilization. In this case, weighted ECMP enables load balancing of traffic between
equal cost paths in proportion to the capacity of the local links.
In figure 1, Router R1 has 5 links to Router R2, four of them are part of the aggregated
Ethernet bundle. Both L3 links have the same cost. To reach the destination network N,
Router R1, load balances traffic between L3 links. The distribution between the two links
is equal in normal conditions and link utilization is the same. However, if AE bundle
capacity changes, equal distribution results in the imbalance of link utilization. Weighted
ECMP feature enables load balancing between equal cost paths in proportion to the
capacity of the local inks. In this example, if AE bundle has three active links, traffic is
distributed in 30/40 proportion between AE bundle and a single link.

To enable weighted ECMP traffic distribution on directly connected IS-IS neighbors,

configure weighted one-hop statement at the [edit protocols isis spf-options multipath]
hierarchy level. Weighted ECMP is currently supported for the IS-IS protocol only.
Starting in Junos OS Release 17.1R1, weighted ECMP feature also supports IS-IS SPRING
based next hop addresses.
NOTE: For logical interfaces, you must configure interface bandwidth to

distribute traffic across equal cost multipaths based on the underlying
physical interface bandwidth. If you do not configure the logical bandwidth
for each logical interface, Junos OS assumes that the entire bandwidth of
the physical interface is available for each logical interface.
NOTE: This feature provides weighted ECMP routing to IS-IS neighbors that
are one hop away. Junos OS supports this feature on immediately connected
routers only and does not support weighted ECMP on multihop routers, that
is, on routers that are more than one hop away.
You must configure per-packet load balancing policy before configuring this
feature. WECMP will be operational if per-packet load balancing policy is in
place,
17.1R1 Starting in Junos OS Release 17.1R1, weighted ECMP feature also supports
IS-IS SPRING based next hop addresses.
Related • multipath on page 530

Documentation
Example: Weighted ECMP Traffic Distribution on One-Hop IS-IS Neighbors
This example shows how to configure weighted equal cost multipath (ECMP) routing
for distributing traffic to IS-IS neighbors that are one hop away to ensure optimal load
balancing. Weighted ECMP routing distributes traffic unequally over multiple paths for
better load balancing. However, weighted ECMP routing is more efficient than equal
distribution of traffic during per-packet load balancing.


IS-IS Feature Guide
Requirements
• Two MX Series routers
• Junos OS Release 15.1F4 or later
Before you configure weighted ECMP in an IS-IS network, make sure you :
1. Configure IP addresses on the device interfaces.
2. Configure IS-IS.
3. Configure load balancing
4. Configure a per-packet load balancing policy.
Overview
Beginning with Junos OS Release 15.1F4, you can configure the IS-IS protocol to get the
logical interface bandwidth information associated with the gateways of equal-cost
multipath (ECMP) next hop. During per-packet load balancing, traffic distribution is based
on the available bandwidth to facilitate optimal bandwidth usage for incoming traffic
on an ECMP path of one hop distance. The Packet Forwarding Engine does not distribute
the traffic equally, but considers the balance values and distributes the traffic according
to the bandwidth availability. However, this feature is not available for ECMP paths that
are more than one hop away.
Topology
In Figure 22 on page 222, three aggregated Ethernet bundles ae0, ae1, and ae2 with four
links each, are configured between Router R0 and Router R1. The Packet Forwarding
Engine distributes traffic unequally between the three Ethernet bundles when one of the
links goes down, depending on the available bandwidth.
Figure 22: Weighted ECMP Traffic Distribution on One Hop IS-IS Neighbors
Configuration

Router R0 set interfaces ge-1/1/4 description "LinkID: R0R1-1"

set interfaces ge-0/0/0 description "LinkID: R0R1-2"
set interfaces ge-0/0/1 description "LinkID: R0RT0"
set chassis maximum-ecmp 64
set chassis redundancy graceful-switchover
set chassis aggregated-devices ethernet device-count 64
set interfaces ge-1/1/4 gigether-options 802.3ad ae0
set interfaces ae0 aggregated-ether-options minimum-links 1
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 unit 0 family inet address 10.0.1.1/24
set interfaces ae0 unit 0 family iso
set interfaces ae1 vlan-tagging
set interfaces ae1 unit 1 bandwidth 1g;
set interfaces ae1 unit 1 vlan-id 1;

IS-IS Feature Guide

set routing-options forwarding-table export pplb
set protocols isis interface ge-0/1/7.0 level 1 metric 20
set protocols isis interface ge-0/1/7.0 level 2 metric 20
set protocols isis interface ae0.0 node-link-protection
set protocols isis interface ae1.0
set policy-options policy-statement pplb then load-balance per-packet
set protocols isis spf-options multipath weighted one-hop
Router R1 set interfaces ge-1/1/4 description "LinkID: R0R1-1"



set interfaces ge-0/1/0 description "LinkID: R1RT0"
set chassis aggregated-devices ethernet device-count 64
set protocols isis export from-static
set policy-options policy-statement from-static from protocol static
set policy-options policy-statement from-static then accept

IS-IS Feature Guide
NOTE: Repeat this procedure for Router R1 after modifying the appropriate
1. Specify the maximum number of weighted ECMP interfaces that you want to
configure. Enable graceful switchover and specify the number of aggregated Ethernet
interfaces to be created.
[edit chassis]
user@R0# set maximum-ecmp 64
user@R0# set redundancy graceful-switchover
user@R0# set aggregated-devices ethernet device-count 64
2. Configure the interfaces with multiple links to the same destination for load
balancing traffic.
[edit interfaces]
user@R0# set ge-1/1/4 description "LinkID: R0R1-1"
user@R0# set ge-0/0/1 description "LinkID: R0RT0"
3. Configure logical interfaces with appropriate bandwidth based on the underlying

physical bandwidth.
user@R0# set ae1 unit 1 bandwidth 1g;

user@R0# set ae1 unit 1 vlan-id 1;
user@R0# set ae1 unit 1 family inet address 13.1.1.1/24
user@R0# set ae1 unit 0 family iso


NOTE: For logical interfaces, configure interface bandwidth to distribute

traffic across equal-cost multipaths based on the underlying operational
interface bandwidth. When you configure multiple logical interfaces on
a single interface, configure appropriate logical bandwidth for each
logical interface to see the desired traffic distribution over the logical
interfaces.
4. Configure IP addresses on the interfaces with either IPv4 or IPv6 addresses, as per
your network requirements.
[edit interfaces]

IS-IS Feature Guide
5. Configure the four member links of the ae0 aggregated Ethernet bundle.
[edit interfaces]
user@R0# set ge-1/1/4 gigether-options 802.3ad ae0
[edit interfaces]
[edit interfaces]
8. Configure IP address and the Link Aggregation Control Protocol (LACP) for ae0
aggregated Ethernet interface.
[edit interfaces]
user@R0# set ae0 aggregated-ether-options minimum-links 1
user@R0# set ae0 aggregated-ether-options lacp active
[edit interfaces]
[edit interfaces]

11. Configure the loopback interface address and iso family address.
[edit interfaces]
12. Configure IS-IS on all the interfaces and on the AE bundles.
[edit protocols]
user@R0# set isis interface ge-0/1/7.0 level 1 metric 20
user@R0# set isis interface ge-0/1/7.0 level 2 metric 20
user@R0# set isis interface ae0.0 node-link-protection
user@R0# set isis interface ae1.0
user@R0# set isis interface ae2.0
user@R0# set isis interface lo0.0
13. Configure per-packet load balancing.
user@R0# set policy-statement pplb then load-balance per-packet
14. Apply per-packet load balancing policy.
user@R0# set forwarding-table
user@R0# set export pplb
15. Enable weighted ECMP traffic distribution on directly connected IS-IS neighbors.

user@R0# set spf-options multipath weighted one-hop
Results
From configuration mode, confirm your configuration by entering the show chassis, show
interfaces, show protocols, show policy-options, and show routing-options commands. If
the output does not display the intended configuration, repeat the instructions in this
[edit]
user@R0# show chassis
maximum-ecmp 64;
redundancy graceful-switchover;

IS-IS Feature Guide
aggregated-devices ethernet device-count 64;
[edit]
ge-0/0/0 {
description "LinkID: R0R1-2";
gigether-options {
802.3ad ae0;
}
}
ge-0/0/1 {
description "LinkID: R0RT0";
unit 0 {
family inet {
address 21.1.1.1/24;
}
family iso;
}
}
ge-0/1/6 {
gigether-options {
802.3ad ae1;
}
}
ge-0/1/7 {
unit 0 {
family inet {
address 10.3.1.1/24;
}
family iso;
}
}
ge-0/1/8 {
gigether-options {
802.3ad ae2;
}
}
ge-1/1/4 {
gigether-options {
802.3ad ae0;
}
}
ge-1/1/5 {
gigether-options {
802.3ad ae2;
}
}
ge-1/1/6 {

gigether-options {
802.3ad ae1;
}
}
ge-1/2/0 {
gigether-options {
802.3ad ae1;
}
}
ge-1/2/1 {
gigether-options {
802.3ad ae0;
}
}
ge-1/2/2 {
gigether-options {
802.3ad ae0;
}
}
ge-1/2/3 {
gigether-options {
802.3ad ae1;
}
}
ge-1/2/8 {
gigether-options {
802.3ad ae2;
}
}
ge-1/3/3 {
gigether-options {
802.3ad ae2;
}
}
ae0 {
aggregated-ether-options {
minimum-links 1;
lacp {
active;
}
}
unit 0 {
family inet {
address 10.0.1.1/24;
}
family iso;
}
}
ae1 {

IS-IS Feature Guide
vlan-tagging;
minimum-links 3;
lacp {
active;
}
}
unit 0 {
family inet {
address 10.1.1.1/24;
}
family iso;
}
unit 1 {
bandwidth 1g;
vlan-id 1;
family inet {
address 13.1.1.1/24;
}
family iso;
}
unit 2 {
bandwidth 1g;
vlan-id 2;
family inet {
address 13.2.1.1/24;
}
family iso;
}
unit 3 {
bandwidth 1g;
vlan-id 3;
family inet {
address 13.3.1.1/24;
}
family iso;
}
unit 4 {
bandwidth 1g;
vlan-id 4;
family inet {
address 13.4.1.1/24;
}
family iso;
}
unit 5 {
bandwidth 1g;
vlan-id 5;
family inet {
address 13.5.1.1/24;
}
family iso;
}
unit 6 {
bandwidth 1g;

vlan-id 6;
family inet {
address 13.6.1.1/24;
}
family iso;
}
unit 7 {
bandwidth 1g;
vlan-id 7;
family inet {
address 13.7.1.1/24;
}
family iso;
}
unit 8 {
bandwidth 1g;
vlan-id 8;
family inet {
address 13.8.1.1/24;
}
family iso;
}
unit 9 {
bandwidth 1g;
vlan-id 9;
family inet {
address 13.9.1.1/24;
}
family iso;
}
unit 10 {
bandwidth 1g;
vlan-id 10;
family inet {
address 13.10.1.1/24;
}
family iso;
}
}
ae2 {
minimum-links 2;
lacp {
active;
}
}
unit 0 {
family inet {
address 10.2.1.1/24;
}
family iso;
}
}
lo0 {
unit 0 {

IS-IS Feature Guide
family inet {
address 192.168.0.4/32;
}
family iso {
address 49.0001.0102.5516.3127.00;
}
}
}
[edit]
isis {
spf-options {
multi-path {
weighted {
one-hop;
}
}
}
}
[edit]
policy-statement pplb {
then {
}
}
[edit]
forwarding-table {
export pplb;
}
Verification
• Verifying Equal Distribution of Traffic Over Equal-Cost Multiple Paths on page 234
• Verifying Unequal Traffic Distribution Over Available Bandwidth on page 239
• Verifying Unequal Traffic Distribution onLogical Interfaces on page 243
Verifying Equal Distribution of Traffic Over Equal-Cost Multiple Paths
Purpose To verify that traffic is equally distributed over the aggregated Ethernet bundles.

Action From operational mode, enter the show route 198.0.0.1 extensive command.

TSI:
KRT in-kernel 198.0.0.1/32 -> {10.0.1.2, 10.1.1.2, 10.2.1.2, 10.3.1.2}
Level: 2
Address: 0x9ec5e10
Next hop: 10.0.1.2 via ae0.0 weight 0x1 balance 33%
Session Id: 0x1b2
Next hop: 10.1.1.2 via ae1.0 weight 0x1 balance 33%, selected
Session Id: 0x1b1
Session Id: 0x1b3
Next hop: 10.3.1.2 via ge-0/1/7.0 weight 0xf000
Session Id: 0x1b0
State: <Active Int>
Age: 35 Metric: 20
Task: IS-IS
Announcement bits (1): 0-KRT
AS path: I
user@R0> show interfaces ae0.0 extensive
Logical interface ae0.0 (Index 335) (SNMP ifIndex 625) (Generation 825)
Flags: Up SNMP-Traps 0x4004000 Encapsulation: ENET2
Statistics Packets pps Bytes bps
Bundle:
Input : 702 4 207265 4320
Output: 870567 33801 95801535 29746416
Adaptive Statistics:
Adaptive Adjusts: 0
Adaptive Scans : 0
Adaptive Updates: 0
Link:
ge-0/0/0.0
Input : 149 1 17924 992
Output: 218927 8586 24081728 7556344
ge-1/1/4.0
Input : 134 1 16616 992
Output: 201384 7781 22152240 6847320
ge-1/2/1.0
Input : 136 1 16864 992
Output: 212760 8238 23443069 7250056
ge-1/2/2.0
Input : 283 1 155861 1344
Output: 237496 9196 26124498 8092696
Aggregate member links: 4
LACP info: Role System System Port Port Port
priority identifier priority number key

IS-IS Feature Guide
ge-0/0/0.0 Actor 127 3c:61:04:2f:c7:c0 127 1 1
ge-0/0/0.0 Partner 127 3c:61:04:2d:9f:c0 127 1 1
ge-1/1/4.0 Actor 127 3c:61:04:2f:c7:c0 127 4 1
ge-1/1/4.0 Partner 127 3c:61:04:2d:9f:c0 127 4 1
ge-1/2/1.0 Actor 127 3c:61:04:2f:c7:c0 127 8 1
ge-1/2/1.0 Partner 127 3c:61:04:2d:9f:c0 127 8 1
ge-1/2/2.0 Actor 127 3c:61:04:2f:c7:c0 127 9 1
ge-1/2/2.0 Partner 127 3c:61:04:2d:9f:c0 127 9 1
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx

ge-0/0/0.0 130 125 0 0
ge-1/1/4.0 127 121 0 0
ge-1/2/1.0 127 123 0 0
ge-1/2/2.0 128 123 0 0
Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx
ge-0/0/0.0 0 0 0 0
ge-1/1/4.0 0 0 0 0
ge-1/2/1.0 0 0 0 0
ge-1/2/2.0 0 0 0 0
Protocol inet, MTU: 1500, Generation: 1699, Route table: 0
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
Destination: 10.0.1/24, Local: 10.0.1.1, Broadcast: 10.0.1.255, Generation:
1501
Protocol iso, MTU: 1497, Generation: 1700, Route table: 0
Flags: Is-Primary
Protocol multiservice, MTU: Unlimited, Generation: 1701, Route table: 0
Flags: Is-Primary
Policer: Input: __default_arp_policer__
Bundle:
Input : 707 4 206275 3968
Output: 849981 32979 93602009 29023264
Adaptive Adjusts: 0
Adaptive Scans : 0
Adaptive Updates: 0
Link:
ge-0/1/6.0
Input : 148 1 17800 992
Output: 198301 7819 21812806 6880984
ge-1/1/6.0
Input : 134 1 16616 992
Output: 209149 8088 23006390 7117728
ge-1/2/0.0
Input : 136 1 16864 992
Output: 215518 8291 23811445 7296528
ge-1/2/3.0

Input : 289 1 154995 992

Output: 227013 8781 24971368 7728024
ge-0/1/6.0 Actor 127 3c:61:04:2f:c7:c0 127 2 2
ge-0/1/6.0 Partner 127 3c:61:04:2d:9f:c0 127 2 2
ge-1/1/6.0 Actor 127 3c:61:04:2f:c7:c0 127 6 2
ge-1/1/6.0 Partner 127 3c:61:04:2d:9f:c0 127 6 2
ge-1/2/0.0 Actor 127 3c:61:04:2f:c7:c0 127 7 2
ge-1/2/0.0 Partner 127 3c:61:04:2d:9f:c0 127 7 2
ge-1/2/3.0 Actor 127 3c:61:04:2f:c7:c0 127 10 2
ge-1/2/3.0 Partner 127 3c:61:04:2d:9f:c0 127 10 2

ge-0/1/6.0 129 123 0 0
ge-1/1/6.0 127 121 0 0
ge-1/2/0.0 127 123 0 0
ge-1/2/3.0 128 123 0 0
ge-0/1/6.0 0 0 0 0
ge-1/1/6.0 0 0 0 0
ge-1/2/0.0 0 0 0 0
ge-1/2/3.0 0 0 0 0
1503
Bundle:
Input : 702 4 224128 3968
Output: 855472 33229 94215862 29243664
Adaptive Adjusts: 0
Adaptive Scans : 0
Adaptive Updates: 0
Link:
ge-0/1/8.0
Input : 137 1 16988 992
Output: 213214 8377 23453540 7372232

IS-IS Feature Guide
ge-1/1/5.0
Input : 137 1 16988 992
Output: 212174 8244 23339050 7255368
ge-1/2/8.0
Input : 135 1 16740 992
Output: 210583 8144 23164099 7167296
ge-1/3/3.0
Input : 293 1 173412 992
Output: 219501 8464 24259173 7448768
priority identifier priority number

key
ge-0/1/8.0 Actor 127 3c:61:04:2f:c7:c0 127 3
3
ge-0/1/8.0 Partner 127 3c:61:04:2d:9f:c0 127 3
3
ge-1/1/5.0 Actor 127 3c:61:04:2f:c7:c0 127 5
3
ge-1/1/5.0 Partner 127 3c:61:04:2d:9f:c0 127 5
3
ge-1/2/8.0 Actor 127 3c:61:04:2f:c7:c0 127 11
3
ge-1/2/8.0 Partner 127 3c:61:04:2d:9f:c0 127 11
3
ge-1/3/3.0 Actor 127 3c:61:04:2f:c7:c0 127 12
3
ge-1/3/3.0 Partner 127 3c:61:04:2d:9f:c0 127 12
3
ge-0/1/8.0 127 123 0 0
ge-1/1/5.0 130 123 0 0
ge-1/2/8.0 129 124 0 0
ge-1/3/3.0 129 124 0 0
ge-0/1/8.0 0 0 0 0
ge-1/1/5.0 0 0 0 0
ge-1/2/8.0 0 0 0 0
ge-1/3/3.0 0 0 0 0
Destination: 10.2.1/24, Local: 10.2.1.1, Broadcast: 10.2.1.255,
Generation: 1505
Meaning IS-IS distributes traffic equally when the three aggregated Ethernet bundles have the
same bandwidth available.

Verifying Unequal Traffic Distribution Over Available Bandwidth
Purpose To verify that IS-IS distributes traffic unevenly when one of the aggregated link is down
during per-packet load balancing depending on the available bandwidth.
Action Disable one of the links on the ae0 bundle so that the available bandwidth is 3g on ae0
and 4g on ae1and ae2. From operational mode, enter the show route 198.0.0.1 extensive
command.

TSI:
KRT in-kernel 198.0.0.1/32 -> {10.0.1.2, 10.1.1.2, 10.2.1.2, 10.3.1.2}
Level: 2
Address: 0x9ec55d0
Session Id: 0x1b2
Next hop: 10.1.1.2 via ae1.0 weight 0x1 balance 36%, selected
Session Id: 0x1b1
Session Id: 0x1b3
Next hop: 10.3.1.2 via ge-0/1/7.0 weight 0xf000
Session Id: 0x1b0
State:<Active Int>
Age: 22 Metric: 20
Task: IS-IS
AS path: I
Bundle:
Input : 793 3 218290 2976
Output: 1617811 27223 178003101 23957320
Adaptive Adjusts: 0
Adaptive Scans : 0
Adaptive Updates: 0
Link:
ge-0/0/0.0
Input : 182 1 21794 992
Output: 461045 9423 50717650 8292776
ge-1/1/4.0 <-- down
Input : 139 0 17236 0
Output: 241334 0 26546740 0
ge-1/2/1.0
Input : 162 1 20088 992
Output: 444340 8979 48918653 7901976
ge-1/2/2.0

IS-IS Feature Guide
Input : 310 1 159172 992

Output: 471092 8821 51820058 7762568

ge-0/0/0.0 Actor 127 3c:61:04:2f:c7:c0 127 1 1
ge-0/0/0.0 Partner 127 3c:61:04:2d:9f:c0 127 1 1
ge-1/1/4.0 Actor 127 3c:61:04:2f:c7:c0 127 4 1
ge-1/1/4.0 Partner 1 00:00:00:00:00:00 1 4 1
ge-1/2/1.0 Actor 127 3c:61:04:2f:c7:c0 127 8 1
ge-1/2/1.0 Partner 127 3c:61:04:2d:9f:c0 127 8 1
ge-1/2/2.0 Actor 127 3c:61:04:2f:c7:c0 127 9 1
ge-1/2/2.0 Partner 127 3c:61:04:2d:9f:c0 127 9 1
ge-0/0/0.0 161 156 0 0
ge-1/1/4.0 151 145 0 0
ge-1/2/1.0 158 154 0 0
ge-1/2/2.0 159 154 0 0
ge-0/0/0.0 0 0 0 0
ge-1/1/4.0 0 0 0 0
ge-1/2/1.0 0 0 0 0
ge-1/2/2.0 0 0 0 0
1501
Flags: Is-Primary
Flags: Is-Primary
Bundle:
Input : 817 5 219555 4672
Output: 1756031 35775 193270683 31483104
Adaptive Adjusts: 0
Adaptive Scans : 0
Adaptive Updates: 0
Link:
ge-0/1/6.0
Input : 174 1 21024 992
Output: 411469 8414 45261286 7404544
ge-1/1/6.0
Input : 159 1 19716 992
Output: 433700 8893 47707000 7826296
ge-1/2/0.0
Input : 161 1 19964 992
Output: 447338 9190 49314819 8087408
ge-1/2/3.0

Input : 323 2 158851 1696

Output: 463524 9278 50987578 8164856
ge-0/1/6.0 Actor 127 3c:61:04:2f:c7:c0 127 2 2
ge-0/1/6.0 Partner 127 3c:61:04:2d:9f:c0 127 2 2
ge-1/1/6.0 Actor 127 3c:61:04:2f:c7:c0 127 6 2
ge-1/1/6.0 Partner 127 3c:61:04:2d:9f:c0 127 6 2
ge-1/2/0.0 Actor 127 3c:61:04:2f:c7:c0 127 7 2
ge-1/2/0.0 Partner 127 3c:61:04:2d:9f:c0 127 7 2
ge-1/2/3.0 Actor 127 3c:61:04:2f:c7:c0 127 10 2
ge-1/2/3.0 Partner 127 3c:61:04:2d:9f:c0 127 10 2

ge-0/1/6.0 159 153 0 0
ge-1/1/6.0 157 151 0 0
ge-1/2/0.0 157 153 0 0
ge-1/2/3.0 158 153 0 0
ge-0/1/6.0 0 0 0 0
ge-1/1/6.0 0 0 0 0
ge-1/2/0.0 0 0 0 0
ge-1/2/3.0 0 0 0 0
1503
Bundle:
Input : 813 4 237569 3968
Output: 1786258 37008 196605473 32568272
Adaptive Adjusts: 0
Adaptive Scans : 0
Adaptive Updates: 0
Link:
ge-0/1/8.0
Input : 163 1 20212 992
Output: 446715 9282 49138650 8168408

IS-IS Feature Guide
ge-1/1/5.0
Input : 162 1 20088 992
Output: 443846 9209 48822970 8104224
ge-1/2/8.0
Input : 161 1 19964 992
Output: 443943 9341 48833699 8220624
ge-1/3/3.0
Input : 327 1 177305 992
Output: 451754 9176 49810154 8075016
ge-0/1/8.0 Actor 127 3c:61:04:2f:c7:c0 127 3 3
ge-0/1/8.0 Partner 127 3c:61:04:2d:9f:c0 127 3 3
ge-1/1/5.0 Actor 127 3c:61:04:2f:c7:c0 127 5 3
ge-1/1/5.0 Partner 127 3c:61:04:2d:9f:c0 127 5 3
ge-1/2/8.0 Actor 127 3c:61:04:2f:c7:c0 127 11 3
ge-1/2/8.0 Partner 127 3c:61:04:2d:9f:c0 127 11 3
ge-1/3/3.0 Actor 127 3c:61:04:2f:c7:c0 127 12 3
ge-1/3/3.0 Partner 127 3c:61:04:2d:9f:c0 127 12 3

ge-0/1/8.0 157 153 0 0
ge-1/1/5.0 160 153 0 0
ge-1/2/8.0 159 154 0 0
ge-1/3/3.0 159 154 0 0
ge-0/1/8.0 0 0 0 0
ge-1/1/5.0 0 0 0 0
ge-1/2/8.0 0 0 0 0
ge-1/3/3.0 0 0 0 0
1505
Meaning IS-IS infers that the ae0 bundle has only 3g of bandwidth available. Therefore, modifies
per-packet load balancing according to the available bandwidth. As per the output, only
27 percent of the bandwidth is available on ae0 because one of the aggregated Ethernet
links is down. Thus IS-IS distributes traffic unequally depending on the available
bandwidth.

Verifying Unequal Traffic Distribution onLogical Interfaces
Purpose To verify that IS-IS distributes traffic unevenly on logical interfaces based on the
configured logical bandwidth.

IS-IS Feature Guide
Action user@R0> show interfaces ae1.1
Logical interface ae1.1 (Index 605) (SNMP ifIndex 1910)

Flags: Up SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.1 ] Encapsulation: ENET2
Bandwidth: 2000mbps
Bundle:
Input : 807 0 200537 360
Output: 277 0 55529 0
Adaptive Adjusts: 0
Adaptive Scans : 0
Adaptive Updates: 0
Protocol inet, MTU: 1500
Max nh cache: 75000, New hold nh limit: 75000, Curr nh cnt: 1, Curr new hold
cnt: 0, NH drop cnt: 0
Destination: 13.1.1/24, Local: 13.1.1.2, Broadcast: 13.1.1.255
Protocol iso, MTU: 1497
Protocol multiservice, MTU: Unlimited
user@R0> show interfaces ae1.2
Logical interface ae1.2 (Index 606) (SNMP ifIndex 1911)

Flags: Up SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.2 ] Encapsulation: ENET2
Bandwidth: 1000mbps
Bundle:
Input : 836 0 208643 720
Output: 305 0 61006 0
Adaptive Adjusts: 0
Adaptive Scans : 0
Adaptive Updates: 0
Protocol inet, MTU: 1500
Max nh cache: 75000, New hold nh limit: 75000, Curr nh cnt: 1, Curr new hold
cnt: 0, NH drop cnt: 0
Destination: 13.2.1/24, Local: 13.2.1.2, Broadcast: 13.2.1.255
Protocol iso, MTU: 1497
Protocol multiservice, MTU: Unlimited
15.1F4 Beginning with Junos OS Release 15.1F4, you can configure the IS-IS protocol
to get the logical interface bandwidth information associated with the
gateways of equal-cost multipath (ECMP) next hop.
Related • multipath on page 530

Documentation
• Understanding Weighted ECMP Traffic Distribution on One-Hop IS-IS Neighbors on
page 220

CHAPTER 9
Configuring IS-IS Traffic Engineering
• IS-IS Extensions to Support Traffic Engineering on page 246

• Using Labeled-Switched Paths to Augment SPF to Compute IGP Shortcuts on page 246
• Example: Enabling IS-IS Traffic Engineering Support on page 248
• Understanding Forwarding Adjacencies on page 263
• Example: Advertising Label-Switched Paths into IS-IS on page 263
• Understanding Wide IS-IS Metrics for Traffic Engineering on page 272
• Example: Enabling Wide IS-IS Metrics for Traffic Engineering on page 272
• Understanding LDP-IGP Synchronization on page 275
• Example: Configuring Synchronization Between IS-IS and LDP on page 277
• Layer 2 Mapping for IS-IS on page 281
• Example: Configuring Layer 2 Mapping for IS-IS on page 282
• Understanding Source Packet Routing in Networking (SPRING) on page 289
• Understanding Adjacency Segments, Anycast Segments, and Configurable SRGB in
SPRING on page 293
• Example: Configuring Segment Routing Global Blocks in SPRING for IS-IS to Increase
Network Speed on page 295
• Example: Configuring Anycast and Prefix Segments in SPRING for IS-IS to Increase
• Configuring Segment Routing Global Blocks Label Ranges in SPRING for IS-IS
Protocol on page 325
• Configuring Anycast and Prefix segments in SPRING for IS-IS Protocol on page 327
• Understanding Topology-Independent Loop-Free Alternate with Segment Routing for
IS-IS on page 331
• Configuring Topology-Independent Loop-Free Alternate with Segment Routing for
IS-IS on page 335
• Example: Configuring Topology Independent Loop-Free Alternate with Segment Routing
for IS-IS on page 336
• Static Adjacency Segment Identifier for ISIS on page 353

IS-IS Feature Guide
IS-IS Extensions to Support Traffic Engineering
To help provide traffic engineering and MPLS with information about network topology
and loading, extensions have been added to the Junos OS implementation of IS-IS.
Specifically, IS-IS supports new type, length, and value (TLV) tuples that specify link
attributes. These TLVs are included in the IS-IS link-state PDUs. The link-attribute
information is used to populate the traffic engineering database, which is used by the
Constrained Shortest Path First (CSPF) algorithm to compute the paths that MPLS
label-switched paths (LSPs) take. This path information is used by RSVP to set up LSPs
and reserve bandwidth for them.
NOTE: Whenever possible, use IS-IS interior gateway protocol (IGP) shortcuts
instead of traffic engineering shortcuts.
The traffic engineering extensions are defined in RFC 5305, IS-IS Extensions for Traffic
Engineering.
IS-IS IGP Shortcuts

In IS-IS, you can configure shortcuts, which allow IS-IS to use an LSP as the next hop as
if it were a subinterface from the ingress routing device to the egress routing device. The
address specified in the to statement at the [edit protocols mpls label-switched-path
lsp-path-name] hierarchy level must match the router ID of the egress routing device for
the LSP to function as a direct link to the egress routing device and to be used as input
to IS-IS SPF calculations. When used in this way, LSPs are no different than Asynchronous
Transfer Mode (ATM) and Frame Relay virtual circuits (VCs), except that LSPs carry only
IPv4 traffic.
Related • Using Labeled-Switched Paths to Augment SPF to Compute IGP Shortcuts on page 246
Documentation
Using Labeled-Switched Paths to Augment SPF to Compute IGP Shortcuts
Link-state protocols, such as OSPF and IS-IS, use the shortest-path-first (SPF) algorithm
to compute the shortest-path tree to all nodes in the network. The results of such
computations can be represented by the destination node, next-hop address, and output
interface, where the output interface is a physical interface. Label-switched paths (LSPs)
can be used to augment the SPF algorithm.
IGP typically performs two independent computations. The first is performed without
considering any LSP. The result of the computation is stored in the inet.0 table. This step
is no different from traditional SPF computations and is always performed even if IGP
shortcut is disabled.
The second computation is performed considering only LSPs as a logical interface. Each
LSP’s egress router is considered. The list of destinations whose shortest path traverses

Chapter 9: Configuring IS-IS Traffic Engineering
the egress router (established during the first computation) is placed in the inet.3 routing
table. These destinations are given the egress router of the LSP as a next hop, enabling
BGP on the local router to use these LSPs to access BGP next hops beyond the egress
router. Normally, BGP can use only LSPs that terminate at the BGP next hop.
As an illustration, begin with a typical SPF tree (see Figure 23 on page 247).
Figure 23: Typical SPF Tree, Sourced from Router A
If an LSP connects Router A to Router D and if IGP shortcuts are enabled on Router A,
you might have the SPF tree shown in Figure 24 on page 247.
Figure 24: Modified SPF Tree, Using LSP A–D as a Shortcut
Note that Router D is now reachable through LSP A–D.
When computing the shortest path to reach Router D, Router A has two choices:
• Use IGP path A–B–D.
• Use LSP A–D.
Router A decides between the two choices by comparing the IGP metrics for path A–B–D
with the LSP metrics for LSP A–D. If the IGP metric is lower, path A–B–D is chosen
(Figure 23 on page 247). This path A–B–D is valid only when node D is not the tail-end of
the LSP. If node D is the tail end of the LSP, even if the LSP metric is lower or both IGP
and LSP metrics are equal, LSP A–D is used (Figure 24 on page 247).
Note that Router E is reachable through LSP A–D and Router F will take the IGP path.
Related • traffic-engineering on page 588

Documentation
• OSPF Support for Traffic Engineering
• IGP Shortcuts and Routing Tables

IS-IS Feature Guide
Example: Enabling IS-IS Traffic Engineering Support
This example shows how to configure IS-IS so that it uses label-switched paths as
shortcuts.

Requirements
example.
Overview
MPLS traffic engineering maps certain data flows to established label-switched paths
(LSPs) rather than to data links calculated by the interior gateway protocol (IGP) to be
part of the best (shortest) path. Fundamental to this function is the determination of
what traffic is to be mapped to an LSP. Traffic is mapped to an LSP at the tunnel's ingress
label switching router (LSR) by designating the egress LSR as the next-hop router for
certain destination prefixes.
It is important to understand that the LSP does not constitute an entire route to a
destination. Rather, the LSP is a next-hop segment of the route. Therefore, packets can
only be mapped to an LSP if the egress LSR is considered to be a feasible next-hop
candidate during the route resolution process.

Figure 25: IS-IS Shortcuts Topology
lo0:
A 192.168.0.1 Prefixes AS 2
G
B 192.168.0.2 10.2.0.0/16
C 192.168.0.3 10.3.0.0/16
D 192.168.0.4 .26
E 192.168.0.5
F 192.168.0.6
G 192.168.0.7 10.0.0.24/30
.25
10.0.0.4/30 10.0.0.8/30 10.0.0.12/30
.5 .6 .9 .10
A B C D
fe-1/2/1 .13 .14
fe-1/2/0 .1 .29
LSP A-C
10.0.0.0/30 10.0.0.28/30
.2 .30
.17 .18
E F
AS 1
g041306
10.0.0.16/30
In this example, Device C has an external BGP (EBGP) peer session with Device G in
autonomous system (AS) 2. In order to enable its internal BGP (IBGP) peers to access
subnets in AS 2, Device C runs IS-IS passively on its interface connecting to Device G.
IS-IS has information about the external subnets and enters routes to these subnets in
the inet.0 routing table. BGP, when resolving the next-hop addresses of AS-external
routes, uses the IGP route.
TIP: An alternative to passively running IS-IS on the interface would be to

use a next-hop self policy.
Device A has an LSP to Device C. The path is configured to always go through Device E,
rather than going through Device B.
Interior gateway protocol (IGP) shortcuts, also called traffic-engineering shortcuts,

provide a tool by which the link-state IGP (OSPF or IS-IS) in an AS can consider an LSP
in its shortest-path-first (SPF) calculations. If using passive external interfaces, the IGP
views an LSP as a single data link toward the destinations beyond the LSP egress device.
When you use traffic-engineering bgp (which is the default) and IGP shortcuts, the traffic
engineering solution is used for BGP AS-external route resolution only. However, traffic
to AS-internal destinations can also be mapped to LSPs. To accomplish this,
traffic-engineering bgp-igp is enabled. Thus, RSVP installs the MPLS prefixes into the
inet.0 table rather than the inet.3 table. As a result, the MPLS LSPs are installed in the
forwarding table.

IS-IS Feature Guide
This approach finds practical application whenever heavy traffic is routed to specific
destinations within an AS, such as server farms.
An important point about IGP shortcuts, whether used alone or in conjunction with
traffic-engineering BGP-IGP, is that IGP adjacencies are never formed across the LSPs.
The IGP sees the LSP as a single data link, but does not view the egress router as a
potential peer and does not forward hello messages across the LSP. Also, RSVP messages
are never forwarded over LSPs, preventing the possibility of an LSP being inadvertently
built within another LSP.
steps on Device A.
Configuration
level.

set protocols mpls traffic-engineering bgp-igp
set protocols mpls label-switched-path test_path to 192.168.0.3
set protocols mpls label-switched-path test_path no-cspf
set protocols mpls label-switched-path test_path primary through_E
set protocols mpls path through_E 192.168.0.5 strict
set protocols isis traffic-engineering family inet shortcuts



set protocols bgp group external-peers export send-some-isis

IS-IS Feature Guide

set protocols isis interface fe-1/2/2.0 level 2 passive
set policy-options policy-statement send-some-isis term 1 from protocol isis
set policy-options policy-statement send-some-isis term 1 from route-filter 10.0.0.0/24
orlonger
set policy-options policy-statement send-some-isis term 1 from route-filter 192.168.0.0/24
orlonger
set policy-options policy-statement send-some-isis term 1 then accept


Device F set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.18/30


Device G set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.26/30

set interfaces lo0 unit 0 family inet address 192.168.0.7/32 primary
set interfaces lo0 unit 0family inet address 10.2.1.1/32
set interfaces lo0 unit 0family inet address 10.3.1.1/32
set protocols bgp group external-peers export statics
set protocols bgp group external-peers export send-directs
set policy-options policy-statement statics from protocol static
set policy-options policy-statement statics then accept
set policy-options policy-statement send-directs term 1 from protocol direct
set policy-options policy-statement send-directs term 1 then accept

IS-IS Feature Guide
To configure IS-IS traffic-engineering shortcuts:
[edit interfaces]
user@A# set fe-1/2/0 unit 0 family inet address 10.0.0.1/30
user@A# set fe-1/2/0 unit 0 family iso
user@A# set fe-1/2/0 unit 0 family mpls
user@A# set fe-1/2/1 unit 0 family inet address 10.0.0.5/30
user@A# set fe-1/2/1 unit 0 family iso
user@A# set fe-1/2/1 unit 0 family mpls
user@A# set lo0 unit 0 family inet address 192.168.0.1/32
user@A# set lo0 unit 0 family iso address 49.0002.0192.0168.0001.00
2. Enable a signaling protocol on the interfaces.
[edit protocols rsvp]

user@A# set interface lo0.0
user@A# set interface fe-1/2/0.0
3. Enable MPLS on the interfaces.

4. Configure the label-switched path.
A single LSP, named test_path, is configured from Device A to Device C. The LSP
explicit route object (ERO) is specified to use a strict hop through Device E, so that
the LSP takes a different path from the OSPF shortest path of A–B–C. The LSP is
signaled using RSVP, but no CSPF is running.

user@A# set label-switched-path test_path to 192.168.0.3
user@A# set label-switched-path test_path no-cspf
user@A# set label-switched-path test_path primary through_E
user@A# set path through_E 192.168.0.5 strict
5. Configure traffic engineering for both BGP and IGP destinations.
When IGP shortcuts are also enabled, the IGP can use the LSP in its calculations.
The results of the calculations are entered into the inet.0 table.

user@A# set traffic-engineering bgp-igp
6. Configure internal BGP (IBGP) peering among the devices.

user@A# set type internal
user@A# set local-address 192.168.0.1
user@A# set neighbor 192.168.0.5
7. Enable IS-IS on the interfaces, and set the link metric.

user@A# set interface fe-1/2/0.0 level 1 disable
user@A# set interface fe-1/2/1.0 level 1 disable
user@A# set interface lo0.0
8. Configure IS-IS to use MPLS LSPs as next hops for the IPv4 address family.
It is only necessary to enable IGP shortcuts on the ingress router because that is the
router performing the shortest-path-first (SPF) calculations.
It is important to understand how IGP shortcuts affect the protocol and routing
table relationship. The IGP performs SPF calculations to subnets downstream of
LSP egress points, but the results of these calculations are entered into the inet.3
table only. At the same time, the IGP performs its traditional SPF calculations and
enters the results of these calculations into the inet.0 table. The result is that
although the IGP is making entries into the inet.3 table, BGP is still the only protocol
with visibility into that table for the purposes of route resolution. Therefore,
forwarding to AS-internal destinations still uses the inet.0 IGP routes, and the LSPs
are only used for BGP next-hop resolution. If you want the LSPs to be used for IGP
next-hop resolution, you must configure traffic-engineering bgp-igp.

user@A# set traffic-engineering family inet shortcuts
user@A# set router-id 192.168.0.1
user@A# set autonomous-system 1

IS-IS Feature Guide
user@A# show interfaces

fe-1/2/0 {
unit 0{
family inet {
address 10.0.0.1/30;
}
family iso;
family mpls;
}
}
fe-1/2/1{
unit 0
family inet {
address 10.0.0.5/30;
}
family iso;
family mpls;
}
}
lo0 {
unit 0{
family inet {
address 192.168.0.1/32;
}
family iso {
address 49.0002.0192.0168.0001.00;
}
}
}
user@A# show protocols

rsvp {
interface lo0.0;
}
mpls {
traffic-engineering bgp-igp;
label-switched-path test_path {
to 192.168.0.3;
no-cspf;
primary through_E;
}
path through_E {
192.168.0.5 strict;
}
}
bgp {
group int {
type internal;
neighbor 192.168.0.5;

neighbor 192.168.0.6;
neighbor 192.168.0.2;
neighbor 192.168.0.3;
}
}
isis {
traffic-engineering {
family inet {
shortcuts;
}
}
level 1 disable;
}
level 1 disable;
}
interface lo0.0;
}
user@A# show routing-options

router-id 192.168.0.1;
Verification
• Verifying the Next Hops on page 257

• Checking the RSVP Sessions on page 259
• Checking the Paths with Different Traffic Engineering Settings on page 260
Verifying the Next Hops
Purpose Verify that the MPLS LSP is used as the next hop in the expected routes.
Action From operational mode, enter the show route command.
user@A> show route

10.0.0.0/30 *[Direct/0] 4d 09:07:26

> via fe-1/2/0.0
10.0.0.1/32 *[Local/0] 4d 09:07:26
10.0.0.4/30 *[Direct/0] 4d 09:07:28
> via fe-1/2/1.0
10.0.0.5/32 *[Local/0] 4d 09:07:28

IS-IS Feature Guide

10.0.0.8/30 *[IS-IS/18] 01:42:24, metric 20
> to 10.0.0.6 via fe-1/2/1.0
10.0.0.12/30 *[IS-IS/18] 01:42:24, metric 30
> to 10.0.0.6 via fe-1/2/1.0
10.0.0.16/30 *[IS-IS/18] 01:42:24, metric 20
> to 10.0.0.2 via fe-1/2/0.0
10.0.0.20/30 *[IS-IS/18] 01:42:24, metric 30
> to 10.0.0.2 via fe-1/2/0.0
10.0.0.24/30 *[IS-IS/18] 01:42:24, metric 30
> to 10.0.0.6 via fe-1/2/1.0
10.0.0.28/30 *[IS-IS/18] 01:42:24, metric 30
to 10.0.0.6 via fe-1/2/1.0
> to 10.0.0.2 via fe-1/2/0.0
10.2.0.0/32 *[BGP/170] 02:22:30, localpref 100, from 192.168.0.3
AS path: 2 I, validation-state: unverified
> to 10.0.0.2 via fe-1/2/0.0, label-switched-path test_path
192.168.0.1/32 *[Direct/0] 4d 09:08:47
> via lo0.0
192.168.0.2/32 *[IS-IS/18] 01:42:24, metric 10
> to 10.0.0.6 via fe-1/2/1.0
192.168.0.3/32 *[IS-IS/18] 01:42:24, metric 20
> to 10.0.0.6 via fe-1/2/1.0
192.168.0.4/32 *[IS-IS/18] 01:42:24, metric 30
> to 10.0.0.6 via fe-1/2/1.0
to 10.0.0.2 via fe-1/2/0.0
192.168.0.5/32 *[IS-IS/18] 01:42:24, metric 10
> to 10.0.0.2 via fe-1/2/0.0
192.168.0.6/32 *[IS-IS/18] 01:42:24, metric 20
> to 10.0.0.2 via fe-1/2/0.0

10.0.0.12/30 *[IS-IS/18] 01:41:21, metric 30

10.0.0.24/30 *[IS-IS/18] 01:41:21, metric 30
10.0.0.28/30 *[IS-IS/18] 01:41:21, metric 30
192.168.0.3/32 *[RSVP/7/1] 01:41:21, metric 20
[IS-IS/18] 01:41:21, metric 20
192.168.0.4/32 *[IS-IS/18] 01:41:21, metric 30

49.0002.0192.0168.0001/72
*[Direct/0] 4d 09:08:47
> via lo0.0

0 *[MPLS/0] 4d 09:10:00, metric 1

Receive
1 *[MPLS/0] 4d 09:10:00, metric 1
Receive
2 *[MPLS/0] 4d 09:10:00, metric 1
Receive
13 *[MPLS/0] 4d 09:10:00, metric 1
Receive
Meaning IS-IS chooses the LSP as the shortest path to destinations downstream of the LSP egress
device. Additionally, because the IGP uses the LSP to reach external subnet 10.0.0.24/30,
BGP also uses the LSP in its routes to 10.2.0.0 and 10.3.0.0.
If next-hop self were used at Device C, BGP would still choose the LSP over the IGP path.
Checking the RSVP Sessions
Purpose Display information about RSVP sessions
Action From operational mode, enter the show rsvp session brief command.
user@A> show rsvp session brief
Ingress RSVP: 1 sessions

To From State Rt Style Labelin Labelout LSPname
192.168.0.3 192.168.0.1 Up 0 1 FF - 299776 test_path
Total 1 displayed, Up 1, Down 0
Egress RSVP: 0 sessions

Transit RSVP: 0 sessions

user@E> show rsvp session brief




IS-IS Feature Guide
192.168.0.3 192.168.0.1 Up 0 1 FF 299776 299808 test_path

user@F> show rsvp session brief



192.168.0.3 192.168.0.1 Up 0 1 FF 299808 3 test_path
user@C> show rsvp session brief


192.168.0.3 192.168.0.1 Up 0 1 FF 3 - test_path

Meaning On all four routing devices, the ingress and egress IP addresses of the LSP are shown.
The path is shown as an ingress path at Device A, and packets forwarded on the LSP are
assigned a label of 299776. At Device E, the LSP is transit, and packets arriving with a
label of 299776 are given an outgoing label of 299808. The labels have significance only
between neighboring label-switched routers (LSRs). Device F swaps incoming label
299808 for outgoing label 3. Device C, the egress, pops label 3 and routes the received
packet by standard IP longest-match route lookup.
Checking the Paths with Different Traffic Engineering Settings
Purpose Check the paths used for IGP and BGP routes when traffic-engineering bgp-igp is used
and when traffic-engineering bgp (the default) is used.
Action 1. Configure traffic-engineering bgp.
This removes traffic-engineering bgp-igp from the configuration because only one
MPLS traffic engineering setting can be configured in each routing instance.

user@A# set traffic-engineering bgp
user@A# commit

2. Use the show route forwarding-table command to check the paths when
traffic-engineering bgp (the default) is configured.
user@A> show route forwarding-table destination 10.2.1.1
Routing table: default.inet

Internet:
Destination Type RtRef Next hop Type Index NhRef Netif
10.2.1.1/32 user 0 indr 262145 6
10.0.0.2 Push 299776 1013 2
fe-1/2/0.0

Internet:
192.168.0.3/32 user 1 10.0.0.6 ucst 938 11 fe-1/2/1.0
3. Use the traceroute command to check the paths when traffic-engineering bgp (the
default) is configured.
user@A> traceroute 10.2.1.1
traceroute to 10.2.1.1 (10.2.1.1), 30 hops max, 40 byte packets

1 10.0.0.2 (10.0.0.2) 11.086 ms 1.587 ms 1.603 ms
MPLS Label=299776 CoS=0 TTL=1 S=1
2 10.0.0.18 (10.0.0.18) 1.455 ms 1.477 ms 1.442 ms
3 10.0.0.29 (10.0.0.29) 2.240 ms 1.045 ms 1.243 ms
4 10.2.1.1 (10.2.1.1) 1.363 ms 1.389 ms 1.374 ms

1 10.0.0.6 (10.0.0.6) 1.759 ms 1.872 ms 2.281 ms
2 bb03-cclab-lo0.spglab.juniper.net (192.168.0.3) 2.119 ms 2.157 ms 1.598
ms
4. Configure traffic-engineering bgp-igp.
This removes traffic-engineering bgp from the configuration because only one MPLS
traffic engineering setting can be configured in each routing instance.

user@A# set traffic-engineering bgp-igp
user@A# commit
5. Use the show route forwarding-table command to check the paths when
traffic-engineering bgp-igp is configured.

Internet:
10.2.1.1/32 user 0 indr 262145 6

IS-IS Feature Guide
10.0.0.2 Push 299776 1013 2

fe-1/2/0.0

Internet:
192.168.0.3/32 user 1 10.0.0.2 Push 299776 1013 8
fe-1/2/0.0
6. Use the traceroute command to check the paths when traffic-engineering bgp-igp is
configured.

1 10.0.0.2 (10.0.0.2) 2.348 ms 1.475 ms 1.434 ms
2 10.0.0.18 (10.0.0.18) 1.507 ms 2.307 ms 1.911 ms
3 10.0.0.29 (10.0.0.29) 1.743 ms 1.645 ms 1.940 ms
4 10.2.1.1 (10.2.1.1) 2.041 ms 1.977 ms 2.233 ms

1 10.0.0.2 (10.0.0.2) 1.721 ms 2.558 ms 2.229 ms
2 10.0.0.18 (10.0.0.18) 2.505 ms 1.462 ms 1.408 ms
ms
Meaning When traffic-engineering bgp is configured, the first trace is to a destination belonging to
the BGP-learned 10.2.0.0/16 prefix, and follows the LSP. The second trace is to the
IS-IS-learned 192.168.0.3 route (Device C’s loopback interface address), and follows the
IS-IS route. These results correspond to what we observe in the forwarding table. The
forwarding table is built based on routes in inet.0 only. BGP can look into inet.3 and select
an LSP as the best path to the next hop of a BGP prefix, and can add a route into inet.0
utilizing that LSP. An entry is then made to the forwarding table from the inet.0 route.
No other protocol, by default, can consult inet.3, and the inet.3 routes are not entered
into inet.0. Therefore, the forwarding entry for 192.168.0.3 is created from the only route
to that destination in inet.0: the IS-IS route.
When traffic-engineering bgp-igp is configured, the first trace to 10.2.1.1 continues to follow
the LSP. The second trace to 192.168.0.3 also follows the LSP. These results correspond
to what we observe in the forwarding table, which shows that the LSP is used for IGP
next-hop resolution.


Documentation
• Example: Enabling OSPF Traffic Engineering Support
Understanding Forwarding Adjacencies
A forwarding adjacency is a traffic engineering label-switched path (LSP) that is

configured between two nodes and that is used by the interior gateway protocol (IGP)
to forward traffic.
When you set up MPLS traffic-engineering tunnels between sites, by default the IGP does
not consider those tunnels for traffic forwarding. Forwarding adjacencies allow you to
treat a traffic engineering LSP tunnel as a link in an IGP topology. The link is used in the
shortest-path-first (SPF) algorithm and is advertised to the IGP peers. A forwarding
adjacency can be created between routing devices regardless of their location in the
network.
Related • Example: Advertising Label-Switched Paths into IS-IS on page 263

Documentation
Example: Advertising Label-Switched Paths into IS-IS
This example shows how to advertise label-switched paths (LSPs) into IS-IS as
point-to-point links (sometimes referred to as forwarding adjacencies) so that the LSPs
can be used in SPF calculations. The advertisement contains a local address (the from
address of the LSP), a remote address (the to address of the LSP), and a metric.

Requirements
example.
Overview

IS-IS Feature Guide
Figure 26: IS-IS Advertising a Label-Switched Path Topology
.5 10 .6 .9 10 .10 .13 10 .14

A B C D
.1 10.0.0.4/30 10.0.0.8/30 10.0.0.12/30
.22
10 10.0.0.0/30 15
10.0.0.20/30 10
LSP E-D
.2
20 .21
E F
.17 10.0.0.16/30 .18
Lo0:
A 192.168.0.1
B 192.168.0.2
C 192.168.0.3
D 192.168.0.4
g041304
E 192.168.0.5
F 192.168.0.6
The example shows how to configure the LSP from Device E to Device D and then
advertise this path through IS-IS. The configuration is verified by performing a traceroute
operation from Device A to Device D and making sure that the LSP is used for forwarding.
steps on Device E.
Configuration
level.

set protocols isis interface fe-1/2/0.0 level 2 metric 10




set protocols mpls label-switched-path E-D to 192.168.0.5
set protocols isis label-switched-path E-D level 2


IS-IS Feature Guide

set protocols mpls label-switched-path E-D to 192.168.0.4
set protocols isis label-switched-path E-D level 2 metric 15
Device F set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.18/30


To advertise LSPs into IS-IS:
[edit interfaces]
user@E# set fe-1/2/0 unit 0 family iso
user@E# set fe-1/2/0 unit 0 family mpls
user@E# set fe-1/2/1 unit 0 family iso
user@E# set fe-1/2/1 unit 0 family mpls
user@E# set lo0 unit 0 family iso address 49.0002.0192.0168.0005.00
2. Enable a signaling protocol on the interfaces.

user@E# set interface lo0.0
user@E# set interface fe-1/2/0.0
3. Enable MPLS on the interfaces.

4. Configure the LSP.
Make sure that you configure the reverse LSP on the endpoint, in this case on Device
D.

user@E# set label-switched-path E-D to 192.168.0.4
5. Configure internal BGP (IBGP) peering among the devices that must run MPLS.

user@E# set type internal
user@E# set local-address 192.168.0.5
user@E# set neighbor 192.168.0.6
6. Enable IS-IS on the interfaces, and set the link metric.

IS-IS Feature Guide
IS-IS Level 1 and Level 2 are enabled when you include the interface at [edit protocols
isis]. By disabling Level 1, you are in effect creating a Level 2 IS-IS interface.

user@E# set interface fe-1/2/0.0 level 1 disable
user@E# set interface fe-1/2/1.0 level 1 disable
user@E# set interface fe-1/2/1.0 level 2 metric 20
user@E# set interface lo0.0
7. Advertise the LSP through IS-IS.
Make sure that you advertise the LSP on the endpoint, in this case on Device D.

user@E# set label-switched-path E-D level 2 metric 15
user@E# set router-id 192.168.0.5
user@E# set autonomous-system 1
user@E# show interfaces

fe-1/2/0 {
unit 0 {
family inet {
address 10.0.0.2/30;
}
family iso;
family mpls;
}
}
fe-1/2/1 {
unit 0 {
family inet {
address 10.0.0.17/30;
}
family iso;
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.5/32;
}

family iso {
address 49.0002.0192.0168.0005.00;
}
}
}
user@E# show protocols

rsvp {
interface lo0.0;
}
mpls {
label-switched-path E-D {
to 192.168.0.4;
}
}
bgp {
group int {
type internal;
neighbor 192.168.0.6;
neighbor 192.168.0.1;
neighbor 192.168.0.4;
}
}
isis {
level 1 disable;
}
level 1 disable;
level 2 metric 20;
}
interface lo0.0;
label-switched-path E-D {
level 2 metric 15;
}
}
user@E# show routing-options

router-id 192.168.0.5;

IS-IS Feature Guide
Verification
• Verifying the IS-IS Neighbor on page 270

• Checking the IS-IS SPF Calculations on page 270
• Checking the Forwarding Path on page 271
Verifying the IS-IS Neighbor
Purpose Verify that another neighbor is listed and is reachable over the LSP. The interface field
indicates the name of the LSP.
user@E> show isis adjacency detail
D
Interface: E-D, Level: 2, State: One-way, Expires in 0 secs
Circuit type: 3, Speaks: IP
Topologies: Unicast
Restart capable: No, Adjacency advertisement: Advertise
F
Topologies: Unicast
LAN id: F.02, IP addresses: 10.0.0.18
A
Topologies: Unicast
LAN id: E.02, IP addresses: 10.0.0.1
Meaning As expected, Interface: E-D is shown in the output, and the state is shown as One-way.
Checking the IS-IS SPF Calculations
Purpose Verify that the LSP is being used in the SPF calculations.
Action From operational mode, enter the show isis spf brief command.
user@E> show isis spf brief


E.00 0
1 nodes

C.02 30 fe-1/2/0.0 IPV4 A 0:5:85:8f:c8:bc
C.00 25 fe-1/2/1.0 LSP E-D
D.03 25 fe-1/2/1.0 LSP E-D
D.02 25 fe-1/2/1.0 LSP E-D
F.00 20 fe-1/2/1.0 IPV4 F 0:5:85:8f:c8:bd
B.00 20 fe-1/2/0.0 IPV4 A 0:5:85:8f:c8:bc
B.02 20 fe-1/2/0.0 IPV4 A 0:5:85:8f:c8:bc
D.00 15 fe-1/2/1.0 LSP E-D
A.00 10 fe-1/2/0.0 IPV4 A 0:5:85:8f:c8:bc
E.02 10
E.00 0
11 nodes
Meaning As expected, the SPF results include the LSP, E-D.
Checking the Forwarding Path
Purpose Verify that a traceroute operation from Device A to Device D uses the LSP.
Action user@A> traceroute 192.168.0.4

1 10.0.0.2 (10.0.0.2) 1.092 ms 1.034 ms 1.174 ms
2 10.0.0.18 (10.0.0.18) 1.435 ms 2.062 ms 2.232 ms
ms
Meaning The output shows that the LSP is used.

Documentation

IS-IS Feature Guide
Understanding Wide IS-IS Metrics for Traffic Engineering
All OSPF and IS-IS interfaces have a cost, which is a routing metric that is used in the
link-state calculation. Routes with lower total path metrics are preferred over those with
higher path metrics. Unlike OSPF, in which the link metric is calculated automatically
based on bandwidth, there is no automatic calculation for IS-IS. All IS-IS links use a metric
of 10 by default.
Normally, IS-IS metrics can have values up to 63. The total cost to a destination is the
sum of the metrics on all outgoing interfaces along a particular path from the source to
the destination. By default, the total path metric is limited to 1023. This metric value is
insufficient for large networks and provides too little granularity for traffic engineering,
especially with high-bandwidth links. A wider range of metrics is also required if route
leaking is used.
IS-IS generates two type, length, and value (TLV) tuples, one for an IS-IS adjacency and
the second for an IP prefix. To allow IS-IS to support traffic engineering, a second pair of
TLVs has been added to IS-IS, one for IP prefixes and the second for IS-IS adjacency and
traffic engineering information. With these TLVs, IS-IS metrics can have values up
24
to 16,777,215 (2 – 1).
By default, Junos OS supports the sending and receiving of wide metrics. Junos OS allows
a maximum metric value of 63 and generates both pairs of TLVs. To configure IS-IS to
generate only the new pair of TLVs and thus to allow the wider range of metric values,
you must include the wide-metrics-only statement in the IS-IS configuration.
The combination of wide-metrics-only and traffic-engineering disable configuration options
under IS-IS protocols suppresses the combination of the TLVs 2, 22, 128, 134, and 135
IS-IS routing information for that level. That means that the local server will not send
the TLVs but accepts them when received. The effect of the configuration options on
TLVs 2, 22, 128, 134, and 135 will be individually evaluated.
See [Understanding the effects of ISIS wide-metric-only and traffic-engineering disable

configuration options in Junos.]
Related • Example: Enabling Wide IS-IS Metrics for Traffic Engineering on page 272
Documentation
Example: Enabling Wide IS-IS Metrics for Traffic Engineering
This example shows how to allow a wide range of metric values on IS-IS interfaces.


Requirements
page 14 for information about the sample IS-IS configuration.
Overview
Figure 27: IS-IS Wide Metrics Topology

10.0.0.0/30
.1 .2
R1 R2
lo0:192.168.0.1 lo0:192.168.0.2
g041282
Configuration
level.
Device R1 set protocols isis level 2 wide-metrics-only

set protocols isis level 1 wide-metrics-only
set protocols isis interface lt-1/2/0.1 level 2 metric 100
set protocols isis interface lt-1/2/0.1 level 1 metric 100
To configure IS-IS checksums:
1. Configure a metric of 100 on the interface at both IS-IS levels.
[edit protocols isis interface lt-1/2/0.1]

2. Enable wide metrics.

user@R1# set level 2 wide-metrics-only

IS-IS Feature Guide
command. If the output does not display the intended configuration, repeat the

isis {
level 2 wide-metrics-only;
interface lt-1/2/0.1 {
level 2 metric 100;
level 1 metric 100;
}
}
Verification
Verifying That Wide Metrics Are Enabled
Purpose Make sure that the interface has the expected metric.
Action From operational mode, enter the show isis interface extensive command.
user@R1> show isis interface lt-1/2/0.1 extensive

lt-1/2/0.1
LSP interval: 100 ms, CSNP interval: 10 s, Loose Hello padding
Level 1
Adjacencies: 1, Priority: 64, Metric: 100
Hello Interval: 9.000 s, Hold Time: 27 s
Designated Router: tp5-R2.02 (not us)
Level 2
Meaning The output shows that the metric is set to 100, as expected, at both Level 1 and Level 2.

Documentation

Understanding LDP-IGP Synchronization
Synchronization between the Label Distribution Protocol (LDP) and the underlying interior
gateway protocol (IGP) ensures that LDP is fully established before the IGP path is used
for forwarding traffic.
LDP is often used to establish MPLS label-switched paths (LSPs) throughout a complete
network domain using an IGP such as OSPF or IS-IS. In such a network, all links in the
domain have IGP adjacencies as well as LDP adjacencies. LDP establishes the LSPs on
the shortest path to a destination as determined by IP forwarding.
If the IGP and LDP are not synchronized, packet loss can occur. This issue is especially
significant for applications such as a core network that does not employ BGP. Another
example is an MPLS VPN where each provider edge (PE) router depends on the availability
of a complete MPLS forwarding path to the other PE devices for each VPN that it serves.
This means that along the shortest path between the PE routers, each link must have
an operational hello adjacency and an operational LDP session, and MPLS label bindings
must have been exchanged over each session.
LDP establishes MPLS LSPs along the shortest path to the destination as determined
by IP forwarding. In a Layer 2 VPN or Layer 3 VPN scenario, if the LSP is not yet formed
between the PE devices, services depending on MPLS forwarding fail. When LDP has not
completed exchanging label bindings with an IGP next hop, traffic is discarded if the head
end of the LSP forwards traffic because the LSP is assumed to be in place.
There are various reasons that the LSP fails to come up, as follows:
• Configuration errors and implementation issues.
• When an LDP hello adjacency or an LDP session with a peer is lost due to some error
while the IGP still points to that peer. IP forwarding of traffic continues on the IGP link
associated with the LDP peer rather than being shifted to another IGP link with which
LDP is synchronized.
• When a new IGP link comes up, causing the next hop to a certain destination to change
in the IGP’s shortest-path-first (SPF) calculations. Although the IGP might be up on
the new link, LDP might not have completed label exchange for all the routes. This
condition might be transient or due to a misconfiguration.
LDP-IGP synchronization discourages a link from being used while the LDP sessions are
not fully established. When LDP is not fully operational on a link, the IGP advertises a
maximum cost for the link, thus preventing traffic from flowing through it. The IGP does
not advertise the original cost or metric for the link until either LDP label exchange has
been completed with the peer on the link or a configured amount of time has passed
(the holddown period).
When synchronization is configured, LDP notifies the IGP to advertise the maximum cost
for the link when one of the following triggering events takes place:
• The LDP hello adjacency goes down.
• The LDP session goes down.

IS-IS Feature Guide
• LDP is configured on an interface.
If the holddown timer has been configured, the timer starts when the triggering event
takes place. When the timer expires, LDP notifies the IGP to resume advertising the original
cost.
If the holddown timer has not been configured, the IGP waits (endlessly) until bindings
have been received from downstream routers for all the forwarding equivalence classes
(FECs) that have a next hop on that interface. Only after that takes place does LDP notify
the IGP to bring down the cost on the interface.
LDP-IGP synchronization is supported only for directly connected peers and links with
the platform label space.
Synchronization Behavior During Graceful Restart

LDP-IGP synchronization does not take place while the IGP is in the process of a graceful
restart. When the graceful restart completes, links for which synchronization has been
configured are advertised with maximum metrics in either of the following cases:
• LDP is not yet operational on the link and no holddown timer has been configured.
• The configured holddown timer has not expired.
During LDP graceful restart, no synchronization operations are done. If the LDP graceful
restart is terminated, LDP notifies the IGPs to advertise the links with the maximum
metric.
Synchronization Behavior on LAN Interfaces

LDP-IGP synchronization does not take place on LAN interfaces unless the IGP has a
point-to-point connection over the LAN configured on the interface. The reason for this
is that multiple LDP peers might be connected on such an interface unless a point-to-point
connection to a single peer has been configured. Because synchronization raises the cost
on the interface high enough to prevent traffic from being forwarded to that link, if multiple
peers are connected, the cost is raised on all the peers even though LDP might be
unsynchronized with only one of the peers. Consequently, traffic is diverted away from
all the peers, an undesirable situation.
Synchronization Behavior on IGP Passive Interfaces

On IGP passive interfaces, the link cost is not raised when LDP-IGP synchronization is
configured and a triggering event occurs.
Synchronization and TE Metrics

When traffic engineering is configured for an IGP, LDP-IGP synchronization does not
affect the traffic engineering metric advertised for the link, regardless of whether the
traffic-engineering (TE) metric is explicitly configured or the default value.
Related • Example: Configuring Synchronization Between IS-IS and LDP on page 277
Documentation

Example: Configuring Synchronization Between IS-IS and LDP
This example shows how to enable synchronization between IS-IS and LDP.

Requirements
Before you begin, configure IS-IS and LDP. For an example, see Example: Configuring a
Layer 3 VPN with Route Reflection and AS Override.
Overview
LDP distributes labels in non-traffic-engineered applications. Labels are distributed along
the best path determined by IS-IS. If the synchronization between LDP and IS-IS is lost,
the label-switched path (LSP) goes down. Therefore, LDP and IS-IS synchronization is
beneficial. When LDP synchronization is configured and when LDP is not fully operational
on a given link (a session is not established and labels are not exchanged), IS-IS advertises
the link with the maximum cost metric. The link is not preferred but remains in the network
topology.
LDP synchronization is supported only on point-to-point interfaces and LAN interfaces

configured as point-to-point interfaces under IS-IS. LDP synchronization is not supported
during graceful restart.
To advertise the maximum cost metric until LDP is operational for LDP synchronization,
include the ldp-synchronization statement:
ldp-synchronization {
disable;
hold-time seconds;
}
To disable synchronization, include the disable statement. To configure the time period
to advertise the maximum cost metric for a link that is not fully operational, include the
hold-time statement.
NOTE: When an interface has been in the holddown state for more than
3 minutes, a system log message with a warning level is sent. This message
appears in both the messages file and the trace file.

IS-IS Feature Guide
Figure 28: IS-IS and LDP Synchronization Topology
AS 65534
AS 64512
10.0.0.0/30 10.0.0.4/30 10.0.0.8/30 10.0.0.12/30
.1 .2 .5 .6 .9 .10 .13 .14
CE1 PE1 P1 P2 PE2
.21 .25
.29 .17
lo0,0 Addresses
10.0.0.24/30
CE1 10.255.1.1 10.0.0.16/30
PE1 10.255.2.2
P1 10.255.3.3 .26 .18
P2 10.255.4.4 10.0.0.20/30 .22 .30
P3 10.255.7.7 P3 CE2
PE2 10.255.5.5 10.0.0.28/30
CE2 10.255.6.6 AS
64512
g041274
This example describes the steps on Device P1.
Configuration
level.
Device P1 set protocols mpls interface all

set protocols isis interface all ldp-synchronization
set protocols isis interface all point-to-point
To configure synchronization between IS-IS and LDP:
1. Enable MPLS on the interfaces

user@P1# set interface all
user@P1# set interface fxp0.0 disable


3. Enable LDP on the interfaces.

4. Enable LDP synchronization on the IS-IS interfaces.
[edit protocols isis interface all]

user@P1# set ldp-synchronization
5. Configure the IS-IS interfaces to behave like point-to-point interfaces.
[edit protocols isis interface all]

user@P1# set point-to-point
user@P1# show protocols

mpls {
interface all;
interface fxp0.0 {
disable;
}
}
isis {
interface all {
ldp-synchronization;
point-to-point;
}
interface fxp0.0 {
disable;
}
}
ldp {
interface all;
interface fxp0.0 {
disable;
}
}
If you are done configuring the device, enter commit from configuration mode. Repeat
the configuration on Device R2.
Verification

IS-IS Feature Guide
Verifying LDP Synchronization
Purpose Check LDP synchronization setting on the IS-IS interfaces.
user@P1> show isis interface extensive

lo0.0
LSP interval: 100 ms, CSNP interval: disabled, Loose Hello padding
Level 1
Passive
Level 2
Passive
ge-1/2/0.0
LDP sync state: in sync, for: 17:22:06, reason: LDP up during config
config holdtime: infinity
Level 2
ge-1/2/1.0
Level 2
ge-1/2/2.0
Level 2
Meaning The output shows that LDP is synchronized with IS-IS.
Related • Understanding LDP-IGP Synchronization on page 275

Documentation

Layer 2 Mapping for IS-IS
IS-IS is a Layer 2 protocol that uses the Ethernet logical link control (LLC) encapsulation
format for exchanging information. IS-IS Layer 2 mapping ensures that forwarding
next-hop resolution is topology-driven rather than traffic-driven, which results in minimal
traffic loss while activating an Ethernet link.
Typically, IS-IS installs Layer 3 routes that point to Layer 2 next hops into the forwarding
table. Junos OS uses a Layer 3 anchor address notation to standardize the description
of a next hop. IS-IS uses Address Resolution Protocol (ARP) to map these IPv4 Layer 3
next-hop anchors to a Layer 2 Media Access Control (MAC) address and installs the
Layer 2 MAC addresses in the forwarding table for an Ethernet network. For IPv6 routes,
Junos OS uses neighbor discovery to resolve IPv6 Layer 3 next-hop anchors. The Routing
Engine installs a Layer 3 prefix along with the set of Layer 3 next-hop anchors for a route
in the forwarding table. This method of referencing a Layer 2 next hop using its Layer 3
anchor address in IS-IS networks has the following undesired ramifications:
• When a new route is added to the kernel, its forwarding next hop might not have been
resolved yet.
• As next-hop resolution is traffic-driven and always reactive, there is a nonzero traffic

loss when you activate an Ethernet link.
Enabling Layer 2 mapping helps to overcome these undesired ramifications in IS-IS

networks. IS-IS LAN and point-to point Hellos supply all relevant Layer 2 and Layer 3
binding address information, which the device at the receiving end can use to populate
the ARP or neighbor discovery cache of the kernel even before the route installation time.
When Layer 2 mapping is enabled, IS-IS installs ARP or neighbor discovery next-hop
entries into the forwarding table. Because this provides Layer 2 next-hop bindings ahead
of time, IS-IS networks do not experience traffic loss while bringing up a link. Each entry
gets enqueued as a semi-static ARP or neighbor discovery entry for simplifying garbage
collection by a crashed or restarting routing protocol process (rpd). Therefore, each entry
gets refreshed periodically.
The advantages of address resolution using IS-IS Hello messages are as follows:
• Forwarding next-hop resolution is topology-driven and not traffic-driven.
• Less Layer 2 resolution on core links because IS-IS already carries this information.
• Better security because IS-IS provides HMAC-MD5 and HMAC-SHA1 digests.
CAUTION: The ARP and neighbor discovery methods of address resolution

are susceptible to MAC address spoofing attacks.

IS-IS Feature Guide
NOTE: Junos OS supports all Ethernet based interface types. However,

non-Ethernet based interface types are not supported. Unnumbered IPv4
and IPv6 addresses are not supported as currently IS-IS does not have the
capability to generate the IP address neighbor TLVs #132 and #232 from the
loopback interface and advertise them on the unnumbered interface.
Related • layer2-map on page 509

Documentation
Example: Configuring Layer 2 Mapping for IS-IS
This example shows how to configure Layer 2 mapping for IS-IS, that is, mapping a Layer
2 MAC address to the IPv4 address of the forwarding next hop. Layer 2 mapping minimizes
traffic loss, provides better security, and reduces Layer 2 resolution processing on core
links while activating an Ethernet link.

Requirements
• Junos OS Release 16.1 or later running on all the devices
Overview
Layer 2 mapping ensures that the forwarding next-hop resolution is topology-driven
rather than traffic-driven. IS-IS LAN and point-to-point Hellos supply all relevant Layer
2 and Layer 3 binding address information for address resolution. The device at the
receiving end can use the information to populate the ARP or neighbor discovery cache
of the kernel even before the route installation time. When Layer 2 mapping is enabled,
IS-IS installs ARP or neighbor discovery next-hop entries into the forwarding table.
Because this provides Layer 2 next-hop bindings ahead of time, IS-IS networks do not
experience traffic loss while bringing up a link.
Topology
In Figure 29 on page 283, Router R1 is connected to Router R2. Layer 2 mapping is enabled
on Router R1. Router R2 receives the Layer 2 information from Router R1 and updates the
forwarding table.

Figure 29: Configuring Layer 2 Mapping for IS-IS
Configuration
Router R1 set interfaces ge-1/0/3 description R0–>R1_1

set interfaces ge-1/0/3 unit 0 family inet6 address 0000:0000:0000:0000:192:10:1:1/120
set interfaces ge-1/0/7 description R0–>RT0
set interfaces ge-1/1/1 description R0–>R1_2
set lo0 unit 0 family inet address 10.255.162.100/32
set protocols isis layer2-map
set protocols isis interface ge-1/0/3.0 level 2 disable
Router R2 set interfaces ge-0/0/2 descriptionR0–>R1_1

set interfaces ge-2/0/3 description R1–>RT0

IS-IS Feature Guide

set interfaces ge-2/0/8 description R0–>R1_2
set interfaces ge-2/0/8 unit 0 family inet6 address
0000:0000:0000:0000:192:10:2:2/120
set protocols isis interface ge-0/0/2.0 level 2 disable
To configure Layer 2 mapping on Router R1:
NOTE: Repeat this procedure for Router 2 after modifying the appropriate
1. Configure the device interfaces.
[edit interfaces]
user@R1# set ge-1/0/3 description R0–>R1_1
user@R1# set ge-1/0/3 unit 0 family inet6 address
0000:0000:0000:0000:192:10:1:1/120
user@R1# set ge-1/0/7 description R0–>RT0

0000:0000:0000:0000:193:1:1:1/120

user@R1# set ge-1/1/1 description R0–>R1_2

0000:0000:0000:0000:192:10:2:1/120
2. Configure the loopback interface.
[edit interfaces]
3. Configure the router id.
user@R1# set router-id 10.255.162.100
4. Configure RSVP, MPLS, and LDP on all interfaces excluding the management
interface.
[edit protocols]
user@R1# set rsvp interface all
user@R1# set rsvp interface lo0.0
user@R1# set rsvp interface fxp0.0 disable
user@R1# set mpls interface all

user@R1# set mpls interface lo0.0
user@R1# set mpls interface fxp0.0 disable
user@R1# set ldp interface all

user@R1# set ldp interface fxp0.0 disable
user@R1# set ldp interface lo0.0
5. Enable Layer 2 mapping.
[edit protocols]
user@R1# set isis layer2-map
6. Disable level 2 IS-IS on interface ge-1/0/3.0.
[edit protocols]
user@R1# set isis interface ge-1/0/3.0 level 2 disable

IS-IS Feature Guide
Results
[edit]
ge-1/0/3 {
description 0–>R1_1;
unit 0 {
family inet {
address 192.10.1.1/24;
}
family iso;
family inet6 {
address 0000:0000:0000:0000:192:10:1:1/120;
}
family mpls;
}
}
ge-1/0/7 {
description R0–>RT0;
unit 0 {
family inet {
address 193.1.1.1/30;
}
family iso;
family inet6 {
address 0000:0000:0000:0000:193:1:1:1/120;
}
family mpls;
}
}
ge-1/1/1 {
description R0–>R1_2;
unit 0 {
family inet {
address 192.10.2.1/30;
}
family iso;
family inet6 {
address 0000:0000:0000:0000:192:10:2:1/120;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.162.100/32;
}
}

[edit]
rsvp {
interface all;
interface lo0.0;
interface fxp0.0 {
disable;
}
}
mpls {
interface all;
interface lo0.0;
interface fxp0.0 {
disable;
}
}
isis {
layer2-map;
}
ldp {
interface all;
interface fxp0.0 {
disable;
}
interface lo0.0;
}
[edit]
router-id 10.255.162.100;
If you are done configuring the device, commit the configuration.
user@R1# commit
Verification

• Verifying That Layer 2 Mapping Is Enabled on page 288
• Verifying That the Layer 2 Address Is Mapped on page 288
Purpose Verify that the expected adjacencies have formed between Router R1 and Router R2.

IS-IS Feature Guide
Action From operational mode, run the show isis adjacency command on Router R1.

ge-1/0/3.0 R2 1 Up 8 88:e0:f3:5e:e8:2
Meaning The interface ge-1/0/3.0 on Router R1 has established adjacency with Router R2.
Verifying That Layer 2 Mapping Is Enabled
Purpose Verify that Layer 2 mapping is enabled on Router R1.
Action From operational mode, run the show isis interface detail command on Router R1.
user@R1> show isis interface detail

ge-1/0/3.0
Adjacency advertisement: Advertise, Layer2-map: Enabled
1 1 64 10 9.000 27 R2.02 (not us)
2 0 64 10 Disabled
Meaning The output confirms that Layer 2 mapping is enabled on Router R1.
Verifying That the Layer 2 Address Is Mapped
Purpose Display Layer 3 next hop and the mapped data link address in the kernel for the routing
instances.

Action From operational mode, run the show isis layer2-map command on Router R1.
user@R1> show isis layer2-map
Layer2 mapping database for instance master
IP Address Interface SNPA Refresh State

192.10.1.2 ge-1/0/3.0 88:e0:f3:5e:e8:2 00:11:54
fe80::8ae0:f3ff:fe5e:e802 ge-1/0/3.0 88:e0:f3:5e:e8:2 00:04:02
IPv4 records: 1
IPv6 records: 1
Meaning The Layer 2 MAC address of the next hop is mapped to the IP address of interface
ge-1/0/3.0 in the kernel.
Related • layer2-map on page 509

Documentation
• Layer 2 Mapping for IS-IS on page 281
• show isis layer2-map on page 690
Understanding Source Packet Routing in Networking (SPRING)
Source packet routing or segment routing is a control-plane architecture that enables

an ingress router to steer a packet through a specific set of nodes and links in the network
without relying on the intermediate nodes in the network to determine the actual path
it should take. In this context, the term ’source’ means ’the point at which the explicit
route is imposed’. Starting with Junos OS Release 17.2R1, segment routing for IS-IS and
OSPFv2 is supported on QFX5100 and QFX10000 switches.
Starting with Junos OS Release 17.3R1, segment routing for IS-IS and OSPFv2 is supported
on QFX5110 and QFX5200 switches.
Essentially segment routing engages IGPs like IS-IS and OSPF for advertising two types
of network segments or tunnels:
• First, a strict forwarded single-hop tunnel that carries packets over a specific link
between two nodes, irrespective of the link cost, referred to as adjacency segments.
• Second, a multihop tunnel using shortest path links between two specific nodes,
referred to as node segments.
Ingress routers can steer a packet through a desired set of nodes and links by
pre-appending the packet with an appropriate combination of tunnels.
Segment routing leverages the source routing paradigm. A node steers a packet through
an ordered list of instructions, called segments. A segment can represent any instruction,
topological or service-based. A segment can have a local semantic to a segment routing
node or to a global node within a segment routing domain. Segment routing enforces a

IS-IS Feature Guide
flow through any topological path and service chain while maintaining per-flow state
only at the ingress node to the segment routing domain. Segment routing can be directly
applied to the MPLS architecture with no change on the forwarding plane. A segment is
encoded as an MPLS label. An ordered list of segments is encoded as a stack of labels.
The segment to process is on the top of the stack. Upon completion of a segment, the
related label is popped from the stack. Segment routing can be applied to the IPv6
architecture, with a new type of routing extension header. A segment is encoded as an
IPv6 address. An ordered list of segments is encoded as an ordered list of IPv6 addresses
in the routing extension header. The segment to process is indicated by a pointer in the
routing extension header. Upon completion of a segment, the pointer is incremented.
Traffic engineering shortcuts are enabled for labeled IS-IS segment routes, when you
configure shortcuts at the following hierarchy levels:
• [edit protocols is-is traffic-engineering family inet] for IPv4 traffic.
• [edit protocols is-is traffic-engineering family inet6] for IPv6 traffic.
When source packet routing is deployed in the network, the data center, backbone, and
peering devices, switch MPLS packets with a label stack built by the source of the traffic;
for example, data center servers. In Junos OS Release 17.4R1, the source-routed traffic
co-exists with traffic taking RSVP signaled paths, and source routing is implemented as
regular label switching through mpls.0 table using the label operations – pop, swap (to
the same label value), and swap-push (for interface protection). In all the cases, traffic
can be load balanced between multiple Layer 3 interfaces, or within an aggregate
interface. Starting in Junos OS Release 17.4R1, the traffic statistics in a segment routing
network can be recorded in an OpenConfig compliant format for the Layer 3 interfaces.
The statistics is recorded for the Source Packet Routing in Networking (SPRING) traffic
only, excluding RSVP and LDP-signaled traffic, and the family MPLS statistics per interface
is accounted for separately. The SR statistics also includes SPRING traffic statistics per
link aggregation group (LAG) member, and per segment identifier (SID). To enable
recording of segment routing statistics, include sensor-based-stats statement at the
[edit protocol isis source-packet-routing] hierarchy level.
Prior to Junos OS Release 19.1R1, sensors were available for collecting segment routing
statistics for MPLS transit traffic only, which is MPLS-to-MPLS in nature. Starting in Junos
OS Release 19.1R1, on MX Series routers with MPC and MIC interfaces and PTX Series
routers, additional sensors are introduced to collect segment routing statistics for MPLS
ingress traffic, which is IP-to-MPLS in nature. With this feature, you can enable sensors
for label IS-IS segment routing traffic only, and stream the statistics to a gRPC client.
You can enable the segment routing statistics for MPLS ingress traffic using the egress
option under the per-sid configuration statement. The resource name for the per-sid
egress functionality is:
/junos/services/segment-routing/sid/egress/usage/
You can view the label IS-IS route association with the sensors using the show isis spring
sensor info command output. This command does not display counter values of the
actual sensors.

The segment routing statistics records are exported to a server. You can view segment
routing statistics data from the following the OpenConfig paths:
• /mpls/signaling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counter[ip-addr='L-ISIS-1.1.1.1']/state/counters[name='oc-xxx']/out-pkts
• /mpls/signaling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counter[ip-addr='L-ISIS-1.1.1.1']/state/counters[name='oc-xxx']/out-pkts
NOTE:
• Graceful Routing Engine switchover (GRES) is not supported for segment
routing statistics.
Nonstop active routing (NSR) is not supported for label IS-IS. During a
Routing Engine switchover, a new sensor is created in the new master
Routing Engine, replacing the sensor created by the previous master Routing
Engine. As a result, at the time of a Routing Engine switchover, the segment
routing statistics counter start from zero.
• Graceful restart is not support for label IS-IS.
In case of graceful restart, the existing sensor is deleted and a new sensor
is created during IS-IS initialization. The segment routing statistics counter
restarts from zero.
• In-service software upgrade (ISSU) and nonstop software upgrade (NSSU)

are not supported. In such cases, the segment routing statistics counter is
restarted.
• Zero-statistics segment routing data is suppresses and does not get

streamed to the gRPC clients.
19.1R1 Starting in Junos OS Release 19.1R1, on MX Series routers with MPC and MIC
interfaces and PTX Series routers, additional sensors are introduced to collect
segment routing statistics for MPLS ingress traffic, which is IP-to-MPLS in nature.
With this feature, you can enable sensors for label IS-IS segment routing traffic
only, and stream the statistics to a gRPC client.
17.4R1 Starting in Junos OS Release 17.4R1, the traffic statistics in a segment routing
network can be recorded in an OpenConfig compliant format for the Layer 3
interfaces.
17.3R1 Starting with Junos OS Release 17.3R1, segment routing for IS-IS and OSPFv2 is
supported on QFX5110 and QFX5200 switches.
17.2R1 Starting with Junos OS Release 17.2R1, segment routing for IS-IS and OSPFv2 is
supported on QFX5100 and QFX10000 switches.
Related • OSPF Support for Traffic Engineering

Documentation
• Advertising Label-Switched Paths into OSPFv2

IS-IS Feature Guide
• IS-IS Extensions to Support Traffic Engineering on page 246
• node-segment (Protocols OSPF)
• no-advertise-adjacency-segment (Protocols OSPF)
• no-source-packet-routing (Protocols OSPF)
• per-sid on page 559
• sensor-based-stats on page 574
• sensor (Junos Telemetry Interface)
• sensor-based-stats (Junos Telemetry Interface)
• show (ospf | ospf3) overview
• show (ospf | ospf3) neighbor
• show ospf database
• show (ospf | ospf3) route
• show route table on page 876
• level (Global IS-IS) on page 511
• show isis database on page 667
• show isis overview on page 692
• show isis route on page 699
• show isis adjacency on page 640
• source-packet-routing (Protocols IS-IS and OSPF) on page 580
• node-segment (Protocols IS-IS) on page 538
• no-advertise-adjacency-segment (Protocols IS-IS) on page 534
• use-source-packet-routing (Protocols IS-IS) on page 594

Understanding Adjacency Segments, Anycast Segments, and Configurable SRGB in

SPRING
Segment routing (SR) or Source Packet Routing in Networking (SPRING) is a control-plane

architecture that enables an ingress router to steer a packet through a specific set of
nodes and links without relying on the intermediate nodes in the network to determine
the actual path it should take. SPRING enables automation of a network by using a
software-defined network (SDN) controller for traffic steering and traffic engineering in
a WAN packet network. To steer packets through the specified set of nodes and links,
the ingress router prepends packets with segments that contain an appropriate
combination of tunnels. Each segment is associated with an identifier, which is referred
to as the segment identifier (SID). An ordered list of segments is encoded as a stack of
labels. Every node in the segment routing domain is allocated labels based on the
availability of the dynamic label range. A segment routing global block (SRGB) is the
range of label values reserved for segment routing.
Starting in Junos OS Release 17.2R1, you can define the SRGB for the IS-IS protocol, and
provide prefix anycast segments in addition to node segments to prefixes that are
advertised by the IS-IS protocol through policy configuration. Junos OS also extends
support to SPRING anycast segments and configurable adjacency segment indexes for
the IS-IS protocol.
• Benefits of Anycast Segments, Adjacency Segments, and Configurable SRGB on page 293
• Configurable Segment Routing Global Block on page 293
• Adjacency Segments and Prefix Segments on page 294
Benefits of Anycast Segments, Adjacency Segments, and Configurable SRGB

• With the support for anycast prefix segments on Junos OS, you can configure multiple
routers to advertise the same prefix with the same SID, which facilitates load balancing.
• Configuring the adjacency hold time helps retain segments for a specified period of
time after a link flaps and ensures faster convergence after a link fails.
• Configuring the SRGB label range ensures that the labels are more predictable across
segment routing domain.
Configurable Segment Routing Global Block

A segment is encoded as an MPLS label. An ordered list of segments is encoded as a
stack of labels. Every node in the segment routing domain is allocated labels by the node
label manager based on the index range configured for source packet routing. These
labels are allocated to the node segment based on the availability of the dynamic label
range managed by node label manager. An SRGB is the range of label values used in
segment routing. You can configure an available SRGB label range for the IS-IS and OSPF
protocols so that the labels are predictable across segment routing domains. Ensure
that the configured SRGB labels are not used by any other application.

IS-IS Feature Guide
Adjacency Segments and Prefix Segments

A node steers a packet to its destination through an ordered list of instructions, called
segments. Essentially, segment routing engages interior gateway protocols (IGPs) such
as IS-IS and OSPF to advertise two types of network segments:
• Adjacency segments—A strict forwarded single-hop tunnel that carries packets over
a specific link between two nodes, irrespective of the link cost.
• Prefix segments—A multihop tunnel that uses equal cost multi-hop aware shortest
path links to reach a prefix. The prefix SID supports both IPv4 and IPv6 prefixes. A node
segment is a special case of prefix segment that uses shortest path links between two
specific nodes. An anycast segment is also a type of prefix segment that identifies a
set of routers to advertise the same prefix with the same SID value.
Configurable Adjacency Segment Hold Time
The IS-IS protocol creates adjacency segments per adjacency, level, and address family
(one each for IPv4 and IPv6). An MPLS label is allocated for each adjacency segment
that gets created. These labels are allocated after the adjacency status of the segment
changes to the up state. Starting in Junos OS Release 17.2R1, you can configure a hold
time to ensure that IS-IS does not release the segments immediately after a link flaps
or goes down, but retains them for the configured hold time duration.
The OSPF protocol creates adjacency segments per adjacency. To ensure adjacency
segments are retained during adjacency or link flaps, the adjacency segments are not
released immediately during the link down. The default hold time for adjacency segments
is 180 seconds.
Prefix Segment Index
Currently, Junos OS enables you to configure a SPRING node SID for IPv4 and IPv6 address
families for each routing instance. This node SID is attached to an IPv4 and IPv6 router ID
if the router ID is configured on the loopback interface. Otherwise, the lowest IP address
assigned to the loopback interface is chosen as the node SID. Configuring a node SID
through policy allows you to choose the loopback address that gets the node SID. If the
node SID configuration exists and a policy is defined for node SID selection for the same
prefix, then the policy configuration takes precedence.
Starting in Junos OS Release 17.2R1, you can designate prefix segment indexes to prefix
SIDs, both anycast and node SIDs, that are advertised in IS-IS through policy configuration.
Remote routers use this index to consolidate prefixes into respective SRGBs and to derive
the segment identifier and forward the traffic destined for a specific prefix. After the
prefix segment indexes are provisioned, the devices running Junos OS advertise them in
one or more of the following IS-IS TLV types by using a new Prefix-SID Sub-TLV (type
3):
• IP Prefix TLV (type 135)
• MT IP Prefix TLV (type 235)

• IPV6 Prefix Reachability TLV (type 236)
• MT IPV6 Prefix Reachability TLV (type 237)
Starting in Junos OS Release 19.1, you can similarly designate prefix segment indexes to
prefix SIDs, both anycast and node SIDs, that are advertised in OSPF through policy
configuration. Remote routers use this index to consolidate prefixes into respective SRGBs
and to derive the segment identifier and forward the traffic destined for a specific prefix.
Anycast Segments
An IGP anycast segment is an IGP prefix segment that identifies a set of routers. An
anycast segment enforces forwarding based on the equal-cost multipath-aware
shortest-path toward the closest node of the anycast set. Within an anycast group, all
the routers advertise the same prefix with the same SID value, which facilitates load
balancing.
17.2R1 Starting in Junos OS Release 17.2R1, you can define the SRGB for the IS-IS protocol,
and provide prefix anycast segments in addition to node segments to prefixes that
are advertised by the IS-IS protocol through policy configuration. Junos OS also
extends support to SPRING anycast segments and configurable adjacency segment
indexes for the IS-IS protocol.
17.2R1 Starting in Junos OS Release 17.2R1, you can configure a hold time to ensure that
IS-IS does not release the segments immediately after a link flaps or goes down,
but retains them for the configured hold time duration.
Related • Configuring Anycast and Prefix segments in SPRING for IS-IS Protocol on page 327
Documentation
• Configuring Segment Routing Global Blocks Label Ranges in SPRING for IS-IS Protocol
on page 325
• adjacency-segment on page 453
• prefix-segment on page 564
• source-packet-routing on page 580
• srgb on page 582
• traffic-engineering on page 588
Example: Configuring Segment Routing Global Blocks in SPRING for IS-IS to Increase
Network Speed
This example shows how to define the segment routing label block (SRGB) label range
for segment packet routing in networking (SPRING) or segment routing (SR) for the IS-IS

IS-IS Feature Guide
protocol. This configuration ensures that the labels are more predictable across the
segment routing domain and thereby increasing the speed of the network.

Requirements
Before you configure the SRGB label range for SPRING in the IS-IS domain, be sure you
configured the routing and signaling protocols.
Overview
Currently, Junos OS allows you to configure only node segment indices. The value of the
start label depends on the dynamic label available in the system. Because there is no
predictability of the dynamic label range being allocated to the SRGB, Junos OS allows
you to configure the SRGB label range used by SPRING. The labels in the SRGB range
are used for SPRING in the IS-IS domain. This means the labels advertised are more
predictable and deterministic across the SPRING domain.
Topology
Figure 1 shows SRGB configured on router R1 and router R2.
R1 R2
ge-0/0/0 ge-0/0/0
192.0.2.1/24 192.0.2.2/24
lo0:
g043721
198.51.100.1/24
198.51.100.2/24
Configuration
R1 set chassis network-services enhanced-ip



set protocols isis source-packet-routing srgb start-label 400000
set protocols isis source-packet-routing srgb index-range 4000
set protocols isis source-packet-routing node-segment ipv4-index 2001

To configure device R1:
NOTE: Repeat this procedure for device R2 after modifying the appropriate
1. Configure enhanced-ip mode on the MX Series because the SRGB functionality is

supported on routers with MPCs and MIC interfaces only. A system reboot is required
after you commit this configuration.
[edit chassis network-services]

user@R1# set enhanced-ip

IS-IS Feature Guide
[edit interfaces]

user@R1# set lo0 unit 0 family inet6 address 2001:db8:10:10::1/128
3. Configure the MPLS protocol on the interface.

4. Configure the start label and index range of SRGB.
[edit protocols isis source-packet-routing]

user@R1# set srgb start-label 400000
user@R1# set srgb index-range 4000
5. Configure the IPv4 index value of the node segment.

user@R1# set node-segment ipv4-index 2001
6. Configure the IPv6 index value of the node segment.

user@R1# set node-segment ipv6-index 3001
7. Disable level 1, configure the IS-IS protocol on the interface, and configure loopback
interface lo0.0 as passive..
[edit protocols isis ]

user@R1# set level 1 disable
Results
interfaces, and show protocols commands. If the output does not display the intended
configuration, repeat the instructions in this example to correct the configuration.

network-services enhanced-ip;

ge-0/0/0 {
unit 0 {
family inet {
address 192.0.2.1/24;
}
family iso;
family inet6 {
address 2001:db8:1:1::1/128;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 198.51.100.1/24;
}
family iso {
address 49.0001.0010.0100.1001.00;
}
family inet6 {
address 2001:db8:10:10::1/128;
}
}
}

mpls {
}
isis {
source-packet-routing {
srgb start-label 400000 index-range 4000;
node-segment {
ipv4-index 2001;
ipv6-index 3001;
}
}
level 1 disable;
interface lo0.0 {
passive;
}
}

IS-IS Feature Guide
Verification
• Verifying IS-IS Neighbors on page 300

• Verifying the IS-IS Overview Information on page 300
• Verifying the IS-IS Configuration on page 301
• Verifying the Route Information of SRGB Label on page 303
• Verifying the Forwarding Table of SRGB Label 402002 on page 305
• Verifying the Route of SRGB Label on page 305
• Verifying the Forwarding Table of SRGB Label 403002 on page 307
Verifying IS-IS Neighbors
Purpose Verify IS-IS neighbors.
Action From operational mode, run the show isis adjacency command to display the IS-IS neighbor
information.

ge-0/0/0.0 R2 2 Up 7 0:5:86:7e:cc:0
Meaning The output displays the IS-IS neighbor information of device R1.
Verifying the IS-IS Overview Information
Purpose Verify the IS-IS overview information.

Action From operational mode, run the show isis overview command to display the IS-IS overview
information.
user@R1> show isis overview
Instance: master
Router ID: 198.51.100.1
Hostname: R1
Sysid: 0010.0100.1001
Areaid: 49.0001
Adjacency holddown: enabled
Maximum Areas: 3
LSP life time: 1200
Attached bit evaluation: enabled
SPF delay: 200 msec, SPF holddown: 5000 msec, SPF rapid runs: 3
IPv4 is enabled, IPv6 is enabled, SPRING based MPLS is enabled
Traffic engineering: enabled
Restart: Disabled
Helper mode: Enabled
Layer2-map: Disabled
Source Packet Routing (SPRING): Enabled
SRGB Config Range:
SRGB Start-Label : 400000, SRGB Index-Range : 4000
SRGB Block Allocation: Success
SRGB Start Index : 400000, SRGB Size : 4000, Label-Range: [ 400000, 403999
]
Node Segments: Enabled
Ipv4 Index : 2001, Ipv6 Index : 3001
Level 1
Internal route preference: 15
External route preference: 160
Prefix export count: 0
Wide metrics are enabled, Narrow metrics are enabled
Source Packet Routing is enabled
Level 2
Meaning The output displays the IS-IS overview information along with SPRING information.
Verifying the IS-IS Configuration
Purpose Verify the IS-IS configuration.

IS-IS Feature Guide
Action From operational mode, run the show route protocol isis command to display the IS-IS
route information.
user@R1> show route protocol isis

198.51.100.2/32 *[IS-IS/18] 00:17:27, metric 10

> to 192.0.2.2 via ge-0/0/0.0

198.51.100.2/32 *[L-ISIS/14] 00:17:26, metric 10

> to 192.0.2.2 via ge-0/0/0.0

16 *[L-ISIS/14] 00:21:03, metric 0

> to 192.0.2.2 via ge-0/0/0.0, Pop
16(S=0) *[L-ISIS/14] 00:02:54, metric 0
> to 192.0.2.2 via ge-0/0/0.0, Pop
17 *[L-ISIS/14] 00:21:03, metric 0
> to 2001:db8:0000:205:86ff:fe7e:cc00 via ge-0/0/0.0, Pop
17(S=0) *[L-ISIS/14] 00:02:54, metric 0
402002 *[L-ISIS/14] 00:17:26, metric 10

> to 192.0.2.2 via ge-0/0/0.0, Pop
402002(S=0) *[L-ISIS/14] 00:02:54, metric 10
> to 192.0.2.2 via ge-0/0/0.0, Pop
403002 *[L-ISIS/14] 00:17:23, metric 10
403002(S=0) *[L-ISIS/14] 00:02:54, metric 10

2400:1:1:1::/64 *[IS-IS/18] 00:17:23, metric 20

> to 2001:db8:0000:205:86ff:fe7e:cc00 via ge-0/0/0.0
2400:20:20:20::1/128
*[IS-IS/18] 00:17:23, metric 10

2400:20:20:20::1/128
*[L-ISIS/14] 00:17:23, metric 10
Meaning The output displays the IS-IS route information along with segment routing information.

Verifying the Route Information of SRGB Label
Purpose Verify the route information of SRGB label 402002 of IPv4 node 2002.

IS-IS Feature Guide
Action From operational mode, run the show route label 402002 extensive command to display
the route information of label 402002 of IPv4 node 2002.
user@R1> show route label 402002 extensive

402002 (1 entry, 1 announced)
TSI:
KRT in-kernel 402002 /52 -> {Pop }
*L-ISIS Preference: 14
Level: 2
Address: 0xb7a2710
Label operation: Pop
Load balance label: None;
Label element ptr: 0xb7a26a0
Session Id: 0x140
State: < Active Int >
Age: 19:24
Metric: 10
Task: IS-IS
AS path: I
402002(S=0) (1 entry, 1 announced)

TSI:
Level: 2
Address: 0xb7a27d0
Label element ptr: 0xb7a2760
Session Id: 0x140
Age: 4:52
Metric: 10
Task: IS-IS
AS path: I

Meaning The output displays the details of the SRGB label 402002 of IPv4 node 2002.
Verifying the Forwarding Table of SRGB Label 402002
Purpose Verify the forwarding table information of SRGB label 402002.
Action user@R1> show route forwarding-table label 402002
Routing table: default.mpls

MPLS:
402002 user 0 192.0.2.2 Pop 591 3 ge-0/0/0.0
402002(S=0) user 0 192.0.2.2 Pop 593 3 ge-0/0/0.0
Routing table: __mpls-oam__.mpls

MPLS:
Enabled protocols: Bridging, Single VLAN, Dual VLAN,
default perm 0 dscd 556 1
Meaning The output displays forwarding table information of SRGB label 402002 of IPv4 node
2002.
Verifying the Route of SRGB Label
Purpose Verify the route of SRGB label of IPv6 node 3002.

IS-IS Feature Guide
Action user@R1> show route label 403002 extensive

TSI:
Level: 2
Address: 0xb7a2830
Next hop: 2001:db8:0000:205:86ff:fe7e:cc00 via ge-0/0/0.0, selected

Label element ptr: 0xb7a26a0
Session Id: 0x141
Age: 21:06 Metric: 10
Task: IS-IS
AS path: I

TSI:
Level: 2
Address: 0xb7a2890
Next hop: 2001:db8:0000:205:86ff:fe7e:cc00 via ge-0/0/0.0, selected

Label element ptr: 0xb7a2760
Session Id: 0x141
Task: IS-IS
AS path: I
3002.

Verifying the Forwarding Table of SRGB Label 403002
Purpose Verify the forwarding table information of SRGB label 403002.
Action user@R1> show route forwarding-table label 403002

MPLS:
403002 user 0 2001:db8:0000:205:86ff:fe7e:cc00
Pop 594 3 ge-0/0/0.0
403002(S=0) user 0 2001:db8:0000:205:86ff:fe7e:cc00
Pop 596 3 ge-0/0/0.0

MPLS:
Enabled protocols: Bridging, Single VLAN, Dual VLAN,
3002.
Related • Understanding Adjacency Segments, Anycast Segments, and Configurable SRGB in

Documentation SPRING on page 293
on page 325
Example: Configuring Anycast and Prefix Segments in SPRING for IS-IS to Increase
Network Speed
This example shows how to configure prefix segments, segment-routing global blocks
(SRGBs), adjacency segments hold time, and explicit null flag for prefix segments in
source packet routing in networking (SPRING) or segment routing (SR).This configuration
helps in simplifying the network thereby increasing the speed of the network.


IS-IS Feature Guide
Requirements
• Eight MX Series routers.
• Junos OS Release 17.2 or later running on all devices.
Before you configure prefix segments in SPRING, be sure you configure routing and
signaling protocols.
Overview
In Junos OS Release 17.2 or later, you can provide prefix segment identifier (SID) and node
SID to prefixes that are advertised in IS-IS by configuring policies. Prefix segment index
is the index assigned to a specific prefix. This is used by all other remote routers in the
network to index the prefix into respective segment-routing global blocks (SRGBs) to
derive the segment identifier and to forward the traffic destined for this prefix. The prefix
SID supports both IPv4 and IPv6 prefixes. An IGP anycast segment is an IGP prefix segment
that identifies a set of routers. An anycast segment or anycast SID enforces forwarding
based on the equal-cost multipath-aware shortest-path towards the closest node of
the anycast set. Within an anycast group, all the routers advertise the same prefix with
the same SID value. The IS-IS protocol creates adjacency segments per adjacency, level,
and address family (one each for IPv4 and IPv6).
Topology
Figure 1 shows SRGBs, prefix segments, and adjacency hold time configured in SPRING
on routers R0 to R7.
R1 R2 R3
ge-0/0/0 ge-0/0/1 ge-0/0/0 ge-0/0/1 ge-0/0/0 ge-0/0/1
192.0.2.2/24 10.0.2.1/24 10.0.2.2/24 10.0.3.1/24 10.0.3.2/24 10.0.4.1/24
ge-0/0/2 ge-0/0/1
192.0.2.1/24 10.0.4.2/24
R0 R7
ge-0/0/0 ge-0/0/2
10.0.1.1/24 10.0.7.1/24
R4 R5 R6
ge-0/0/1 ge-0/0/0 ge-0/0/1 ge-0/0/0 ge-0/0/0 ge-0/0/1
10.0.1.2/24 10.0.6.1/24 10.0.6.2/24 10.0.5.2/24 10.0.5.1/24 10.0.7.2/24
lo0:
203.0.113.1/24
203.0.113.2/24
203.0.113.3/24
203.0.113.4/24
203.0.113.5/24
g043727
203.0.113.6/24
203.0.113.7/24
Configuration

NOTE: This topology demonstrates IPv4 prefixes. The same is applicable for
IPv6 prefixes.

set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 unit 1 vlan-id 1
set interfaces ge-0/0/2 unit 1 family mpls maximum-labels 5
set interfaces lo0 unit 0 family iso address 49.0001.000a.0a0a.0a00
set routing-options forwarding-table chained-composite-next-hop ingress l3vpn
set protocols rsvp interface all link-protection
set protocols mpls traffic-engineering
set protocols isis export prefix-sid
set protocols isis backup-spf-options use-source-packet-routing
set protocols isis graceful-restart restart-duration 30
set protocols isis source-packet-routing adjacency-segment hold-time 240000
set protocols isis source-packet-routing explicit-null
set protocols isis interface ge-0/0/0.1 node-link-protection
set policy-options policy-statement prefix-sid term 1 from route-filter 203.0.113.1/24 exact
set policy-options policy-statement prefix-sid term 1 then prefix-segment index 1000
set policy-options policy-statement prefix-sid term 1 then prefix-segment node-segment
set policy-options policy-statement prefix-sid term 1 then accept


IS-IS Feature Guide

set interfaces lo0 unit 0 family iso address 49.0001.0001.0101.0100
set protocols mpls traffic-engineering
set protocols isis backup-spf-options per-prefix-calculation
set protocols isis traffic-engineering family inet shortcuts
set protocols isis graceful-restart restart-duration 30
set protocols isis label-switched-path to_r2
set policy-options policy-statement prefix-sid term 1 from route-filter 203.0.113.2/24
exact
set policy-options policy-statement setpref from protocol isis
set policy-options policy-statement setpref from level 2
set policy-options policy-statement setpref then preference 11
set policy-options policy-statement setpref then local-preference 11
set policy-options policy-statement setpref then accept

set interfaces ge-0/0/0 encapsulation flexible-ethernet-services
set interfaces ge-0/0/1 encapsulation flexible-ethernet-services


set protocols mpls label-switched-path to_r1 to 203.0.113.2
set protocols mpls label-switched-path to_r1 primary path1 deactivate protocols mpls
label-switched-path to_r1
set protocols mpls path 10.0.2.1
set protocols mpls path path1 10.0.2.1 strict
set protocols isis export leakl2tol1
set protocols isis label-switched-path to_r1
set policy-options policy-statement leakl2tol1 from protocol isis
set policy-options policy-statement leakl2tol1 from level 2
set policy-options policy-statement leakl2tol1 to protocol isis
set policy-options policy-statement leakl2tol1 to level 1
set policy-options policy-statement leakl2tol1 then accept
exact

set interfaces ge-0/0/0 unit 1 family inet address 10-.0.3.2/24

IS-IS Feature Guide

exact

exact


set protocols isis export leakl2tol1
set policy-options policy-statement leakl2tol1 from protocol isis
set policy-options policy-statement leakl2tol1 from level 2
set policy-options policy-statement leakl2tol1 to protocol isis
set policy-options policy-statement leakl2tol1 to level 1
set policy-options policy-statement leakl2tol1 then accept
exact


IS-IS Feature Guide

exact

set protocols mpls explicit-null


exact
set policy-options policy-statement setpref from protocol isis
set policy-options policy-statement setpref from level 2
set policy-options policy-statement setpref then preference 11
set policy-options policy-statement setpref then local-preference 11
set policy-options policy-statement setpref then accept
set policy-options policy-statement stat term 1 from protocol static
set policy-options policy-statement stat term 1 then accept
NOTE: Repeat this procedure for every router in the SPRING domain, after
modifying the appropriate interface names, addresses, and any other
parameters for each router.
1. Configure enhanced IP mode on the MX Series router because the SRGB functionality
is supported on routers with MPCs and MIC interfaces only. A system reboot is
required after you commit this configuration.
[edit chassis]
user@R4# set network-services enhanced-ip
[edit interfaces]
user@R4# set ge-0/0/0 vlan-tagging
user@R4# set ge-0/0/0 unit 1 vlan-id 1
user@R4# set ge-0/0/1 vlan-tagging

user@R4# set ge-0/0/1 unit 1 vlan-id 1

IS-IS Feature Guide


user@R4# set lo0 unit 0 family iso address 49.0001.0004.0404.0400
3. Configure the router ID for a routing option.
4. Configure the export policy for the forwarding table.
user@R4# set forwarding-table export pplb
5. Enable RSVP link protection on the all interfaces.

user@R4# set interface all link-protection
6. Configure the MPLS interface.

user@R4# set interface all
7. Configure the export policy for the IS-IS protocol.

user@R4# set export prefix-sid
8. Configure backup shortest-path-first options to calculate remote loop-free alternate

(LFA) backup next hops and to use SPRING routed paths for protection for the IS-IS
protocol.

user@R4# set backup-spf-options remote-backup-calculation
user@R4# set backup-spf-options use-source-packet-routing
9. Configure adjacency segment hold time in SPRING for the IS-IS protocol.

user@R4# set source-packet-routing adjacency-segment hold-time 240000

10. Configure the start label and index range for segment routing global blocks (SRGBs)
in SPRING for the IS-IS protocol.

user@R4# set source-packet-routing srgb start-label 800000
user@R4# set source-packet-routing srgb index-range 40000
11. Configure explicit null in SPRING for the IS-IS protocol.

user@R4# set source-packet-routing explicit-null
12. Configure the interfaces to protect from both link and node faults.

user@R4# set interface ge-0/0/0.1 node-link-protection
user@R4# set interface ge-0/0/1.1 node-link-protection
user@R4# set interface all node-link-protection
13. Disable the management interface and configure the loopback address as passive
for the IS-IS protocol.

user@R4# set interface fxp0.0 disable
14. Configure per packet load balancing for the routing policy.
[edit policy-options policy-statement pplb]

user@R4# set then load-balance per-packet
15. Configure the route filter for the routing policy term.
[edit policy-options policy-statement prefix-sid]

user@R4# set term 1 from route-filter 203.0.113.5/24 exact
16. Configure the index and node segment of the prefix segment for the routing policy
term.
[edit policy-options policy-statement prefix-sid]

user@R4# set term 1 then prefix-segment index 1004
user@R4# set term 1 then prefix-segment node-segment
user@R4# set term 1 then accept

IS-IS Feature Guide
Results
interfaces, show protocols, show policy-options, and show routing-options commands.
If the output does not display the intended configuration, repeat the instructions in this

network-services enhanced-ip;

ge-0/0/0 {
vlan-tagging;
unit 1 {
vlan-id 1;
family inet {
address 10.0.6.2/24;
}
family iso;
}
}
ge-0/0/1 {
vlan-tagging;
unit 1{
vlan-id 1;
family inet {
address 10.0.1.2/24;
}
family iso;
family mpls ;
}
}
lo0 {
unit 0 {
family inet {
address 203.0.113.5/24;
}
family iso {
address 49.0001.0004.0404.0400;
}
}
}

rsvp {
interface all {
link-protection;
}
}
mpls {
interface all;
}

isis {
export prefix-sid;
use-source-packet-routing;
}
adjacency-segment hold-time 240000;
srgb start-label 800000 index-range 40000;
explicit-null;
}
}
}
interface all {
}
interface fxp0.0 {
disable;
}
interface lo0.0 {
passive;
}
}

policy-statement pplb {
then {
}
}
policy-statement prefix-sid {
term 1 {
from {
}
then {
prefix-segment index 1004 node-segment;
accept;
}
}
}

router-id 203.0.113.5;
forwarding-table {
export pplb;
}

IS-IS Feature Guide
Verification
• Verifying the IS-IS Adjacency Routes on page 320

• Verifying the IS-IS Overview Information on page 321
• Verifying the Segment Routing Route Entries for the IS-IS Protocol on page 322
• Verifying the MPLS Segment Routing Route Entries for the IS-IS Protocol on page 323
Verifying the IS-IS Adjacency Routes
Purpose Verify the adjacency of Router R4.

R5
Circuit type: 3, Speaks: IP, IPv6, MAC address: 0:5:86:e:2b:0
Topologies: Unicast
Level 1 IPv4 Adj-SID: 16
R5
Circuit type: 3, Speaks: IP, IPv6, MAC address: 0:5:86:e:2b:0
Topologies: Unicast
R0
Circuit type: 3, Speaks: IP, IPv6, MAC address: 0:5:86:5e:8e:1
Topologies: Unicast
R0
Circuit type: 3, Speaks: IP, IPv6, MAC address: 0:5:86:5e:8e:1
Topologies: Unicast
Meaning The output shows the IS-IS adjacency details of Router R4 with Router R0 and R5.
Verifying the IS-IS Overview Information
Purpose Verify the IS-IS overview information of Router R4.

IS-IS Feature Guide
Action From operational mode, enter the show isis overview command.
user@R4> show isis overview
Instance: master
Router ID: 203.0.113.5
Hostname: R4
Sysid: 0100.0404.0404
Areaid: 47.0005.80ff.f800.0000.0108.0001
Maximum Areas: 3
LSP life time: 1200
IPv4 is enabled, IPv6 is enabled, SPRING based MPLS is enabled
Restart: Disabled
Layer2-map: Disabled
Source Packet Routing (SPRING): Enabled
SRGB Config Range:
SRGB Start-Label : 800000, SRGB Index-Range : 40000
SRGB Block Allocation: Success
SRGB Start Index : 800000, SRGB Size : 40000, Label-Range: [ 800000, 839999
]
Node Segments: Disabled
Level 1
Level 2
Meaning The output displays the IS-IS overview information of the routing instance along with
the SPRING details of Router R4.
Verifying the Segment Routing Route Entries for the IS-IS Protocol
Purpose Verify the segment routing route entries of the routing table inet.3 for the IS-IS protocol.

Action From operational mode, enter the show route table inet.3 protocol isis command.
user@R4> show route table inet.3 protocol isis

203.0.113.0/24 *[L-ISIS/14] 00:09:31, metric 10

to 10.0.6.2 via ge-0/0/0.0, Push 0
> to 10.0.1.1 via ge-0/0/1.0, Push 0
203.0.113.2/32 *[L-ISIS/14] 00:02:44, metric 20
> to 10.0.1.1 via ge-0/0/1.0, Push 801001
Meaning The output shows the segment routing routes of routing table inet.3 for the IS-IS protocol.
Verifying the MPLS Segment Routing Route Entries for the IS-IS Protocol
Purpose Verify the MPLS segment routing route entries for the IS-IS protocol.

IS-IS Feature Guide
Action From operational mode, enter the show route table mpls.0 protocol isis command.
user@R4> show route table mpls.0 protocol isis

0 *[MPLS/0] 2d 01:56:20, metric 1

to table inet.0
0(S=0) *[MPLS/0] 2d 01:56:20, metric 1
to table mpls.0
1 *[MPLS/0] 2d 01:56:20, metric 1
Receive
2 *[MPLS/0] 2d 01:56:20, metric 1
to table inet6.0
2(S=0) *[MPLS/0] 2d 01:56:20, metric 1
to table mpls.0
13 *[MPLS/0] 2d 01:56:20, metric 1
Receive
16 *[L-ISIS/14] 2d 01:52:56, metric 0
> to 10.0.6.2 via ge-0/0/0.0, Pop
16(S=0) *[L-ISIS/14] 00:01:34, metric 0
> to 10.0.6.2 via ge-0/0/0.0, Pop
17 *[L-ISIS/14] 2d 01:52:56, metric 0
> to 10.0.6.2 via ge-0/0/0.0, Pop
17(S=0) *[L-ISIS/14] 00:10:49, metric 0
> to 10.0.6.2 via ge-0/0/0.0, Pop
18 *[L-ISIS/14] 2d 01:46:40, metric 0
> to 10.0.1.1 via ge-0/0/1.0, Pop
18(S=0) *[L-ISIS/14] 00:01:34, metric 0
> to 10.0.1.1 via ge-0/0/1.0, Pop
19 *[L-ISIS/14] 2d 01:46:40, metric 0
> to 10.0.1.1 via ge-0/0/1.0, Pop
19(S=0) *[L-ISIS/14] 00:10:49, metric 0
> to 10.0.1.1 via ge-0/0/1.0, Pop
801000 *[L-ISIS/14] 2d 01:46:40, metric 10
to 10.0.6.2 via ge-0/0/0.0, Swap 801000
> to 10.0.1.1 via ge-0/0/1.0, Swap 0
801000(S=0) *[L-ISIS/14] 00:01:34, metric 10
to 10.0.6.2 via ge-0/0/0.0, Swap 801000
> to 10.0.1.1 via ge-0/0/1.0, Pop
801001 *[L-ISIS/14] 2d 01:46:14, metric 10
to 10.0.6.2 via ge-0/0/0.0, Swap 801001
> to 10.0.1.1 via ge-0/0/1.0, Swap 801001
801002 *[L-ISIS/14] 1d 21:57:31, metric 10
to 10.0.6.2 via ge-0/0/0.0, Swap 801002
> to 10.0.1.1 via ge-0/0/1.0, Swap 801002
801003 *[L-ISIS/14] 1d 21:56:57, metric 10
to 10.0.6.2 via ge-0/0/0.0, Swap 801003
> to 10.0.1.1 via ge-0/0/1.0, Swap 801003
801005 *[L-ISIS/14] 2d 01:46:40, metric 10
to 10.0.6.2 via ge-0/0/0.0, Swap 0
> to 10.0.1.1 via ge-0/0/1.0, Swap 801005
801005(S=0) *[L-ISIS/14] 00:01:34, metric 10
to 10.0.6.2 via ge-0/0/0.0, Pop
> to 10.0.1.1 via ge-0/0/1.0, Swap 801005
801006 *[L-ISIS/14] 2d 01:46:40, metric 10
to 10.0.6.2 via ge-0/0/0.0, Swap 801006
> to 10.0.1.1 via ge-0/0/1.0, Swap 801006

801007 *[L-ISIS/14] 1d 21:56:24, metric 10

to 10.0.6.2 via ge-0/0/0.0, Swap 801007
> to 10.0.1.1 via ge-0/0/1.0, Swap 801007
Meaning The output shows the MPLS segment routing route entries for protocol IS-IS.
Related • Configuring Anycast and Prefix segments in SPRING for IS-IS Protocol on page 327
Documentation
on page 325

SPRING on page 293
Configuring Segment Routing Global Blocks Label Ranges in SPRING for IS-IS Protocol
Segment routing (SR) or source packet routing in networking (SPRING) is a control-plane

the actual path it should take. The label range for a segment routing global block (SRGB)
is the range of label values used in segment routing. You can configure the start of the
label range and the index range. The end of the label range is the summation of the start
label value and the index range.
Before you configure SPRING SRGB for ISIS protocol, you must:
• Configure the router interfaces.
• Configure ISIS.
To configure SPRING SRGB label range on a device:
1. Configure the start-label and index-range of SRGB. The start label value indicates
the start of the SPRING label block and the index range along with the start label
indicate the end of the label block.

user@host# set srgb start-label start-label-value
user@host# set srgb index-range index-range-value

IS-IS Feature Guide
NOTE: The default value for the index range is 4096. This causes chunks
of 256 label blocks being dynamically allocated by the label manager
depending on the availability.
For example, configure SRGB with start-label 800,000 and index-range 40,000. The
start label of the SPRING label block is 800,000 and the end of the label block is
840,000.

user@host# set srgb start-label 800000
user@host# set srgb index-range 40000
NOTE: Ensure that the labels in the SRGB label range are not used by any
other applications. If a label in the configured label range is used by another
application, then a syslog error message RPD_ISIS_SRGBALLOCATIONFAIL
is logged to indicate that the label manager is unable to allocate the
requested SRGB label range. To free up the configured label range, check
the label ranges configured at the [edit protocol mpls label-range] hierarchy
level and re-configure the SRGB label range with a label range that is
available and restart the routing protocol process (RPD).
2. Configure the value of IPv4 node segment index.

user@host# set node-segment ipv4-index ipv4-index-value
For example, configure 1001 for IPv4 node segment index.

user@host# set node-segment ipv4-index 1001
3. Configure the value of IPv6 node segment index.

user@host# set node-segment ipv6-index ipv6-index-value
For example, configure 2001 for IPv6 node segment index.

user@host# set node-segment ipv6-index 2001


Configuring Anycast and Prefix segments in SPRING for IS-IS Protocol
Segment routing (SR) or source packet routing in networking (SPRING) is a control-plane

the actual path it should take. Segment routing global block (SRGB) is the range of label
values used in segment routing. Junos OS allows you to configure prefix segment identifier
(SID) and node SID to prefixes that are advertised in IS-IS through policy configuration.
Before you configure SPRING SRGB, prefix SID, and anycast SID for the IS-IS protocol,
you must:
• Configure the router interfaces.
• Configure the router ID.
• Configure IS-IS.
To configure device R1 with SPRING SRGB, prefix SID, and anycast SID for IS-IS protocols:
1. Configure the start-label and index-range of SRGB.

user@host# set srgb start-label start-label-value
user@host# set srgb index-range index-range-value
For example, configure SRGB with start-label 800000 and index-range 40000 .

user@host# set srgb start-label 800000
user@host# set srgb index-range 40000
2. Configure the routing policy to match a route (IPv4 or IPv6 ) exactly. Configure the
index and the node segment of the prefix segment for a given term and accept the
routing policy.
[edit policy-options policy-statement policy-name term term-value from]

user@host# set route-filter IP address exact
user@host# set prefix-segment index index-value
user@host# set prefix-segment node-segment
user@host# set accept
NOTE: Configure node segment as /32 prefix on loopback interface (lo0.0)

or on a valid stub interface.

IS-IS Feature Guide
For example, configure the routing policy to match the IPv4 route exactly. Configure
the index and the node segment of the prefix segment for a given term and accept
the routing policy.

user@host# set route-filter 198.51.100.1/32 exact
For example, configure the routing policy to match the IPv6 route exactly. Configure
the index and the node segment of the prefix segment for a given term and accept
the routing policy.

user@host# set route-filter 2001:db8::/32 exact
3. Configure the index and the node segment of the prefix segment for a given term and
accept the routing policy.
[edit policy-options policy-statement policy-name term term-value then]

For example, configure the prefix segment with index 1004 and the node segment for
term 1 of policy statement prefix SID and accept the routing policy.
[edit policy-options policy-statement prefix-sid term 1 then]

user@host# set prefix-segment index 1004
4. Configure the routing policy with the same prefix (IPv4 or IPv6 )and same prefix
segment on more than one routers for anycast SID.
NOTE: For anycast prefix SID, configure prefix SID on loopback interface(
lo0.0).
[edit policy-options policy-statement prefix-sid term 1 ]

user@host# set from route-filter IP address exact
user@host# set then prefix-segment index index-value
user@host# set then accept
For example, configure IPv4 prefix 198.51.100.1/32 with prefix segment 1000 on two
routers R0 and R1 for anycast SID.


user@host# set from route-filter 198.51.100.1/32 exact
user@host# set then prefix-segment index 1000
For example, configure IPv6 prefix 2001:db8::/32 with prefix segment 1000 on two
routers R0 and R1 for anycast SID.

user@host# set from route-filter 2001:db8::/32 exact
user@host# set then prefix-segment index 2000
5. Configure export policy on the IS-IS protocol.

user@host# export prefix-sid
6. Configure traffic-engineering shortcuts for IPv4-MPLS family traffic.
[edit protocols isis traffic-engineering]

user@host# set family inet-mpls shortcuts
7. Configure traffic-engineering shortcuts for IPv6-MPLS family traffic.

user@host# set family inet6-mpls shortcuts
8. Configure explicit NULL to enable E and P bits in all prefix SID advertisements.
[edit protocol isis source-packet-routing]

user@host# set explicit-null
9. Configure adjacency segment hold time to retain segment adjacency.

user@host# set adjacency-segment hold-time hold-time
For example, configure adjacency segments with 240,000 milliseconds hold time.

user@host# set adjacency-segment hold-time 240000


IS-IS Feature Guide

Understanding Topology-Independent Loop-Free Alternate with Segment Routing for

IS-IS

IS-IS Feature Guide
Segment routing enables a router to send a packet along a specific path in the network
by imposing a label stack that describes the path. The forwarding actions described by
a segment routing label stack do not need to be established on a per-path basis. Therefore,
an ingress router can instantiate an arbitrary path using a segment routing label stack
and use it immediately without any signaling.
In segment routing, each node advertises mappings between incoming labels and
forwarding actions. A specific forwarding action is referred to as a segment and the label
that identifies that segment is referred to as a segment identifier (SID). The backup paths
created by TI-LFA use the following types of segments:
• Node segment—A node segment forwards packets along the shortest path or paths
to a destination node. The label representing the node segment (the node SID) is
swapped until the destination node is reached.
• Adjacency segment—An adjacency segment forwards packets across a specific

interface on the node that advertised the adjacency segment. The label representing
an adjacency segment (the adjacency SID) is popped by the node that advertised it.
A router can send a packet along a specific path by creating a label stack that uses a
combination of node SIDs and adjacency SIDs. Typically, node SIDs are used to represent
parts of the path that correspond to the shortest path between two nodes. An adjacency
SID is used wherever a node SID cannot be used to accurately represent the desired path.
Loop-free alternate (LFA) and remote LFA (RLFA) have been used to provide fast-reroute
protection for several years. With LFA, a point of local repair (PLR) determines whether
or not a packet sent to one of its direct neighbors reaches its destination without looping
back through the PLR. In a typical network topology, approximately 40 to 60 percent of
the destinations can be protected by LFA. Remote LFA expands on the concept of LFA
by allowing the PLR to impose a single label to tunnel the packet to a repair tunnel
endpoint from which the packet can reach its destination without looping back through
the PLR. Using remote LFA, more destinations can be protected by the PLR compared
to LFA. However, depending on the network topology, the percentage of destinations
protected by remote LFA is usually less than 100 percent.
Topology-independent LFA (TI-LFA) extends the concept of LFA and remote LFA by
allowing the PLR to use deeper label stacks to construct backup paths. In addition, the
TI-LFA imposes the constraint that the backup path used by the PLR be the same path
that a packet takes once the interior gateway protocol (IGP) has converged for a given
failure scenario. This path is referred to as the post-convergence path.
Using the post-convergence path as the backup path has some desirable characteristics.
For some topologies, a network operator only needs to make sure that the network has
enough capacity to carry the traffic along the post-convergence path after a failure. In
these cases, a network operator does not need to allocate additional capacity to deal
with the traffic pattern immediately after the failure while the backup path is active,
because the backup path follows the post-convergence path.
TI-LFA provides protection against link failure, node failure, and fate-sharing failures. In
link failure mode, the destination is protected if the link fails. In node protection mode,
the destination is protected if the neighbor connected to the primary link fails. To

determine the node-protecting post-convergence path, the cost of all the links leaving
the neighbor is assumed to increase by a configurable amount.
With fate-sharing protection, a list of fate-sharing groups are configured on each PLR
with the links in each fate-sharing group identified by their respective IP addresses. The
PLR associates a cost with each fate-sharing group. The fate-sharing-aware
post-convergence path is computed by assuming that the cost of each link in the same
fate-sharing group as the failed link has increased the cost associated with that group.
In order to construct a backup path that follows the post-convergence path, TI-LFA uses
several labels in the label stack that define the backup path. If the number of labels
required to construct a particular post-convergence backup path exceeds a certain
amount, it is useful in some circumstances to not install that backup path. You can
configure the maximum number of labels that a backup path can have in order to be
installed. The default value is 3, with a range of 2 through 5.
It is often the case that the post-convergence path for a given failure is actually a set of
equal-cost paths. TI-LFA attempts to construct the backup paths to a given destination
using multiple equal-cost paths in the post-failure topology. Depending on the topology,
TI-LFA might need to use different label stacks to accurately construct those equal-cost
backup paths. By default, TI-LFA only installs one backup path for a given destination.
However, you can configure the value in the range from 1 through 8.
Starting in Junos OS Release 19.1R1, you can configure a point of local repair (PLR) to
create a topology independent loop-free alternate backup path for prefix-SIDs derived
from LDP mapping server advertisements in an IS-IS network. In a network configured
with segment routing, IS-IS uses the LDP mapping server advertisements to derive
prefix-SIDs. LDP mapping server advertisements for IPv6 are currently not supported.
To attach flags to LDP mapping server advertisements, include the attached,
domain-wide-flooding, and no-node-segment statements at the [edit routing-options
source-packet-routing mapping-server-entry mapping-server-name] hierarchy level.
The backup path for prefix-SIDs from LDP mapping server advertisements are not created
in the following scenarios:
• If some hops are present in a non-SR domain.
• If the segment routing node is advertising a prefix and a prefix-SID index directly, then
Junos OS uses the prefix-SID index and disregards the mapping server advertisement
for that prefix.
• If a backup path requires an adjacency-SID from the LDP domain then the backup path
cannot be installed.
• If the PLR is unable to determine the label mapping using LDP.
NOTE: Currently you cannot configure remote LFA and TI-LFA on a SR-LDP
stitching node in the same instance. Therefore, you cannot configure both
post-convergence-lfa and link-protection on the same device.

IS-IS Feature Guide
Set the following mapping server advertisement flags to indicate the origin of the
advertised prefix:
Flag TLV Name Flag Values Length Description
A Label Binding TLV 0, 1 1 Attached Flag–Include the attached configuration statement

to set this flag to 1 to indicate that the prefixes and SIDs
default value is 0 advertised in the SID or Label Binding TLV are directly
connected to their originators.
S Label Binding TLV 0, 1 1 Include the domain-wide-flooding configuration statement to

set this flag to 1 to indicate that the SID or Label Binding TLV
default value is 0 is flooded across the entire routing domain.
D Label Binding TLV 0, 1 1 Set by a border node when readvertising a SID or Label Binding
TLV to indicate that the SID or Label Binding TLV is leaked
default value is 0 from level 2 to level 1.
N Prefix-SID sub TLV 0, 1 1 Include the no-node-segment configuration statement to set

this flag to 0 to indicate that the prefix has originated from a
default value is 1 single node.
19.1R1 Starting in Junos OS Release 19.1R1, you can configure a point of local repair
(PLR) to create a topology independent loop-free alternate backup path for
prefix-SIDs derived from LDP mapping server advertisements in an IS-IS
network.
Related • Configuring Topology-Independent Loop-Free Alternate with Segment Routing for

Documentation IS-IS on page 335

• post-convergence-lfa on page 561
• use-post-convergence-lfa on page 595
• use-for-post-convergence-lfa on page 596
• node-protection on page 537

Configuring Topology-Independent Loop-Free Alternate with Segment Routing for

IS-IS
Loop-free alternate (LFA) and remote LFA have been used to provide fast-reroute
protection for several years. With LFA, a point of local repair (PLR) determines whether
or not a packet sent to one of its direct neighbors will reach its destination without looping
back through the PLR. In a typical network topology, perhaps 40-60 percent of
destinations can be protected by LFA. Remote LFA expands on the concept of LFA by
allowing the PLR to impose a single label to tunnel the packet to a repair tunnel endpoint
from which the packet can reach its destination without looping back through the PLR.
Using remote LFA, more destinations can be protected by the PLR compared to LFA.
However, depending on the network topology, the percentage of destinations protected
by remote LFA usually less than 100 percent.
Topology-independent loop-free alternate (TI-LFA) extends the concept of LFA and

remote LFA by allowing the PLR to use deeper label stacks to construct backup paths.
In addition, TI-LFA imposes the constraint that the backup path used by the PLR be the
same path that a packet takes once the IGP converges for a given failure scenario. This
path is referred to as the post-convergence path.
Using the post-convergence path as the backup path has some desirable characteristics.
For some topologies, a network operator only needs to make sure that the network has
enough capacity to carry the traffic along the post-convergence path after a failure. In
these cases, a network operator does not need to allocate additional capacity to deal
with the traffic pattern immediately after the failure while the backup path is active,
because the backup path follows the post-convergence path.
Before you configure TI-LFA for IS-IS, be sure you configure SPRING or segment routing.
To configure TI-LFA using SPRING for IS-IS, you must do the following:
1. Enable TI-LFA for IS-IS protocol.

user@R1# set use-post-convergence-lfa
2. (Optional) Configure backup shortest path first (SPF) attributes such as maximum
equal-cost multipath (ECMP) backup paths and maximum labels for TI-LFA for the
IS-IS protocol.
[edit protocols isis backup-spf-options use-post-convergence-lfa]

user@R1# set maximum-backup-paths maximum-backup-paths
user@R1# set maximum-labels maximum-labels
3. Configure the computation and installation of a backup path that follows the
post-convergence path on the given interface and level for the IS-IS protocol.
[edit protocols isis interface interface-name level level

user@R1# set post-convergence-lfa

IS-IS Feature Guide
4. (Optional) Enable fate-sharing protection for a given interface and level. Specify the
fate-sharing group to use as a constraint for the post-convergence path.
NOTE: You do not have to configure the use-for-post-convergence-lfa

statement and the fate-sharing-protection statement for basic link
protection for the backup path.
[edit routing-options fate-sharing group group-name]

user@R1# set use-for-post-convergence-lfa
[edit protocols isis interface interface-name level level post-convergence-lfa]

user@R1# set fate-sharing-protection
5. (Optional) Enable node protection for a given interface and level.
[edit protocols isis interface interface-name level level post-convergence-lfa]

user@R1# set node-protection
Related • Understanding Topology-Independent Loop-Free Alternate with Segment Routing for


Example: Configuring Topology Independent Loop-Free Alternate with Segment

Routing for IS-IS
This example shows topology-independent loop-free alternate (TI-LFA) with segment

routing for the IS-IS protocol to provide MPLS fast reroute (FRR) backup paths
corresponding to the post-convergence path for a given failure by using deeper label
stacks to construct backup paths. TI-LFA provides protection against link failure, node
failure, and fate-sharing failures. In link failure mode, the destination is protected if the
link fails. In node protection mode, the destination is protected if the neighbor connected
to the primary link fails. To determine the node-protecting post-convergence path, the
cost of all the links leaving the neighbor is assumed to increase by a configurable amount.
With fate-sharing protection, a list of fate-sharing groups are configured on each PLR
with the links in each fate-sharing group identified by their respective IP addresses.

NOTE: TI-LFA supports protection of routes for both IPv4 and IPv6 prefixes.
This example demonstrates protection of routes for IPv4 prefixes.

Requirements
• Nine MX Series routers
Before you configure TI-LFA routes using SPRING for IS-IS, be sure you configure SPRING
or segment routing.
Overview
Junos OS allows you to enable TI-LFA for IS-IS by configuring the use-post-convergence-lfa
statement at the [edit protocols isis backup-spf-options] hierarchy level. TI-LFA provides
protection against link failure, node failure, and failures of fate-sharing groups. You can
enable the creation of post-convergence backup paths for a given interface by configuring
the post-convergence-lfa statement at the [edit protocols isis interface interface-name
level level] hierarchy level. The post-convergence-lfa statement enables link-protection
mode. You can enable node-protection mode, or fate-sharing-protection mode ,or both
modes, for a given interface at the [edit protocols isis interface interface-name level level
post-convergence-lfa] hierarchy level. To ensure that the fate-sharing protection is
enabled for a given fate-sharing group, you need to configure the
use-for-post-convergence-lfa statement at the [edit routing-options fate-sharing group
group-name] hierarchy level
Topology
Figure 30 on page 338 shows TI-LFA with segment routing for IS-IS configured on Device
R1.

IS-IS Feature Guide
Figure 30: Topology-Independent Loop-Free Alternate with Segment Routing for IS-IS
R24 R3 R34
ge-0/0/0 ge-0/0/0 ge-0/0/1 10 ge-0/0/1
10.10.60.2/30 10 10.10.60.1/30 10.10.70.1/30 10.10.70.2/30
ge-0/0/2 ge-0/0/3 ge-0/0/0
10.10.100.2/30 10.10.40.2/30 10.10.110.2/30
20 10
ge-0/0/2 ge-0/0/3
10.10.100.1/30 10.10.40.1/30
ge-0/0/1 10 ge-0/0/1
R23 R2
10.10.50.2/30 10.10.50.1/30
ge-0/0/0 ge-0/0/2
10.10.90.2/30 10.10.10.2/30
90 500
ge-0/0/0
10.10.90.1/30
R22 10
ge-0/0/1
10.10.80.2/30
10
ge-0/0/1 ge-0/0/2 ge-0/0/0

10.10.80.1/30 10.10.10.1/30 10.10.110.1/30
ge-0/0/0 ge-0/0/0 ge-0/0/1 10 ge-0/0/1
10.10.20.2/30 10 10.10.20.1/30 10.10.30.1/30 10.10.30.2/30
R21 R1 R31
lo0:
R1 192.168.0.1/32
R2 192.168.0.2/32
R3 192.168.0.3/32
R21 192.168.0.21/32
R22 192.168.0.22/32
R23 192.168.0.23/32
R24 192.168.0.24/32
g043651
R31 192.168.0.31/32
R34 192.168.0.34/32
Configuration
CLI Quick To quickly configure link-protection in this example, copy the following commands, paste
Configuration them into a text file, remove any line breaks, change any details necessary to match your
network configuration, copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.

set protocols mpls interface ge-0/0/0

set protocols isis backup-spf-options use-post-convergence-lfa maximum-labels 5

set protocols isis source-packet-routing node-segment index-range 512
set protocols isis interface ge-0/0/0 point-to-point
set protocols isis interface ge-0/0/2 level 2 post-convergence-lfa

set protocols isis interface ge-0/0/1 level 1 disable


IS-IS Feature Guide








IS-IS Feature Guide


Configuring R1
1. 1. Configure the interfaces.

[edit interfaces]



user@R1# set lo0 unit 0 family iso address 49.0000.2222.0001.00
user@R1# set lo0 unit 0 family mpls
2. 2. Configure the router ID.
3. Configure the MPLS protocol on the interfaces.

user@R1# set interface ge-0/0/0
4. Configure the maximum number of labels for segment routing routed paths for
protection of backup shortest-path-first attributes.

user@R1# set backup-spf-options use-post-convergence-lfa maximum-labels 5
5. Configure IPv4 index and index range for node segments in segment routing for the
IS-IS protocol.

user@R1# set source-packet-routing node-segment ipv4-index 1
user@R1# set source-packet-routing node-segment index-range 512
6. Configure wide metrics attribute of global level for the IS-IS protocol.


IS-IS Feature Guide
7. Configure the interfaces to be point to point. Configure to install backup route along
the link-protecting post-convergence path on the interface ge-0/0/2. .

user@R1# set interface ge-0/0/0 point-to-point
user@R1# set interface ge-0/0/0 level 2 metric 10


user@R1# set interface ge-0/0/2 level 2 post-convergence-lfa

ge-0/0/0 {
unit 0 {
family inet {
address 10.10.20.1/30;
}
family iso;
family mpls;
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.10.30.1/30;
}
family iso;
family mpls;
}
ge-0/0/2 {
unit 0 {
family inet {
address 10.10.10.1/30;
}
family iso;
family mpls;
}
lo0 {
unit 0 {
family inet {
address 192.168.0.1/32;
}
family iso {

address 49.0000.2222.0001.00;
}
family mpls;
}

router-id 192.168.0.1;

mpls {
interface ge-0/0/0;
interface ge-0/0/1;
interface ge-0/0/2;
}
isis {
use-post-convergence-lfa {
maximum-labels 5;
}
}
node-segment {
ipv4-index 1;
index-range 512;
}
}
point-to-point;
level 2 metric 10;
}
point-to-point;
level 2 metric 10;
}
point-to-point;
level 2 {
post-convergence-lfa;
metric 10;
}
}
interface lo0.0;
}
Verification
• Verify the Link-protecting Backup Path for an Ingress Route on page 346
• Verify the Adjacency SID used in the Link-protecting Backup Path on page 346

IS-IS Feature Guide
• Verify the Link-protecting Backup Path for a Node SID label on page 347
• Verify the Link-protecting Backup Path for an Adjacency SID Label on page 347
Verify the Link-protecting Backup Path for an Ingress Route
Purpose Verify the link-protecting backup path for primary next hops on interface ge-0/0/2 for
Device R1 and verify if the backup path to reach 192.168.0.3/32 has been created and has
the correct label stack.
Action From operational mode, run the show route table inet.3 192.168.0.3 command to display
the routing table information.
user@R1> show route table inet.3 192.168.0.3

192.168.0.3/32 *[L-ISIS/14] 18:09:19, metric 20

> to 10.10.10.2 via ge-0/0/2, Push 800003
to 10.10.20.2 via ge-0/0/0, Push 800003, Push 299792, Push
800022(top)
Meaning The primary path to reach 198.162.0.3/32 (corresponding to Device R3) is through the
interface ge-0/0/2 with a label of 800003, corresponding to the node-SID of Device R3.
If the interface ge-0/0/2 fails, the backup path using the interface ge-0/0/0 using the
label stack [800022, 299792, 800003] becomes active. The link-protecting
post-convergence path is R1-R21-R22-R23-R2-R3. The top label on the label stack is
800022 and corresponds to the node SID to reach R22 on the shortest path R1-R2-R22.
The next label (299792) corresponds to the adjacency SID for the interface R22-R23.
The last label (800003) corresponds to the node SID on R23 to reach R3 on the shortest
path R23-R2-R3.
Verify the Adjacency SID used in the Link-protecting Backup Path
Purpose Verify that the adjacency SID 299792 corresponds to the interface between R22-R23.
Action From operational mode, run the show isis adjacency detail R23 command to display the
adjacency information.
user@R22> show isis adjacency detail R23
R23
Interface: ge-0/0/0, Level: 2, State: Up, Expires in 23 secs
Circuit type: 2, Speaks: IP
Topologies: Unicast

Meaning The Device R22 has assigned the value of 299792 to represent the level 2 adjacency to
Device R23 for IPv4 traffic.
Verify the Link-protecting Backup Path for a Node SID label
Purpose Verify that the transit route in mpls.0 corresponding to the node SID to reach Device R3
has a link-protecting backup path.
Action From operational mode, run the show route table mpls.0 label 800003 command to
display the adjacency information.
user@R1> show route table mpls.0 label 800003

800003 *[L-ISIS/14] 00:14:29, metric 20
> to 10.10.10.2 via ge-0/0/2, Swap 800003
to 10.10.20.2 via ge-0/0/0, Swap 800003, Push 299776, Push
800022(top)
Meaning An incoming label of 800003 corresponds to the node SID for Device R3. The primary
route entry in mpls.0 corresponds to the swap of the incoming label 800003 with the
outgoing label 800003 on interface ge-0/0/2, corresponding to the shortest path from
Device R1 to Device R3 in the pre-failure topology. If interface ge-0/0/2 fails, the backup
route entry causes a packet with the incoming label 800003 to leave interface ge-0/0/0
with that incoming label replaced by the label stack [800022, 299776, 800003]. This
corresponds to the link-protecting post-convergence path to reach R3
(R1-R21-R22-R23-R2-R3). The top label on the label stack is 800022 and corresponds
to the node SID to reach Device R22 on the shortest path R1-R2-R22. The next label
(299792) corresponds to the adjacency SID for the interface on R22-R23. The last label
(800003) corresponds to the node SID on Device R23 to reach Device R3 on the shortest
path R23-R2-R3.
Verify the Link-protecting Backup Path for an Adjacency SID Label
Purpose Verify that the route in mpls.0 corresponding to the adjacency SID from Device R1 to
Device R2 has a link-protecting backup path.
Action From operational mode, run the show route table mpls.0 label 299808 command to
display the adjacency information.
user@R1> show route table mpls.0 label 299808

299808 *[L-ISIS/14] 01:10:05, metric 0

> to 10.10.10.2 via ge-0/0/2, Pop

IS-IS Feature Guide

800022(top)
299808(S=0) *[L-ISIS/14] 00:10:02, metric 0
> to 10.10.10.2 via ge-0/0/2, Pop
800022(top)
Meaning An incoming label of 299808 corresponds to the adjacency SID from Device R1 to Device
R2. The primary route entry in mpls.0 corresponds to popping the incoming label 299808
and sending the packet out interface ge-0/0/2. If interface ge-0/0/2 fails, the backup
route entry causes a packet with the incoming label 299808 to leave on interface
ge-0/0/0 with that incoming label replaced by the label stack [800022, 299776,
800002]. This corresponds to the link-protecting post-convergence path to reach Device
R2 (R1-R21-R22-R23-R2). The top label on the label stack is 800022 and corresponds
to the node SID to reach Device R22 on the shortest path R1-R2-R22. The next label
(299792) corresponds to the adjacency SID for the interface on R22-R23. The last label
(800002) corresponds to the node SID on Device R23 to reach Device R2 on the shortest
path R23-R2.
CLI Quick To quickly add node-protection for interface ge-0/0/2 to the above example configuration
Configuration on Device R1, copy the following commands, paste them into a text file, remove any line
breaks, change any details necessary to match your network configuration, and then
copy and paste the commands into the CLI at the [edit] hierarchy level.
R1 set protocols isis interface ge-0/0/2 level 2 post-convergence-lfa node-protection cost

2000
1. Enable node-protection on interface ge-0/0/2.
[edit protocols isis interface ge-0/0/2 level 2 post-convergence-lfa]

user@R1# set node-protection cost 2000
Results user@R1# show protocols

mpls {
interface ge-0/0/0;
interface ge-0/0/1;
interface ge-0/0/2;
}
isis {
maximum-labels 5;

}
}
node-segment {
ipv4-index 1;
index-range 512;
}
}
point-to-point;
level 2 {
metric 10;
}
}
point-to-point;
level 2 {
metric 10;
}
}
point-to-point;
level 2 {
post-convergence-lfa {
node-protection cost 20000;
}
metric 10;
}
}
interface lo0.0;
}
Verification
• Verify the Backup Route on Device R1 on page 349
Verify the Backup Route on Device R1
Purpose Verify that the backup route to reach 192.168.0.3 passes through R1-R31-R34-R3. This
shows that the node-protection is enabled.

IS-IS Feature Guide
user@R1> show route table inet.3 192.168.0.3

192.168.0.3/32 *[L-ISIS/14] 00:05:34, metric 20

> to 10.10.10.2 via ge-0/0/2, Push 800003
to 1.1.31.2 via ge-0/0/1, Push 800003, Push 299776(top)
Meaning The backup path to reach 192.168.0.3 now uses the interface ge-0/0/1 (the interface to
reach R31). The top label on the stack (299776) corresponds to the adjacency SID on
Device R31 to reach Device R34. The bottom label (800003) takes the packet from R34
. This ensures that node-protection is enabled.
CLI Quick To quickly configure define fate-sharing protection on Device R1, copy the following
Configuration commands, paste them into a text file, remove any line breaks, change any details
necessary to match your network configuration, and then copy and paste the commands
into the CLI at the [edit] hierarchy level.
Device R1 set routing-options fate-sharing group fs-group-1 cost 3000

set routing-options fate-sharing group fs-group-1 from 10.10.10.1 to 10.10.10.2
set routing-options fate-sharing group fs-group-1 from 10.10.80.1 to 10.10.80.2
set routing-options fate-sharing group fs-group-1 use-for-post-convergence-lfa
set protocols isis interface ge-0/0/2 level 2 post-convergence-lfa fate-sharing-protection
1. Configure the fate-sharing group cost.
[edit routing-options fate-sharing group fs-group-1]

user@R1# set cost 3000
2. Configure the fate-sharing group to indicate that link from Device R1 to Device R2
and the link from Device R21 to Device R22 share fate and allow it to be used for
post-convergence-lfa.
[edit routing-options fate-sharing group fs-group-1]

user@R1# set from 10.10.10.1 to 10.10.10.2
user@R1# set from 10.10.80.1 to 10.10.80.2
user@R1# set use-for-post-convergence-lfa
3. Enable fate-sharing protection for ge-0/0/2 on Device R1.

[edit protocols isis interface ge-0/0/2 level 2 post-convergence-lfa]

user@R1# set fate-sharing-protection
Results From configuration mode, confirm your configuration by entering the show protocols and
show routing-options commands. If the output does not display the intended configuration,

router-id 192.168.0.1;
fate-sharing {
group fs-group-1 {
cost 3000;
from {
10.10.10.1 to 10.10.10.2;
10.10.80.1 to 10.10.80.2;
}
use-for-post-convergence-lfa;
}

mpls {
interface ge-0/0/0;
interface ge-0/0/1;
interface ge-0/0/2;
}
isis {
maximum-labels 5;
}
}
node-segment {
ipv4-index 1;
index-range 512;
}
}
point-to-point;
level 2 {
metric 10;
}
}
point-to-point;
level 2 {
metric 10;
}
}
point-to-point;

IS-IS Feature Guide
level 2 {
post-convergence-lfa {
fate-sharing-protection;
metric 10;
}
}
}
interface lo0.0;
}
Verification
• Verify the Backup Path on Device R1 on page 352
Verify the Backup Path on Device R1
Purpose Verify that the backup route to reach 192.168.0.3 is through path R1-R31-R34-R3. This
shows that fate-sharing is enabled.
user@R1# show route table inet.3 192.168.0.3

192.168.0.3/32 *[L-ISIS/14] 00:05:34, metric 20

> to 1.1.2.2 via ge-0/0/0.1, Push 800003
to 1.1.31.2 via ge-0/0/0.9, Push 800003, Push 299776(top)
Meaning The backup path to reach 192.168.0.3 now uses ge-0/0/1 (the interface to reach R31).
The top label on the stack (299776) corresponds to the adjacency-SID on Device R31 to
reach Device R34. The bottom label (800003) takes the packet from Device R34 to
Device R3.


IS-IS on page 335

Static Adjacency Segment Identifier for ISIS
Adjacency segment is a strict forwarded single-hop tunnel that carries packets over a
specific link between two nodes, irrespective of the link cost. You can configure static
adjacency segment identifier (SID) labels for an interface or an interface group.
Configuring a static adjacency SID on an interface causes the existing dynamically

allocated adjacency SID to be removed along with the transit route for the same.
For static adjacency SIDs, the labels are picked from either a static reserved label pool
or from an ISIS segment routing global block (SRGB).
You can reserve a label range to be used for static allocation of labels using the following
configuration:
user@host# set protocols mpls label-range static-label-range start-value end-value
The static pool can be used by any protocol to allocate a label in this range. You need to
ensure that no two protocols use the same static label. ISIS adjacency SIDs can be
allocated from this label block through the configuration using keyword label. The label
value for the specific adjacency SIDs need to be explicitly configured. The specific label
is advertised as the adjacency SIDs for that interface for the specific level and address
family. The following is a sample configuration:
user@host# set protocols mpls label-range static-label-range 700000 799999;

user@host# set protocols isis source-packet-routing srgb start-label 800000 index-range 4000;
user@host# set protocols isis interface ge-0/0/0.1 level 1 ipv4-adjacency-segment unprotected
label 700001;
SRGB is a global label space that is allocated for the protocol based on configuration.
The labels in the entire SRGB is available for ISIS to use and are not allocated to other
applications/protocols. Prefix SIDs (and Node SIDs) are indexed from this SRGB.
ISIS Adj-SIDs can be allocated from ISIS SRGB using keyword ‘index’ in the configuration.
In such cases, it should be ensured that the Adj-SID index does not conflict with any other
prefix SID in the domain. Like Prefix-SIDs, Adj-SIDs will also be configured by mentioning
the index with respect to the SRGB. However, the Adj-SID subtlv will still have the SID
as a value and the L and V flags are set. The following is a sample configuration:
index 1;
Static adjacency SIDs can be configured per address family and also based on whether
the protection is required or not. Adjacency SIDs should be configured per level per
interface at the [edit protocols isis interface interface-name level level-num] hierarchy
level.

IS-IS Feature Guide
• Protected—Ensures adjacency SID is eligible to have a backup path and a B-flag is set
in an adjacency SID advertisement.
• Unprotected—Ensures no backup path is calculated for a specific adjacency SID and

a B-flag is not set in an adjacency SID advertisement.
The following is a sample configuration:

index 1;
user@host# set protocols isis interface ge-0/0/1.1 level 1 ipv4-adjacency-segment protected
index 2;
You can use the same adjacent SID for multiple interfaces by grouping a set of interfaces
under an interface group and configuring the adjacency SID for that interface group and
traffic can be load balanced among the interfaces under the interface group using weight.
This can be configured under the [edit protocols isis interface-group interface_group_name]
hierarchy level.
When segment routing is used in LAN subnetworks, each router in the LAN may advertise
the adjacency SID of each of its neighbors. To configure adjacency SID for a LAN interface
to a specific neighbor, you should configure the adjacency SIDs under the lan-neighbor
configuration at the [edit protocols isis interface interface_name level level_num lan-neighbor
neighbor-sysid] hierarchy level. The following is a sample configuration:

user@host# set protocols isis interface ge-0/0/0.1 level 1 lan-neighbor 1234.1234.1234
ipv4-adjacency-segment unprotected label 700001;
An adjacency set can be configured by declaring a set of interfaces under an interface

group and configuring the adjacency segment for that interface group. The adjacency
SID can be picked from the reserved static label pool or ISIS SRGB. Unlike normal
interfaces, dynamic adjacency SID is not allocated by default under interface group, in
which case the dynamic CLI statement is configured. Interfaces configured under an
interface group can also be configured separately as independent interfaces as long as
the link-group-protection is not configured. The following is a sample configuration:

user@host# set protocols isis interface-group group1 interface ge-0/0/0.1 weight 1;
user@host# set protocols isis interface-group group1 interface ge-0/0/1.1 weight 2;
user@host# set protocols isis interface-group group1 ipv4-adjacency-segment unprotected label
700001;
Use the following CLI hierarchy for configuring adjacency SID:
[edit ]
protocols {
isis {
interface <interface_name> {
level <level_num> {
ipv4-adjacency-segment {

protected {
dynamic;
label <value>
index <index> {
global;
}
}
unprotected {
dynamic;
label <value>
index <index> {
global;
}
}
}
protected {
dynamic;
label <value>
index <index> {
global;
}
}
unprotected {
dynamic;
label <value>
index <index> {
global;
}
}
}
}
}
interface <interface_name> {
level <level_num> {
lan-neighbor <neighbor-sysid>{
protected {
dynamic;
label <value>
index <index> {
global;
}
}
unprotected {
dynamic;
label <value>
index <index> {
global;
}
}
}
protected {
dynamic;

IS-IS Feature Guide
label <value>
index <index> {
global;
}
}
unprotected {
dynamic;
label <value>
index <index> {
global;
}
}
}
}
}
}
interface-group <interface_group_name> {
interface <interface_1> weight <weight>
...
interface <interface_n> weight <weight>
level <level_num> {
protected {
dynamic;
label <value>
index <index>
}
unprotected {
dynamic;
label <value>
index <index>
}
}
protected {
dynamic;
label <value>
index <index>
}
unprotected {
dynamic;
label <value>
index <index>
}
}
}
}
}
}
Use the following operational CLI commands to verify the configuration:

show isis adjacency detail
The following sample output displays the details of configured and dynamic adjacency
SID.
user@host> show isis adjacency r1 detail
r1
Circuit type: 3, Speaks: IP, IPv6, MAC address: 0:5:86:48:49:0
Topologies: Unicast
LAN id: r0.03, IP addresses: 11.1.1.2
IPv6 addresses: fe80::205:8600:148:4900
Level 1 IPv4 protected Adj-SID: 4138, Flags: BVL
Level 1 IPv6 unprotected Adj-SID: 4139, Flags: FVL
show isis database extensive
The following sample output displays the details of LAN/PTP adjacency SID.
user@host> show isis database extensive
r0.00-00 Sequence: 0x16, Checksum: 0xf156, Lifetime: 960 secs

IPV4 Index: 1000, IPV6 Index: 2000
Node Segment Blocks Advertised:
Start Index : 0, Size : 4096, Label-Range: [ 16, 4111 ]
IS neighbor: r4.00 Metric: 10
Two-way fragment: r4.00-00, Two-way first fragment: r4.00-00
IS neighbor: r0.03 Metric: 10
Two-way fragment: r0.03-00, Two-way first fragment: r0.03-00
V6 prefix: 1001::/64 Metric: 10 Internal Up
V6 prefix: 2001::/64 Metric: 10 Internal Up
V6 prefix: abcd::10:10:10:10/128 Metric: 0 Internal Up
…
TLVs:
Area address: 49.00 (2)
LSP Buffer Size: 1492
Speaks: IP
Speaks: IPV6
IP router id: 10.10.10.10
IP address: 10.10.10.10
Hostname: r0
IS neighbor: r0.03, Internal, Metric: default 10
IS neighbor: r4.00, Internal, Metric: default 10
IS extended neighbor: r0.03, Metric: default 10
IP address: 11.1.1.1
Local interface index: 342, Remote interface index: 0
Current reservable bandwidth:
Priority 0 : 1000Mbps

IS-IS Feature Guide
Maximum reservable bandwidth: 1000Mbps
Maximum bandwidth: 1000Mbps
Administrative groups: 0 <none>
LAN IPV4 Adj-SID: 4138, Weight:0, Neighbor:r1, Flags: BVL
LAN IPV6 Adj-SID: 4139, Weight:0, Neighbor:r1, Flags: FBVL
IS extended neighbor: r4.00, Metric: default 10
Neighbor's IP address: 21.1.1.2
Current reservable bandwidth:
Maximum reservable bandwidth: 1000Mbps
Administrative groups: 0 <none>
P2P IPV4 Adj-SID - Flags: BVL, Weight:0, Label: 4125
P2P IPV6 Adj-SID - Flags: FBVL, Weight:0, Label: 4126
show isis interface-group
The following sample output displays the status information about the specified interface
group.
user@host> show isis interface-group
Interface-group: r1r2ig
ge-0/0/1.1, 1000Mbps, Up, Non-Degraded, Weight: 1
Total Nominal Bandwidth: 3Gbps, Total Actual Bandwidth: 3Gbps
Level 1 IPv4 protected Adj-SID: Label 4138
Level 1 IPv6 unprotected Adj-SID: Label 4139
Related
Documentation

CHAPTER 10
Configuring IS-IS Scaling and Throttling
• Understanding Link-State PDU Throttling for IS-IS Interfaces on page 359

• Example: Configuring the Transmission Frequency for Link-State PDUs on IS-IS
Interfaces on page 360
• Understanding the Transmission Frequency for CSNPs on IS-IS Interfaces on page 365
• Example: Configuring the Transmission Frequency for CSNP Packets on IS-IS
• Understanding IS-IS Mesh Groups on page 370
• Example: Configuring Mesh Groups of IS-IS Interfaces on page 371
Understanding Link-State PDU Throttling for IS-IS Interfaces
Link-state PDU throttling by use of the lsp-interval statement is a mechanism to control

the flooding pace to neighboring routing devices to prevent overloading them.
Control traffic (link-state PDU and related packets) might cause delays in user traffic
(information packets) because control traffic always has precedence in terms of
scheduling on the interface cards.
Unfortunately, the control traffic transmission rate does not get lower on low-bandwidth
interfaces such as DS-0 or fractional T1/E1 lines. Control traffic stays the same, regardless
of line bandwidth.
Junos OS does not support automated calculation of link-state PDU throttling based on
available bandwidth because the lowest-speed interface cards on a Juniper Networks
routing device starts at T1/E1 speeds (1.5 and 2 Mbps). It is assumed that even with
link-state PDU pacing of 20 ms, the control traffic will not consume more than half of
the interface bandwidth.
However, there might be fractional T1/E1 circuits (less than the full bandwidth) configured
as well, where link-state PDU pacing might have to be adjusted.
Thus, the lsp-interval statement helps to resolve two issues: regulating the
control-traffic-to-user-traffic ratio, and protecting neighbors during transient situations.
The traffic subject to this pacing is non-self-originated traffic, which is traffic that has
been originated by other routers, not the local router. Junos OS has hard-coded rate
limiting for locally generated link-state PDUs. All the link-state PDUs are paced using a

IS-IS Feature Guide
20 ms timer. Additionally, there is logic that makes sure that the adjacency is reliably up
for some time before advertising the adjacency.
Related • Example: Configuring the Transmission Frequency for Link-State PDUs on IS-IS
Documentation Interfaces on page 360
Example: Configuring the Transmission Frequency for Link-State PDUs on IS-IS

Interfaces
This example shows how to modify the link-state PDU interval time.

Requirements
Before you begin, configure IS-IS. See “Example: Configuring IS-IS” on page 14 for
information about the sample IS-IS configuration.
Overview
To keep reachability information in the network current, link-state protocols need to
originate, distribute, and revoke or time-out topology information. In IS-IS, topology
information is encoded in link-state PDUs.
By default, the routing device sends one link-state PDU out an interface every
100 milliseconds. To modify this interval, include the lsp-interval statement:
lsp-interval milliseconds;
To disable the transmission of all link-state PDUs, set the interval to 0.
Link-state PDU throttling by use of the lsp-interval statement controls the flooding pace
to neighboring routing devices in order to not overload them and also to ensure that user
traffic is not delayed on low-bandwidth links.
In this example, an IS-IS routing device on a LAN segment is configured to send link-state
PDUs every 1000 milliseconds.
Figure 31: IS-IS Link-State PDU Interval Topology

10.0.0.0/30
.1 .2
R1 R2
lo0:192.168.0.1 lo0:192.168.0.2
g041282

Chapter 10: Configuring IS-IS Scaling and Throttling
Configuration
level.

set protocols isis traceoptions file isis-trace
set protocols isis traceoptions flag lsp
set protocols isis interface fe-1/2/0.0 lsp-interval 1000
To configure the link-state PDU interval:
[edit interfaces]

3. Modify the link-state PDU interval.

user@R1# set lsp-interval 1000
4. (Optional) Enable tracing for tracking link-state PDU operations.

user@R1# set file isis-trace

IS-IS Feature Guide
user@R1# set flag lsp

fe-1/2/0 {
unit 0 {
description to-R2;
family inet {
address 10.0.0.1/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.1/32;
}
family iso {
address 49.0002.0192.0168.0001.00;
}
}
}

isis {
traceoptions {
file isis-trace;
flag lsp;
}
lsp-interval 1000;
}
interface lo0.0;
}
Verification
• Verifying the Link-State PDU Interval on page 363

• Checking the Link-State PDU Statistics on page 363
• Checking the Trace Log on page 364

Verifying the Link-State PDU Interval
Purpose Check the link-state PDU interval setting on the IS-IS interface.
user@R1> show isis interface extensive
fe-1/2/0.0
Level 1
Designated Router: R2.02 (not us)
Level 2
Meaning The output shows that the link-state PDU interval is set to 1000 milliseconds.
Checking the Link-State PDU Statistics
Purpose Check the number of link-state PDUs sent and received.
Action From operational mode, enter the show isis statistics command.
user@R1> show isis statistics
IS-IS statistics for R1:

PDU type Received Processed Drops Sent Rexmit
LSP 24 24 0 13 0
IIH 2467 24 0 836 0
CSNP 474 474 0 0 0
PSNP 0 0 0 0 0
Unknown 0 0 0 0 0
Totals 2965 522 0 849 0
Total packets received: 2965 Sent: 849
SNP queue length: 0 Drops: 0

LSP queue length: 0 Drops: 0
SPF runs: 14
Fragments rebuilt: 15
LSP regenerations: 6
Purges initiated: 0

IS-IS Feature Guide

LSP 13 13 0 24 0
IIH 828 15 0 2459 0
CSNP 0 0 0 474 0
PSNP 0 0 0 0 0
Unknown 0 0 0 0 0
Totals 841 28 0 2957 0

SPF runs: 17
Purges initiated: 0
Meaning The output shows the number of link-state PDUs sent and received on Device R1 and
Device R2.
Checking the Trace Log
Purpose Check the IS-IS trace log to view the interval between packets.
Action From operational mode, enter the show log isis-trace | match lsp command.
user@R1> show log isis | match lsp
Jun 18 15:27:02.692031 Received L1 LSP R2.00-00, on interface fe-1/2/0.0

Jun 18 15:27:02.692753 Updating L1 LSP R2.00-00 in TED
Jun 18 15:27:45.398077 Sending L1 LSP R1.00-00 on interface fe-1/2/0.0
Jun 18 15:29:16.955620 Sending L2 LSP R1.00-00 on interface fe-1/2/0.0
Meaning The output shows that Level 1 and Level 2 link-state PDUs are being sent and received
roughly every 1000 milliseconds (1 second).
Related • Understanding Link-State PDU Throttling for IS-IS Interfaces on page 359
Documentation
• Example: Configuring the Transmission Frequency for CSNP Packets on IS-IS Interfaces
on page 365

Understanding the Transmission Frequency for CSNPs on IS-IS Interfaces
The complete sequence number PDU (CSNP) interval controls the frequency at which
a routing device sends a directory of its link-state database.
When IS-IS is activated on a routing device’s interface, the device first sends some IS-IS
hello packets (IIHs) to its neighbors to ensure that the circuit is capable of transporting
packets in both directions. In the IIHs, the router embeds information about the designated
router (also called the designated intermediate system or DIS). One of the designated
router roles on an IS-IS broadcast circuit is to synchronize the link-state databases on
LANs. The designated router does this by periodically sending a directory of its link-state
database, which is received by all the routing devices on a LAN.
If the routing device is the designated router on a LAN, IS-IS sends CSNPs every
10 seconds. If the routing device is on a point-to-point interface, it sends CSNPs every
5 seconds. The general recommendation is to use the default values or to increase the
CSNP interval if there are a large number of broadcast circuits that need to be supplied
with fresh CSNPs. Increasing the interval can help protect against CSNP flooding.
Related • Example: Configuring the Transmission Frequency for CSNP Packets on IS-IS Interfaces
Documentation on page 365
Example: Configuring the Transmission Frequency for CSNP Packets on IS-IS Interfaces
This example shows how to modify the complete sequence number PDU (CSNP) interval
on IS-IS interfaces.

Requirements
Before you begin, configure IS-IS. See “Example: Configuring IS-IS” on page 14 for
information about the sample IS-IS configuration.
Overview
CSNPs contain a complete list of all link-state PDUs in the IS-IS database. CSNPs are
sent periodically on all links, and the receiving systems use the information in the CSNP
to update and synchronize their link-state PDU databases. The designated router
multicasts CSNPs on broadcast links in place of sending explicit acknowledgments for
each link-state PDU.
If the routing device is the designated router on a LAN, IS-IS sends CSNPs every
10 seconds. You might want to modify the default interval to protect against CSNP
flooding.

IS-IS Feature Guide
NOTE: The csnp-interval statement is effective only when configured on

LAN interfaces.
To modify the CSNP interval, include the csnp-interval statement:
csnp-interval seconds;
The time can range from 1 through 65,535 seconds.
To configure the interface not to send any CSNPs, specify the disable option:
csnp-interval disable;
In this example, an IS-IS routing device on a LAN segment is configured to send CSNPs
every 30 seconds.
Figure 32: IS-IS CSNP Interval Topology

10.0.0.0/30
.1 .2
R1 R2
lo0:192.168.0.1 lo0:192.168.0.2
g041282
Configuration
level.

set protocols isis traceoptions file isis-trace
set protocols isis traceoptions flag csn
set protocols isis interface fe-1/2/0.0 csnp-interval 30

To configure the CSNP interval:
[edit interfaces]

3. Modify the CSNP interval.

user@R1# set csnp-interval 30
4. (Optional) Enable tracing for tracking CSNP operations.

user@R1# set file isis-trace
user@R1# set flag csn

fe-1/2/0 {
unit 0 {
description to-R2;
family inet {
address 10.0.0.1/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {

IS-IS Feature Guide
address 192.168.0.1/32;
}
family iso {
address 49.0002.0192.0168.0001.00;
}
}
}

isis {
traceoptions {
file isis-trace;
flag csn;
}
csnp-interval 30;
}
interface lo0.0;
}
Verification
• Verifying the CSNP Interval on page 368

• Checking the CSNP Statistics on page 369
• Checking the IS-IS Log on page 370
Verifying the CSNP Interval
Purpose Check the CSNP interval setting on the IS-IS interface.

fe-1/2/0.0
Level 1
Level 2

Meaning The output shows that the CSNP interval is set to 30 seconds.
Checking the CSNP Statistics
Purpose Checking the number of CSNPs sent and received.

LSP 5 5 0 3 0
IIH 94 20 0 43 0
CSNP 6 6 0 0 0
PSNP 0 0 0 0 0
Unknown 0 0 0 0 0
Totals 105 31 0 46 0

SPF runs: 5
Purges initiated: 0
-----

LSP 3 3 0 5 0
IIH 35 11 0 86 0
CSNP 0 0 0 6 0
PSNP 0 0 0 0 0
Unknown 0 0 0 0 0
Totals 38 14 0 97 0

SPF runs: 7
Purges initiated: 0
Meaning The output shows the number of CSNPs sent and received on Device R1 and Device R2.

IS-IS Feature Guide
NOTE: On broadcast links, only the designated intermediate system (DIS)

sends CSNPs.
Checking the IS-IS Log
Purpose Check the IS-IS trace log to view the interval between packets.
Action From operational mode, enter the show log isis-trace | match csn command.
user@R1> show log isis-trace | match csn
Jun 18 14:36:19.504064 Received L1 CSN, source R2, interface fe-1/2/0.0

Meaning The output shows that Level 1 and Level 2 CSNPs are being received roughly every 30
seconds.
Related • Understanding the Transmission Frequency for CSNPs on IS-IS Interfaces on page 365
Documentation
Understanding IS-IS Mesh Groups
A mesh group is a set of routing devices that are fully connected. That is, they have a fully
meshed topology.
Junos OS supports IS-IS mesh groups as documented in RFC 2973, IS-IS Mesh Groups.
When link-state PDUs are being flooded throughout an area, each router within a mesh
group receives only a single copy of a link-state PDU instead of receiving one copy from
each neighbor, thus minimizing the overhead associated with the flooding of link-state
PDUs.
Mesh groups provide a scaling method for the flooding subsystem. We recommend that
you deploy mesh groups when your network design has a dense flooding topology. For
example, consider the classical overlay topologies of the 1990s where 200 routers were
fully meshed using permanent virtual circuits (PVCs) over an ATM core, because ATM

was the only high-speed technology at the time. A PVC is a software-defined logical
connection in a network such as a Frame Relay network.
What has changed since the 1990s is that IP and MPLS technology have reduced the
ATM layer and removed the need for overlay meshing. The flooding graphs have become
sparse in almost all practical deployments. In service provider networks, overlay networks
are no longer used.
In enterprise networks, dense flooding graphs that, for example, lease a Layer 2 VPN
service (an overlay network) to fully mesh its WAN routers might continue to be a useful
architecture. In such cases, mesh groups might be useful.
Related • Example: Configuring Mesh Groups of IS-IS Interfaces on page 371

Documentation
Example: Configuring Mesh Groups of IS-IS Interfaces
This example shows how to configure mesh groups of IS-IS interfaces.

Requirements
example.
Overview
When link-state PDUs are being flooded throughout an area, each router within a mesh
group receives only a single copy of a link-state PDU instead of receiving one copy from
each neighbor, thus minimizing the overhead associated with the flooding of link-state
PDUs.
To create a mesh group and designate that an interface be part of the group, assign a
mesh-group number to all the routing device interfaces in the group:
mesh-group value;
To prevent an interface in the mesh group from flooding link-state PDUs, configure
blocking on that interface:
mesh-group blocked;

IS-IS Feature Guide
Figure 33: IS-IS Mesh Topology

10.0.0.0/30
fe-1/2/0 fe-1/2/0
.1 .2
R1 .5 .14 R2
fe-1/2/1 fe-1/2/1
fe-1/2/2 .9 10.0.0.4/30 .21 fe-1/2/2
10.0.0.8/30 10.0.0.20/30
10.0.0.12/30
fe-1/2/0 .10 .22 fe-1/2/2
fe-1/2/1 fe-1/2/0
.13 .6
R3 R4
.17 .18
g041287
fe-1/2/2 fe-1/2/1
10.0.0.16/30
steps on Device R1.
Configuration
level.

set protocols isis interface fe-1/2/0.0 mesh-group 1





To configure an IS-IS mesh group:
[edit interfaces]

IS-IS Feature Guide

2. Enable IS-IS on the interfaces, and assign a mesh group number.

user@R1# set interface fe-1/2/0.0 mesh-group 1

fe-1/2/0 {
unit 0 {
description to-R2;
family inet {
address 10.0.0.1/30;
}
family iso;
}
}
fe-1/2/1 {
unit 0 {
description to-R4;
family inet {
address 10.0.0.5/30;
}
family iso;
}
}
fe-1/2/2 {
unit 0 {
description to-R3;
family inet {
address 10.0.0.9/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.1/32;

}
family iso {
address 49.0002.0192.0168.0001.00;
}
}
}

isis {
mesh-group 1;
}
mesh-group 1;
}
mesh-group 1;
}
interface lo0.0;
}
Verification
• Checking the Interface Mesh Group on page 375

• Checking the IS-IS Statistics on page 376
Checking the Interface Mesh Group
Purpose Verify that the mesh group is enabled on the IS-IS interfaces.

lo0.0
LSP interval: 100 ms, CSNP interval: disabled, Loose Hello padding
Level 1
Passive
Level 2
Passive
fe-1/2/0.1

IS-IS Feature Guide
CSNP interval: disabled, Mesh group: 1

Level 1
Level 2
fe-1/2/1.0
Level 1
Level 2
fe-1/2/2.0
Level 1
Level 2
Meaning Mesh group: 1 in the output shows that the mesh group is enabled as expected.
Checking the IS-IS Statistics
Purpose Verify that the number of link-state PDUs received and sent is less than what it would
be if the mesh group were not enabled.
IS-IS statistics for tp5-R1:

LSP 73 73 0 37 0
IIH 4463 85 0 1525 0
CSNP 1294 1294 0 0 0
PSNP 0 0 0 2 0
Unknown 0 0 0 0 0
Totals 5830 1452 0 1564 0


SPF runs: 26
Purges initiated: 0
Meaning After the adjacencies have been up for about 38 minutes, the output shows that Device
R1 has received 73 link-state PDUs and sent 37 link-state PDUs. In the same topology in
the same amount of time without the mesh group enabled, Device R1 would have received
roughly 156 link-state PDUs and sent roughly 117 link-state PDUs.
Related • Understanding IS-IS Mesh Groups on page 370

Documentation

IS-IS Feature Guide

CHAPTER 11
Configuring IS-IS CLNS
• Understanding IS-IS for CLNS on page 379

• Example: Configuring IS-IS for CLNS on page 379
Understanding IS-IS for CLNS
IS-IS extensions provide the basic interior gateway protocol (IGP) support for collecting
intradomain routing information for Connectionless Network Service (CLNS) destinations
within a CLNS network. Routers that learn host addresses through End
System-to-Intermediate System (ES-IS) can advertise the addresses to other routers
(intermediate systems) by using IS-IS.
For more information about IS-IS, see the ISO 10589 standard.
Related • CLNS Overview

Documentation
• Example: Configuring IS-IS for CLNS on page 379
Example: Configuring IS-IS for CLNS
This example shows how to create a routing instance and enable IS-IS protocol on all
interfaces.

Requirements
Before you begin, configure the network interfaces. See Interfaces Feature Guide for
Security Devices.
Overview
The configuration instructions in this topic describe how to create a routing-instance
called aaaa, enable IS-IS on all interfaces, and define BGP export policy name (dist-bgp),
family (ISO), and protocol (BP), and apply the export policy to IS-IS.

IS-IS Feature Guide
Configuration
set routing-instances aaaa protocols isis clns-routing

set routing-instances aaaa protocols isis interface all
set routing-instances aaaa protocols isis no-ipv4-routing no-ipv6-routing
set policy-options policy-statement dist-bgp from family iso protocol bgp
set policy-options policy-statement dist-bgp then accept
set routing-instances aaaa protocols isis export dist-bgp
Procedure hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration
Mode.
To configure IS-IS for CLNS:
1. Configure the routing instance.
[edit]
user@host# edit routing-instances aaaa
2. Enable CLNS routing.
[edit routing-instances aaaa]

user@host# set protocols isis clns-routing
3. Enable IS-IS on all interfaces.

user@host# set protocols isis interface all
4. (Optional) Disable IPv4 and IPv6 routing to configure a pure CLNS network .

user@host# set protocols isis no-ipv4-routing no-ipv6-routing
5. Define the BGP export policy name, family, and protocol.
user@host# set policy-statement dist-bgp from family iso protocol bgp
6. Define the action for the export policy.

Chapter 11: Configuring IS-IS CLNS
user@host# set policy-statement dist-bgp then accept
7. Apply the export policy to IS-IS.

user@host# set protocols isis export dist-bgp
Results From configuration mode, confirm your configuration by entering the show
routing-instances command. If the output does not display the intended configuration,
repeat the configuration instructions in this example to correct it.
[edit]
user@host# show routing-instances
aaaa {
protocols {
isis {
export dist-bgp;
no-ipv4-routing;
no-ipv6-routing;
clns-routing;
interface all;
}
Verification
• Verifying Routing-Instance for CLNS on page 381

• Verifying IS-IS for CLNS on page 381
Verifying Routing-Instance for CLNS
Purpose Verify that the policy options are enabled for the routing instance.
Action From operational mode, enter the show routing-instances command.
Verifying IS-IS for CLNS
Purpose Verify that IS-IS is enabled.
Action From operational mode, enter the show protocols command.

IS-IS Feature Guide
Related • CLNS Configuration Overview

Documentation
• Understanding IS-IS for CLNS on page 379
• Verifying a CLNS VPN Configuration

CHAPTER 12
Configuring IS-IS on Logical Systems
• Introduction to Logical Systems on page 383

• Example: Configuring IS-IS on Logical Systems Within the Same Router on page 384
• Example: Configuring an IS-IS Default Route Policy on Logical Systems on page 395
Introduction to Logical Systems
For many years, engineers have combined power supplies, routing hardware and software,
forwarding hardware and software, and physical interfaces into a networking device
known as a router. Networking vendors have created large routers and small routers, but
all routers have been placed into service as individual devices. As a result, the router has
been considered a single physical device for most of its history.
®
The concept of logical systems breaks with this tradition. With the Junos operating
system (Junos OS), you can partition a single router into multiple logical devices that
perform independent routing tasks. Because logical systems perform a subset of the
tasks once handled by the main router, logical systems offer an effective way to maximize
the use of a single routing or switching platform.
NOTE: Beginning with Junos OS Release 9.3, the logical router feature has
been renamed logical system.
All configuration statements, operational commands, show command output,

error messages, log messages, and SNMP MIB objects that contain the string
logical-router have been changed to logical-system.
Traditionally, service provider network design requires multiple layers of switches and
routers. These devices transport packet traffic between customers. As seen on the left
side of Figure 34 on page 384, access devices are connected to edge devices, which are
in turn connected to core devices.
However, this complexity can lead to challenges in maintenance, configuration, and

operation. To reduce such complexity, Juniper Networks supports logical systems. Logical
systems perform a subset of the actions of the main router and have their own unique
routing tables, interfaces, policies, and routing instances. As shown on the right side of
Figure 34 on page 384, a set of logical systems within a single router can handle the
functions previously performed by several small routers.

IS-IS Feature Guide
Figure 34: Logical Systems Concepts

Network topology without logical systems Network topology with logical systems
(eight separate physical devices) (one physical router with eight logical devices)
Router 1
g016932
9.3 Beginning with Junos OS Release 9.3, the logical router feature has been
renamed logical system.
Example: Configuring IS-IS on Logical Systems Within the Same Router
This example shows how to configure an IS-IS network by using multiple logical systems
that are running on a single physical router. The logical systems are connected by logical
tunnel interfaces.

Requirements
You must connect the logical systems by using logical tunnel (lt) interfaces. See Example:
Connecting Logical Systems Within the Same Device Using Logical Tunnel Interfaces on
MX Series Routers and EX Series Switches.
Overview
This example shows an IS-IS configuration with three logical systems running on one
physical router. Each logical system has its own routing table. The configuration enables
the protocol on all logical tunnel interfaces that participate in the IS-IS domain.

Chapter 12: Configuring IS-IS on Logical Systems
Figure 35: IS-IS on Logical Systems
Configuration
set logical-systems LS1 interfaces lt-0/1/0 unit 2 description LS1->LS2

set logical-systems LS1 interfaces lt-0/1/0 unit 2 encapsulation ethernet
set logical-systems LS1 interfaces lt-0/1/0 unit 2 peer-unit 1
set logical-systems LS1 interfaces lt-0/1/0 unit 2 family inet address 10.0.0.1/30
set logical-systems LS1 interfaces lt-0/1/0 unit 2 family iso
set logical-systems LS1 interfaces lo0 unit 1 family iso address 49.0001.1720.1600.1001.00
set logical-systems LS1 protocols isis interface lt-0/1/0.0
set logical-systems LS1 protocols isis interface lo0.1 passive

IS-IS Feature Guide

set logical-systems LS2 interfaces lo0 unit 2 family iso address
49.0001.1720.1600.2002.00
To configure IS-IS on logical systems:
1. Configure the logical tunnel interface on Logical System LS1 connecting to Logical
System LS2.
[edit logical-systems LS1]

user@host# set interfaces lt-0/1/0 unit 2 description LS1->LS2
user@host# set interfaces lt-0/1/0 unit 2 encapsulation ethernet
user@host# set interfaces lt-0/1/0 unit 2 peer-unit 1
user@host# set interfaces lt-0/1/0 unit 2 family inet address 10.0.0.1/30
user@host# set interfaces lt-0/1/0 unit 2 family iso
System LS3.

System LS1.


System LS3.

System LS2.

System LS1.

7. Configure the ISO address on the loopback interface for the three logical systems.

user@host# set interfaces lo0 unit 1 family iso address 49.0001.1720.1600.1001.00
user@host# set protocols isis interface lo0.1 passive



IS-IS Feature Guide
8. Configure IS-IS on all the interfaces.
[edit logical-systems LS1 protocols isis]

user@host# set interface lt-0/1/0.0


[edit]
user@host# commit
Results
From configuration mode, confirm your configuration by issuing the show logical-systems
user@host# show logical-systems
LS1 {
interfaces {
lt-0/1/0 {
unit 0 {
description LS1->LS3;
encapsulation ethernet;
peer-unit 5;
family inet {
address 10.0.1.2/30;
}
family iso;
}
unit 2 {
peer-unit 1;
family inet {
address 10.0.0.1/30;
}
family iso;
}
}
lo0 {
unit 1 {
family iso {
address 49.0001.1720.1600.1001.00;

}
}
}
}
protocols {
isis {
interface lt-0/1/0.0;
interface lo0.1 {
passive;
}
}
}
}
LS2 {
interfaces {
lt-0/1/0 {
unit 1 {
peer-unit 2;
family inet {
address 10.0.0.2/30;
}
family iso;
}
unit 4 {
peer-unit 3;
family inet {
address 10.0.2.2/30;
}
family iso;
}
}
lo0 {
unit 2 {
family iso {
address 49.0001.1720.1600.2002.00;
}
}
}
}
protocols {
isis {
interface lo0.2 {
passive;
}
}
}
}
LS3 {
interfaces {
lt-0/1/0 {
unit 3 {

IS-IS Feature Guide
peer-unit 4;
family inet {
address 10.0.2.1/30;
}
family iso;
}
unit 5 {
peer-unit 0;
family inet {
address 10.0.1.1/30;
}
family iso;
}
}
lo0 {
unit 3 {
family iso {
address 49.0001.1234.1600.2231.00;
}
}
}
}
protocols {
isis {
interface lo0.3 {
passive;
}
}
}
}
Verification
• Verifying That the Logical Systems Are Up on page 390

• Verifying Connectivity Between the Logical Systems on page 391
Verifying That the Logical Systems Are Up
Purpose Make sure that the interfaces are properly configured.

Action user@host> show interfaces terse

...
lt-0/1/0 up up
lt-0/1/0.0 up up inet 10.0.1.2/30
iso
lt-0/1/0.1 up up inet 10.0.0.2/30
iso
lt-0/1/0.2 up up inet 10.0.0.1/30
iso
lt-0/1/0.3 up up inet 10.0.2.1/30
iso
lt-0/1/0.4 up up inet 10.0.2.2/30
iso
lt-0/1/0.5 up up inet 10.0.1.1/30
iso
...
Verifying Connectivity Between the Logical Systems
Purpose Make sure that the IS-IS adjacencies are established by checking the logical system
routing entries and by pinging the logical systems.

IS-IS Feature Guide
Action user@host> show route logical-system LS1

10.0.0.0/30 *[Direct/0] 3w0d 01:37:52

> via lt-0/1/0.2
10.0.0.1/32 *[Local/0] 3w0d 01:37:52
Local via lt-0/1/0.2
10.0.1.0/30 *[Direct/0] 3w0d 01:37:52
> via lt-0/1/0.0
10.0.1.2/32 *[Local/0] 3w0d 01:37:52
10.0.2.0/30 *[IS-IS/15] 3w0d 01:37:13, metric 20
> to 10.0.1.1 via lt-0/1/0.0
to 10.0.0.2 via lt-0/1/0.2

49.0001.1720.1600.1001/72
*[Direct/0] 3w0d 01:37:52
> via lo0.1
user@host> show route logical-system LS2

10.0.0.0/30 *[Direct/0] 3w0d 01:38:01

> via lt-0/1/0.1
10.0.0.2/32 *[Local/0] 3w0d 01:38:01
10.0.1.0/30 *[IS-IS/15] 3w0d 01:37:01, metric 20
to 10.0.0.1 via lt-0/1/0.1
> to 10.0.2.1 via lt-0/1/0.4
10.0.2.0/30 *[Direct/0] 3w0d 01:38:01
> via lt-0/1/0.4
10.0.2.2/32 *[Local/0] 3w0d 01:38:01

49.0001.1720.1600.2002/72
*[Direct/0] 3w0d 01:38:01
> via lo0.2
user@host> show route logical-system LS3

10.0.0.0/30 *[IS-IS/15] 3w0d 01:37:10, metric 20

to 10.0.2.2 via lt-0/1/0.3
> to 10.0.1.2 via lt-0/1/0.5
10.0.1.0/30 *[Direct/0] 3w0d 01:38:10
> via lt-0/1/0.5

10.0.1.1/32 *[Local/0] 3w0d 01:38:11

10.0.2.0/30 *[Direct/0] 3w0d 01:38:11
> via lt-0/1/0.3
10.0.2.1/32 *[Local/0] 3w0d 01:38:11

49.0001.1234.1600.2231/72
*[Direct/0] 3w0d 01:38:11
> via lo0.3
From LS1, Ping LS3

user@host> set cli logical-system LS1
user@host:LS1> ping 10.0.2.1
PING 10.0.2.1 (10.0.2.1): 56 data bytes

^C
From LS3, Ping LS1

PING 10.0.0.1 (10.0.0.1): 56 data bytes

^C
From LS1, Ping LS2

PING 10.0.2.2 (10.0.2.2): 56 data bytes

^C

IS-IS Feature Guide
From LS2, Ping LS1

PING 10.0.1.2 (10.0.1.2): 56 data bytes

^C
From LS2, Ping LS3

PING 10.0.1.1 (10.0.1.1): 56 data bytes

^C
From LS3, Ping LS2

PING 10.0.0.2 (10.0.0.2): 56 data bytes

^C
Related • Example: Creating an Interface on a Logical System

Documentation
• Example: Connecting Logical Systems Within the Same Device Using Logical Tunnel
Interfaces on MX Series Routers and EX Series Switches

Example: Configuring an IS-IS Default Route Policy on Logical Systems
This example shows logical systems configured on a single physical router and explains
how to configure a default route on one logical system.

Requirements
example.
Overview
This example shows a logical system redistributing a default route to other logical systems.
All logical systems are running IS-IS. A common reason for a default route is to provide
a path for sending traffic destined outside the IS-IS domain.
In this example, the default route is not used for forwarding traffic. The no-install
statement prevents the route from being installed in the forwarding table of Logical
System LS3. If you configure a route so it is not installed in the forwarding table, the route
is still eligible to be exported from the routing table to other protocols. The discard
statement silently drops packets without notice.
Figure 36: IS-IS with a Default Route to an ISP

IS-IS Feature Guide
Configuration

set logical-systems LS3 protocols isis export isis-default
set logical-systems LS3 routing-options static route 0.0.0.0/0 discard
set logical-systems LS3 routing-options static route 0.0.0.0/0 no-install
set logical-systems LS3 policy-options policy-statement isis-default from protocol static
set logical-systems LS3 policy-options policy-statement isis-default from route-filter
0.0.0.0/0 exact
set logical-systems LS3 policy-options policy-statement isis-default then accept
To configure an IS-IS default route policy on logical systems:
1. Configure the logical tunnel interfaces.
[edit logical-systems LS3 interfaces lt-1/2/0]

user@R1# set unit 3 description LS3->LS2
user@R1# set unit 3 encapsulation ethernet
user@R1# set unit 3 peer-unit 4
user@R1# set unit 3 family inet address 10.0.2.1/30
user@R1# set unit 3 family iso
user@R1# set unit 5 description LS3->LS1
user@R1# set unit 5 encapsulation ethernet
user@R1# set unit 5 peer-unit 0
user@R1# set unit 5 family inet address 10.0.1.1/30
user@R1# set unit 5 family iso
[edit logical-systems LS3 interfaces lo0 unit 3]


user@R1# set interface lt-1/2/0.3
user@R1# set interface lt-1/2/0.5
3. Configure the default route on Logical System LS3.
[edit logical-systems LS3 routing-options]

user@R1# set static route 0.0.0.0/0 discard
user@R1# set static route 0.0.0.0/0 no-install
4. Configure the default route policy on Logical System LS3.
[edit logical-systems LS3 policy-options]

user@R1# set policy-statement isis-default from protocol static
user@R1# set policy-statement isis-default from route-filter 0.0.0.0/0 exact
user@R1# set policy-statement isis-default then accept
5. Apply the export policy to IS-IS on Logical System LS3.

user@R1# set export isis-default
[edit]
user@R1# commit
Results
From configuration mode, confirm your configuration by issuing the show logical-systems
LS3 command. If the output does not display the intended configuration, repeat the
user@R1# show logical-systems LS3

interfaces {
lt-1/2/0 {
unit 3 {
peer-unit 4;
family inet {
address 10.0.2.1/30;
}

IS-IS Feature Guide
family iso;
}
unit 5 {
peer-unit 0;
family inet {
address 10.0.1.1/30;
}
family iso;
}
}
lo0 {
unit 3 {
family iso {
address 49.0001.1234.1600.2231.00;
}
}
}
}
protocols {
isis {
export isis-default;
interface lo0.3 {
passive;
}
}
}
policy-options {
policy-statement isis-default {
from {
protocol static;
}
then accept;
}
}
routing-options {
static {
route 0.0.0.0/0 {
discard;
no-install;
}
}
}
}
Verification

Verifying That the Static Route Is Redistributed
Purpose Make sure that the IS-IS policy is working by checking the routing tables.

IS-IS Feature Guide
Action user@R1> show route logical-system LS3

0.0.0.0/0 *[Static/5] 00:00:45

Discard
10.0.0.0/30 *[IS-IS/15] 1w0d 10:14:14, metric 20
to 10.0.2.2 via lt-1/2/0.3
> to 10.0.1.2 via lt-1/2/0.5
10.0.1.0/30 *[Direct/0] 1w0d 10:15:18
> via lt-1/2/0.5
10.0.1.1/32 *[Local/0] 1w0d 10:15:18
10.0.2.0/30 *[Direct/0] 1w0d 10:15:18
> via lt-1/2/0.3
10.0.2.1/32 *[Local/0] 1w0d 10:15:18

49.0001.1234.1600.2231/72
*[Direct/0] 1w0d 10:17:19
> via lo0.3
user@R1> show route logical-system LS2

0.0.0.0/0 *[IS-IS/160] 00:01:38, metric 10

> to 10.0.2.1 via lt-1/2/0.4
10.0.0.0/30 *[Direct/0] 1w0d 10:16:11
> via lt-1/2/0.1
10.0.0.2/32 *[Local/0] 1w0d 10:16:11
10.0.1.0/30 *[IS-IS/15] 1w0d 10:15:07, metric 20
> to 10.0.0.1 via lt-1/2/0.1
to 10.0.2.1 via lt-1/2/0.4
10.0.2.0/30 *[Direct/0] 1w0d 10:16:11
> via lt-1/2/0.4
10.0.2.2/32 *[Local/0] 1w0d 10:16:11

49.0001.1720.1600.2002/72
*[Direct/0] 1w0d 10:18:12
> via lo0.2
user@R1> show route logical-system LS1

0.0.0.0/0 *[IS-IS/160] 00:02:01, metric 10

> to 10.0.1.1 via lt-1/2/0.0

10.0.0.0/30 *[Direct/0] 1w0d 10:16:34

> via lt-1/2/0.2
10.0.0.1/32 *[Local/0] 1w0d 10:16:34
10.0.1.0/30 *[Direct/0] 1w0d 10:16:34
> via lt-1/2/0.0
10.0.1.2/32 *[Local/0] 1w0d 10:16:34
10.0.2.0/30 *[IS-IS/15] 1w0d 10:15:55, metric 20
to 10.0.1.1 via lt-1/2/0.0
> to 10.0.0.2 via lt-1/2/0.2

49.0001.1720.1600.1001/72
*[Direct/0] 1w0d 10:18:35
> via lo0.1
Meaning The routing table on Logical System LS3 contains the default 0.0.0.0/0 route from
protocol IS-IS. The routing tables on Logical System LS1 and Logical System LS2 contain
the default 0.0.0.0/0 route from protocol IS-IS. If Logical System LS1 and Logical System
LS2 receive packets destined for networks not specified in their routing tables, those
packets will be sent to Logical System LS3 for further processing. This configuration
assumes that Logical System LS3 has a connection to an ISP or another external network.
Related • Example: Creating an Interface on a Logical System

Documentation

IS-IS Feature Guide

PART 3
Monitoring and Troubleshooting Network

Issues
• Monitoring Networks on page 405
• Troubleshooting Network Issues on page 411
• Troubleshooting IS-IS on page 419

IS-IS Feature Guide

CHAPTER 13
Monitoring Networks
• Example: Tracing Global Routing Protocol Operations on page 405

• IS-IS Purge Originator Identification Overview on page 409
Example: Tracing Global Routing Protocol Operations
This example shows how to list and view files that are created when you enable global
routing trace operations.

Requirements
You must have the view privilege.
Overview
To configure global routing protocol tracing, include the traceoptions statement at the
[edit routing-options] hierarchy level:
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable>;
flag flag <disable>;
}
The flags in a traceoptions flag statement are identifiers. When you use the set command
to configure a flag, any flags that might already be set are not modified. In the following
example, setting the timer tracing flag has no effect on the already configured task flag.
Use the delete command to delete a particular flag.
[edit routing-options traceoptions]

user@host# show
flag task;
user@host# set traceoptions flag timer
user@host# show
flag task;

IS-IS Feature Guide
flag timer;
user@host# delete traceoptions flag task
user@host# show
flag timer;
This example shows how to configure and view a trace file that tracks changes in the
routing table. The steps can be adapted to apply to trace operations for any Junos OS
hierarchy level that supports trace operations.
TIP: To view a list of hierarchy levels that support tracing operations, enter
the help apropos traceoptions command in configuration mode.
Configuration
level.
set routing-options traceoptions file routing-table-changes

set routing-options traceoptions file size 10m
set routing-options traceoptions file files 10
set routing-options traceoptions flag route
set routing-options static route 1.1.1.2/32 next-hop 10.0.45.6
Configuring Trace Operations
To configure the trace operations:
1. Configure trace operations.
[edit routing-options traceoptions]

user@host# set file routing-table-changes
user@host# set file size 10m
user@host# set file files 10
user@host# set flag route
2. Configure a static route to cause a change in the routing table.

user@host# set route 1.1.1.2/32 next-hop 10.0.45.6

Chapter 13: Monitoring Networks
[edit]
user@host# commit
Viewing the Trace File
Step-by-Step To view the trace file:

Procedure
1. In operational mode, list the log files on the system.
user@host> file list /var/log
/var/log:
...
routing-table-changes
...
2. View the contents of the routing-table-changes file.
user@host> file show /var/log/routing-table-changes
Dec 15 11:09:29 trace_on: Tracing to "/var/log/routing-table-changes" started

Dec 15 11:09:29.496507
Dec 15 11:09:29.496507 Tracing flags enabled: route
Dec 15 11:09:29.496507
Dec 15 11:09:29.533203 inet_routerid_notify: Router ID: 192.168.4.1
Dec 15 11:09:29.533334 inet_routerid_notify: No Router ID assigned
Dec 15 11:09:29.534915 inet_routerid_notify: Router ID: 192.168.4.1
Dec 15 11:09:29.582990 rt_static_reinit: examined 3 static nexthops, 0
unreferenced
Dec 15 11:09:29.589920
Dec 15 11:09:29.589920 task_reconfigure reinitializing done
...
3. Filter the output of the log file.
user@host> file show /var/log/routing-table-changes | match 1.1.1.2
Dec 15 11:15:30.780314 ADD 1.1.1.2/32 nhid 0 gw 10.0.45.6

Static pref 5/0 metric at-0/2/0.0 <ctive Int Ext>
Dec 15 11:15:30.782276 KRT Request: send len 216 v104 seq 0 ADD route/user
af 2 table 0 infot 0 addr 1.1.1.2 nhop-type unicast nhindex 663
4. View the tracing operations in real time by running the monitor start command with
an optional match condition.
user@host> monitor start routing-table-changes | match 1.1.1.2
Aug 10 19:21:40.773467 BGP RECV 0.0.0.0/0

Aug 10 19:21:40.773685 bgp_rcv_nlri: 0.0.0.0/0

IS-IS Feature Guide
Aug 10 19:21:40.773778 bgp_rcv_nlri: 0.0.0.0/0 belongs to meshgroup

Aug 10 19:21:40.773832 bgp_rcv_nlri: 0.0.0.0/0 qualified bnp->ribact 0x0
l2afcb 0x0
5. Deactivate the static route.
user@host# deactivate routing-options static route 1.1.1.2/32

user@host# commit
*** routing-table-changes ***

Dec 15 11:42:59.355557 CHANGE 1.1.1.2/32 nhid 663 gw 10.0.45.6
Static pref 5/0 metric at-0/2/0.0 <Delete Int Ext>
Dec 15 11:42:59.426887 KRT Request: send len 216 v104 seq 0 DELETE route/user
af 2 table 0 infot 0 addr 1.1.1.2 nhop-type discard filtidx 0
Dec 15 11:42:59.427366 RELEASE 1.1.1.2/32 nhid 663 gw 10.0.45.6
Static pref 5/0 metric at-0/2/0.0 <Release Delete Int Ext>
6. Halt the monitor command by pressing Enter and typing monitor stop.
[Enter]
user@host> monitor stop
7. When you are finished troubleshooting, consider deactivating trace logging to avoid
any unnecessary impact to system resources.
When configuration is deactivated, it appears in the configuration with the inactive

tag.
user@host# deactivate traceoptions
user@host# commit
user@host# show
inactive: traceoptions {
file routing-table-changes size 10m files 10;
flag route;
}
static {
inactive: route 1.1.1.2/32 next-hop 10.0.45.6;
}
8. To reactivate trace operations, use the activate configuration-mode statement.
user@host# activate traceoptions
user@host# commit

Chapter 13: Monitoring Networks
Results
From configuration mode, confirm your configuration by entering the show routing-options
user@host# show routing-options

traceoptions {
file routing-table-changes size 10m files 10;
flag route;
}
static {
route 1.1.1.2/32 next-hop 10.0.45.6;
}
Verification
Verifying That the Trace Log File Is Operating
Purpose Make sure that events are being written to the log file.
Action user@host> show log routing-table-changes
Dec 15 11:09:29 trace_on: Tracing to "/var/log/routing-table-changes" started
Related • Understanding Global Routing Protocol Tracing Operations

Documentation
• CLI Explorer
IS-IS Purge Originator Identification Overview
Starting in Junos OS release 16.2R1, when the IS-IS protocol purges entries from IS-IS
link-state database, there is no way to identify the origin of the purge. If there is a need
to investigate the cause of the purge, it is difficult to determine the Intermediate system
(IS) that initiated the purge. RFC 6232, Purge Originator Identification TLV for IS-IS defines
a type, length, and value (TLV) that can be added to the purges, to record the system ID
of the IS that had initiated the purge. If an IS generates a purge, this TLV is included in
the purge, which also has the system ID of the IS. If an IS receives a purge, the Link State
Protocol Data Unit (LSP) flooding does not change the LSP contents, and the TLV is
propagated with the purge itself. If an IS receives a purge that does not include this TLV,
it adds this TLV with both its own system ID and the system ID of the IS from which it
received the purge. This allows the IS that receives this purge to log the system ID of the
originator, or the upstream source of the purge. This makes it easier to locate the origin
of the purge and its cause. This TLV is also helpful in lab environments.

IS-IS Feature Guide
There is a possibility that during a network attack, a low lifetime is generated maliciously
for an LSP, which can initiate a purge on timeout. These LSPs with low lifetime need to
be filtered out to avoid purges triggered by a low lifetime LSP.
16.1 Starting in Junos OS release 16.2R1, when the IS-IS protocol purges entries
from IS-IS link-state database, there is no way to identify the origin of the
purge.
Related • purge-originator on page 569

Documentation

CHAPTER 14
Troubleshooting Network Issues
• Working with Problems on Your Network on page 411

• Isolating a Broken Network Connection on page 412
• Identifying the Symptoms of a Broken Network Connection on page 413
• Isolating the Causes of a Network Problem on page 414
• Taking Appropriate Action for Resolving the Network Problem on page 415
• Evaluating the Solution to Check Whether the Network Problem Is Resolved on page 416
Working with Problems on Your Network
Problem Description: This checklist provides links to troubleshooting basics, an example network,
and includes a summary of the commands you might use to diagnose problems with the
router and network.
Table 7: Checklist
Solution
for Working with Problems on Your Network
Tasks Command or Action
“Isolating a Broken Network Connection” on page 412

1. Identifying the Symptoms of a Broken Network Connection on ping (ip-address | hostname)
page 413 show route (ip-address | hostname)
traceroute (ip-address | hostname)
2. Isolating the Causes of a Network Problem on page 414 show < configuration | interfaces | protocols | route >
3. Taking Appropriate Action for Resolving the Network Problem [edit]

on page 415 delete routing options static route destination-prefix
commit and-quit
show route destination-prefix
4. Evaluating the Solution to Check Whether the Network Problem show route (ip-address | hostname)
Is Resolved on page 416 ping (ip-address | hostname) count 3
traceroute (ip-address | hostname)

IS-IS Feature Guide
Isolating a Broken Network Connection
By applying the standard four-step process illustrated in Figure 37 on page 412, you can
isolate a failed node in the network. Note that the functionality described in this section
is not supported in versions 15.1X49, 15.1X49-D30, or 15.1X49-D40.
Figure 37: Process for Diagnosing Problems in Your Network
Before you embark on the four-step process, however, it is important that you are prepared
for the inevitable problems that occur on all networks. While you might find a solution
to a problem by simply trying a variety of actions, you can reach an appropriate solution
more quickly if you are systematic in your approach to the maintenance and monitoring
of your network. To prepare for problems on your network, understand how the network
functions under normal conditions, have records of baseline network activity, and carefully
observe the behavior of your network during a problem situation.
Figure 38 on page 412 shows the network topology used in this topic to illustrate the
process of diagnosing problems in a network.
Figure 38: Network with a Problem

AS 65001 AS 65002
Aggregate Routes:
100.100.1.0/24
100.100.2.0/24
100.100.3.0/24
lo0: .1 100.100.4.0/24 lo0: .2 lo0: .3
so-0/0/0–.12.2 so-0/0/1–.23.1
R1 R2 R3
so-0/0/0–.12.1 so-0/0/1–.23.2
so-0/0/1–.15.1 so-0/0/2–.26.1 so-0/0/3–.36.1
so-0/0/1–.15.2
so-0/0/2–.26.2 so-0/0/3–.36.2
R5 R6
g003255
lo0: .5 lo0: .6
I-BGP
Key:
so-0/0/X: 10.1.x.x/30 E-BGP
lo0: 10.0.0.x/32
The network in Figure 38 on page 412 consists of two autonomous systems (ASs). AS
65001 includes two routers, and AS 65002 includes three routers. The border router (R1)
in AS 65001 announces aggregated prefixes 100.100/24 to the AS 65002 network. The

Chapter 14: Troubleshooting Network Issues
problem in this network is that R6 does not have access to R5 because of a loop between
R2 and R6.
To isolate a failed connection in your network, follow the steps in these topics:
• Identifying the Symptoms of a Broken Network Connection on page 413
• Isolating the Causes of a Network Problem on page 414
• Evaluating the Solution to Check Whether the Network Problem Is Resolved on page 416
Identifying the Symptoms of a Broken Network Connection
Problem Description: The symptoms of a problem in your network are usually quite obvious, such
as the failure to reach a remote host.
Solution To identify the symptoms of a problem on your network, start at one end of your network
and follow the routes to the other end, entering all or one of the following Junos OS
command-line interfaces (CLI) operational mode commands:
user@host> ping (ip-address | host-name)

user@host> show route (ip-address | host-name)
user@host> traceroute (ip-address | host-name)
Sample Output

PING 10.0.0.5 (10.0.0.5): 56 data bytes
36 bytes from 10.1.26.1: Time to live exceeded
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 e2db 0 0000 01 01 a8c6 10.1.26.2 10.0.0.5

4 5 00 0054 e2de 0 0000 01 01 a8c3 10.1.26.2 10.0.0.5

4 5 00 0054 e2e2 0 0000 01 01 a8bf 10.1.26.2 10.0.0.5
^C
user@R6> show route 10.0.0.5

10.0.0.5/32 *[IS-IS/165] 00:02:39, metric 10

> to 10.1.26.1 via so-0/0/2.0

IS-IS Feature Guide
user@R6> traceroute 10.0.0.5

1 10.1.26.1 (10.1.26.1) 0.649 ms 0.521 ms 0.490 ms
2 10.1.26.2 (10.1.26.2) 0.521 ms 0.537 ms 0.507 ms
3 10.1.26.1 (10.1.26.1) 0.523 ms 0.536 ms 0.514 ms
4 10.1.26.2 (10.1.26.2) 0.528 ms 0.551 ms 0.523 ms
5 10.1.26.1 (10.1.26.1) 0.531 ms 0.550 ms 0.524 ms
Meaning
The sample output shows an unsuccessful ping command in which the packets are being
rejected because the time to live is exceeded. The output for the show route command
shows the interface (10.1.26.1) that you can examine further for possible problems. The
traceroute command shows the loop between 10.1.26.1 (R2) and 10.1.26.2 (R6), as indicated
by the continuous repetition of the two interface addresses.
Isolating the Causes of a Network Problem
Problem Description: A particular symptom can be the result of one or more causes. Narrow down
the focus of your search to find each individual cause of the unwanted behavior.
Solution To isolate the cause of a particular problem, enter one or all of the following Junos OS
CLI operational mode command:
user@host> show < configuration | bgp | interfaces | isis | ospf | route >
Your particular problem may require the use of more than just the commands listed
above. See the appropriate command reference for a more exhaustive list of commonly
used operational mode commands.
Sample Output
user@R6> show interfaces terse

so-0/0/0 up up
so-0/0/0.0 up up inet 10.1.56.2/30
iso
so-0/0/2 up up
so-0/0/2.0 up up inet 10.1.26.2/30
iso
so-0/0/3 up up
so-0/0/3.0 up up inet 10.1.36.2/30
iso
[...Output truncated...]
The following sample output is from R2:

10.0.0.5/32 *[Static/5] 00:16:21

> to 10.1.26.2 via so-0/0/2.0
[BGP/170] 3d 20:23:35, MED 5, localpref 100
AS path: 65001 I
> to 10.1.12.1 via so-0/0/0.0
Meaning
The sample output shows that all interfaces on R6 are up. The output from R2 shows
that a static route [Static/5] configured on R2 points to R6 (10.1.26.2) and is the preferred
route to R5 because of its low preference value. However, the route is looping from R2
to R6, as indicated by the missing reference to R5 (10.1.15.2).
Taking Appropriate Action for Resolving the Network Problem
Problem Description: The appropriate action depends on the type of problem you have isolated.
In this example, a static route configured on R2 is deleted from the [routing-options]
hierarchy level. Other appropriate actions might include the following:
Solution • Check the local router’s configuration and edit it if appropriate.
• Troubleshoot the intermediate router.
• Check the remote host configuration and edit it if appropriate.
• Troubleshoot routing protocols.
• Identify additional possible causes.
To resolve the problem in this example, enter the following Junos OS CLI commands:
[edit]
user@R2# delete routing-options static route destination-prefix
user@R2# commit and-quit
user@R2# show route destination-prefix
Sample Output
[edit]
user@R2# delete routing-options static route 10.0.0.5/32
[edit]
user@R2# commit and-quit
commit complete
Exiting configuration mode


IS-IS Feature Guide
10.0.0.5/32 *[BGP/170] 3d 20:26:17, MED 5, localpref 100

AS path: 65001 I
> to 10.1.12.1 via so-0/0/0.0
Meaning
The sample output shows the static route deleted from the [routing-options] hierarchy
and the new configuration committed. The output for the show route command now
shows the BGP route as the preferred route, as indicated by the asterisk (*).
Evaluating the Solution to Check Whether the Network Problem Is Resolved
Problem Description: If the problem is solved, you are finished. If the problem remains or a new
problem is identified, start the process over again.
You can address possible causes in any order. In relation to the network in “Isolating a
Broken Network Connection” on page 412, we chose to work from the local router toward
the remote router, but you might start at a different point, particularly if you have reason
to believe that the problem is related to a known issue, such as a recent change in
configuration.
Solution To evaluate the solution, enter the following Junos OS CLI commands:
user@host> show route (ip-address |host-name)

user@host> ping (ip-address | host-name)
user@host> traceroute (ip-address | host-name)
Sample Output

10.0.0.5/32 *[BGP/170] 00:01:35, MED 5, localpref 100, from 10.0.0.2

AS path: 65001 I
> to 10.1.26.1 via so-0/0/2.0

PING 10.0.0.5 (10.0.0.5): 56 data bytes
^C
user@R6> traceroute 10.0.0.5

1 10.1.26.1 (10.1.26.1) 0.629 ms 0.538 ms 0.497 ms

2 10.1.12.1 (10.1.12.1) 0.534 ms 0.538 ms 0.510 ms

3 10.0.0.5 (10.0.0.5) 0.776 ms 0.705 ms 0.672 ms
Meaning
The sample output shows that there is now a connection between R6 and R5. The show
route command shows that the BGP route to R5 is preferred, as indicated by the asterisk
(*). The ping command is successful and the traceroute command shows that the path
from R6 to R5 is through R2 (10.1.26.1), and then through R1 (10.1.12.1).

IS-IS Feature Guide

CHAPTER 15
Troubleshooting IS-IS
• Verifying the IS-IS Protocol on page 419

• Verifying the IS-IS Configuration on a Router in a Network on page 428
• Displaying the Status of IS-IS Adjacencies on page 435
• Displaying Detailed IS-IS Protocol Information on page 439
• Analyzing IS-IS Link-State PDUs in Detail on page 441
• Displaying Sent or Received IS-IS Protocol Packets on page 443
Verifying the IS-IS Protocol
Purpose
If your MPLS network is configured with IS-IS as the interior gateway protocol (IGP), and
the output of the show mpls lsp extensive command shows that there is a problem, check
the IP and IS-IS layers. Because IS-IS and IP are independent of each other, you can check
either layer first. For more information about checking the IP layer, see Verifying the IP
Layer.
After you have checked the IP layer and determined that there is still a problem, check
the IS-IS layer, verify that IS-IS adjacencies are up, and make sure that the interfaces
and IS-IS protocol are configured correctly.

IS-IS Feature Guide
Figure 39: MPLS Network Broken at the IS-IS Protocol Layer
To check the IS-IS protocol, follow these steps:
1. Verify the LSP on page 420

2. Verify IS-IS Adjacencies and Interfaces on page 422
3. Verify the IS-IS Configuration on page 423
4. Take Appropriate Action on page 424
5. Verify the LSP Again on page 425
Verify the LSP
Purpose Confirm that interfaces are configured for IS-IS, that the IS-IS protocol is configured
correctly, and that adjacencies are established.
Action To verify the label-switched path (LSP), enter the following command on the ingress,
transit, and egress routers:
user@host> show mpls lsp extensive
Sample Output 1
user@R1> show mpls lsp extensive

Ingress LSP: 1 sessions
10.0.0.6
From: 10.0.0.1, State: Dn, ActiveRoute: 0 , LSPname: R1-to-R6
ActivePath: (none)
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Primary State: Dn
24 Oct 21 13:48:01 No Route toward dest [3 times]
23 Oct 21 13:47:44 Deselected as active

Chapter 15: Troubleshooting IS-IS
22 Oct 21 13:47:43 No Route toward dest[2 times]

21 Oct 21 13:47:43 ResvTear received
20 Oct 21 13:47:43 Down
19 Oct 21 13:47:43 10.1.13.2: No Route toward dest[2 times]
18 Oct 21 13:47:38 Record Route: 10.1.13.2 10.1.36.2
Created: Tue Oct 19 21:22:53 2004
Egress LSP: 0 sessions

Transit LSP: 0 sessions

Sample Output 2



Sample Output 3

10.0.0.1
From: 10.0.0.6, State: Dn, ActiveRoute: 0 , LSPname: R6-to-R1
ActivePath: (none)
LoadBalance: Random
Primary State: Dn
Will be enqueued for recomputation in 3 second(s).
13 Oct 21 14:23:33 CSPF failed: no route toward 10.0.0.1[90 times]
12 Oct 21 13:39:56 Deselected as active
11 Oct 21 13:39:56 CSPF: could not determine self
Created: Tue Oct 19 22:28:30 2004


Meaning The sample output shows that LSP R1-to-R6 and the reverse LSP R6-to-R1 are down,
and there are no LSP sessions on transit router R3.

IS-IS Feature Guide
Verify IS-IS Adjacencies and Interfaces
Purpose When you check the IS-IS layer, you verify that IS-IS adjacencies are up and that the IS-IS
interfaces are included at the protocol level.
Action To verify the functioning of adjacent interfaces, enter the following commands from the
relevant routers:
user@host> show isis adjacency

user@host> show isis interface
Sample Output 1

so-0/0/0.0 R2 2 Up 20
so-0/0/1.0 R5 2 Up 23
so-0/0/2.0 R3 2 Up 26

so-0/0/0.0 R4 2 Up 23
so-0/0/1.0 R2 2 Up 21
so-0/0/2.0 R1 2 Up 19
so-0/0/3.0 R6 2 Down 0

IS-IS instance is not running
Sample Output 2

so-0/0/0.0 2 0x1 Disabled Point to Point 10/10


so-0/0/0.0 1 0x1 Point to Point Disabled 10/10

so-0/0/1.0 1 0x1 Down Disabled 10/10

Meaning Sample Output 1 shows that ingress router R1 has established adjacencies with the
relevant routers. Transit router R3 does not have an adjacency with egress router R6, and
egress router R6 has no adjacencies established in the network shown in MPLS Network
Broken at the IP and IGP Layers, indicating that the problem might be at the IS-IS protocol
level.
Sample Output 2 shows that R1 and R2 are Level 2 routers, in contrast to R6 which is a
Level 1 router. When a router is configured explicitly as a Level 1 or Level 2 router, it does
not communicate with routers configured at a different level. Level 1 routers communicate
with other Level 1 routers within their area, while Level 2 routers communicate with other
Level 2 routers, and toward other autonomous systems. Because all the routers in this
network are configured for Level 2, they cannot form an adjacency with R6, which is
incorrectly configured as a Level 1 router.
See Also • Example: Configuring a Multi-Level IS-IS Topology to Control Interarea Flooding on
page 21

page 20
Verify the IS-IS Configuration
Purpose When you have determined that the problem is probably at the IS-IS protocol level, check
the IS-IS configuration of the routers in your network.
Action To verify the IS-IS configuration, enter the following command from the relevant routers:
user@host> show configuration protocols isis
Sample Output
user@R1> show configuration protocols isis

level 1 disable;
interface lo0.0; {
passive

level 1 disable;
interface all {
level 2 metric 10;
}

IS-IS Feature Guide
interface fxp0.0 {
disable;
}
interface lo0.0; {
passive

level 2 disable; <<< Incorrect level disabled
interface all {
level 2 metric 10;
}
interface fxp0.0 {
disable;
}
interface lo0.0; {
passive
Meaning The sample output shows that R6 has Level 2 disabled, while R1 and R3 have Level 1
disabled. For IS-IS adjacencies to establish, routers need to be at the same level. Another
common configuration error is to omit the loopback interface (lo0) from the configuration
at the [edit protocols isis] hierarchy level. IS-IS does not function correctly if the loopback
interface (lo0) is not configured at this level. In addition, including the passive statement
ensures that protocols are not run over the loopback interface (lo0) and that the loopback
interface (lo0) is advertised correctly throughout the network.
Take Appropriate Action
Problem Description: Depending on the error you encountered in your investigation, you must take
the appropriate action to correct the problem. In the example below, the routers are
configured to function at different levels of the IS-IS protocol.
Solution To correct the error in this example, enter the following commands:
Sample Output

user@R6# show
level 2 disable;
interface all {
level 2 metric 10;
}
interface fxp0.0 {
disable;
}
interface lo0.0; {
passive

user@R6# delete level 2

user@R6# set level 1 disable

user@R6# show
level 1 disable;
interface all {
level 2 metric 10;
}
interface fxp0.0 {
disable;
}
interface lo0.0; {
passive

user@R6# commit
commit complete

user@R6# run show isis adjacency
so-0/0/0.0 R5 2 Up 22
so-0/0/1.0 R4 2 Up 22
so-0/0/2.0 R2 2 Up 22
so-0/0/3.0 R3 2 Up 22
Meaning
The sample output shows that the configuration error on egress router R6 has been
corrected, and IS-IS adjacencies are now established.
See Also • IS-IS Feature Guide
Verify the LSP Again
Purpose After taking the appropriate action to correct the error, the label-switched path (LSP)
needs to be checked again to confirm that the problem in the RSVP layer has been
resolved.
Action To verify that the LSP is up and traversing the network as expected, enter the following
command from the ingress, egress, and transit routers:
user@host> show mpls lsp extensive
Sample Output 1

10.0.0.6
From: 10.0.0.1, State: Up, ActiveRoute: 1 , LSPname: R1-to-R6

IS-IS Feature Guide
ActivePath: (primary)
LoadBalance: Random
*Primary State: Up
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 20)
10.1.13.2 S 10.1.36.2 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt):
10.1.13.2 10.1.36.2
5 Oct 21 15:52:07 Selected as active path
4 Oct 21 15:52:07 Record Route: 10.1.13.2 10.1.36.2
3 Oct 21 15:52:07 Up
2 Oct 21 15:52:07 Originate Call
1 Oct 21 15:52:07 CSPF: computation result accepted
Created: Thu Oct 21 15:52:06 2004
Total 1 displayed, Up 1 , Down 0
10.0.0.1
From: 10.0.0.6, LSPstate: Up, ActiveRoute: 0
LSPname: R6-to-R1 , LSPpath: Primary
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: -
Resv style: 1 FF, Label in: 3, Label out: -
Time left: 142, Since: Thu Oct 21 15:41:59 2004
Tspec: rate 0bps size 0bps peak Infbps m 20 M 1500
Port number: sender 2 receiver 39082 protocol 0
PATH rcvfrom: 10.1.13.2 (so-0/0/2.0) 17 pkts
Adspec: received MTU 1500
PATH sentto: localclient
RESV rcvfrom: localclient
Record route: 10.1.36.2 10.1.13.2 <self>
Total 1 displayed, Up 1 , Down 0

Sample Output 2


10.0.0.1
Recovery label received: -, Recovery label sent: 3
Resv style: 1 FF, Label in: 100528, Label out: 3


Adspec: received MTU 1500 sent MTU 1500
PATH sentto: 10.1.13.1 (so-0/0/2.0) 17 pkts
RESV rcvfrom: 10.1.13.1 (so-0/0/2.0) 17 pkts
Explct route: 10.1.13.1
Record route: 10.1.36.2 <self> 10.1.13.1
10.0.0.6
Recovery label received: -, Recovery label sent: 3
Resv style: 1 FF, Label in: 100544, Label out: 3
Adspec: received MTU 1500 sent MTU 1500
PATH sentto: 10.1.36.2 (so-0/0/3.0) 4 pkts
RESV rcvfrom: 10.1.36.2 (so-0/0/3.0) 4 pkts
Explct route: 10.1.36.2
Record route: 10.1.13.1 <self> 10.1.36.2
Sample Output 3

10.0.0.1
From: 10.0.0.6, State: Up, ActiveRoute: 1, LSPname: R6-to-R1
ActivePath: (primary)
LoadBalance: Random
*Primary State: Up
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 20)
10.1.36.1 S 10.1.13.1 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt):
10.1.36.1 10.1.13.1
18 Oct 21 15:34:18 Selected as active path
17 Oct 21 15:34:17 Record Route: 10.1.36.1 10.1.13.1
16 Oct 21 15:34:17 Up
15 Oct 21 15:34:17 Originate Call
14 Oct 21 15:34:17 CSPF: computation result accepted
Created: Tue Oct 19 22:28:30 2004
10.0.0.6
Recovery label received: -, Recovery label sent: -
Resv style: 1 FF, Label in: 3, Label out: -

IS-IS Feature Guide

Adspec: received MTU 1500
PATH sentto: localclient
RESV rcvfrom: localclient
Record route: 10.1.13.1 10.1.36.1 <self>

Meaning Sample Outputs 1 and 3 from ingress router R1 and egress router R6 show that the LSP
is now traversing the network along the expected path, from R1 through R3 to R6, and
the reverse LSP, from R6 through R3 to R1. In addition, Sample Output 2 from transit
router R3 shows that there are two transit LSP sessions, one from R1 to R6, and the other
from R6 to R1.
Verifying the IS-IS Configuration on a Router in a Network
Purpose
For IS-IS to run on a router (intermediate system) in your network, you must enable IS-IS
on the router, configure a network entity title (NET) on the loopback interface (lo0), and
configure family iso on all interfaces on which you want to run IS-IS. When you enable
IS-IS on a router, Level 1 and Level 2 are enabled by default.
Figure 40 on page 429 illustrates an example of routers at different levels in an IS-IS

topology.

Figure 40: Levels in an IS-IS Network Topology
The network in Figure 40 on page 429 is organized hierarchically and consists of Level 2,
Level 1/Level 2, and Level 1 routers in one autonomous system (AS) divided into four
areas: 49.0001, 49.0002, 49.0003, and 49.0004. The Level 2 routers route toward other
autonomous systems. The Level 1/Level 2 routers route between areas and to other
autonomous systems. The Level 1 routers route within an area, and when the destination
is outside the local area, they route toward a Level1/Level2 system.
In the following topics, the configuration of the various types of routers is examined.
Figure 41 on page 430 provides more details about the IS-IS network topology in
Figure 40 on page 429 so that you can verify the configuration output of the various routers.

IS-IS Feature Guide
Figure 41: IS-IS Network Topology with Details
To verify that IS-IS is configured correctly on routers at different levels, follow these
steps:
1. Check the Configuration of a Level 1/Level 2 Router on page 430

2. Check the Configuration of a Level 1 Router on page 432
3. Check the Configuration of a Level 2 Router on page 434
Check the Configuration of a Level 1/Level 2 Router
Purpose Check the configuration of a Level 1/Level 2 router.
Action To verify the IS-IS configuration of a Level 1/Level 2 router in your network, enter the
following Junos OS command-line interface (CLI) commands:
user@host# [edit protocols isis] show

user@host# [edit protocols isis]
user@host# run show isis interface
user@host# [edit] edit interfaces
user@host# [edit interfaces] show
The following output is for an IS-IS configuration on R2, a Level 1/Level 2 router in the
network shown.

Sample Output

user@R2# show
level 2 metric 10;
level 1 disable;
}
level 2 disable;
level 1 metric 10;
}
level 2 metric 10;
level 1 disable;
}
interface fxp0.0 {
disable;
}
interface lo0.0;

user@R2# run show isis interface
so-0/0/1.0 3 0x1 Point to Point Point to Point 10/10
[edit interfaces]
user@R2# show
so-0/0/0 {
unit 0 {
family inet {
address 10.1.12.2/30;
}
family iso;
}
}
so-0/0/1 {
unit 0 {
family inet {
address 10.1.23.1/30;
}
family iso;
}
}
so-0/0/2 {
unit 0 {
family inet {
address 10.1.26.1/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.0.2/32;

IS-IS Feature Guide
}
family iso {
address 49.0002.1000.0000.0002.00;
}
}
}
Meaning The sample output shows a basic configuration of IS-IS on R2, a Level 1/Level 2 router.
The basic configuration is at the [edit protocols isis] and [edit interfaces] hierarchy levels.
At the [edit protocols isis] level, five interfaces are included: so-0/0/0, so-0/0/1, so-0/0/2,
fxp0, and the loopback interface (lo0). Two interfaces, so-0/0/0.0 and so-0/0/2.0,
have Level 1 disabled, making them Level 2 interfaces. One interface, so-0/0/1.0, has
Level 2 disabled, making it a Level 1 interface. The management interface (fxp0) is
disabled so that IS-IS packets are not sent over it, and the loopback interface (lo0) is
included because it becomes a point of connection from the router to the IS-IS network.
At the [edit interfaces] hierarchy level, all of the interfaces included in the [edit protocols
isis] hierarchy level are configured with family iso, and the loopback interface (lo0) is
configured with the NET address 49.0002.1000.0000.0002.00. Every router in an IS-IS
network must have at least one NET address that identifies a point of connection to the
IS-IS network. The NET address is generally configured on the loopback interface (lo0).
Routers that participate in multiple areas can have multiple NET addresses.
page 21
Check the Configuration of a Level 1 Router
Purpose To check the configuration of a Level 1 router.
Action To check the configuration of a Level 1 router, enter the following CLI commands:

user@host# [edit protocols isis] run show isis interface
The following sample output is for R4, a Level 1 router in the network shown in The
following output is for an IS-IS configuration on R2, a Level 1/Level 2 router in the network
shown.
Sample Output
user@R4# show

level 2 disable;
level 1 metric 10;
}
interface fxp0.0 {
disable;
}
interface lo0.0;

[edit interfaces]
user@R4# show
so-0/0/2 {
unit 0 {
family inet {
address 10.1.45.1/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.0.4/32;
}
family iso {
address 49.0001.1000.0000.0004.00;
}
}
}
Meaning The sample output shows a basic configuration of IS-IS on R4, a Level 1 router. The basic
configuration is at the [edit protocols isis] and [edit interfaces] hierarchy levels.
At the [edit protocols isis] hierarchy level, three interfaces are included: so-0/0/2.0, fxp0,
and the loopback interface (lo0). Level 2 is disabled on the router, making it a Level 1
router that sends packets within its local area, 49.0001. When a packet destination is
outside the local area, R4 establishes an adjacency with the nearest Level 1/Level 2 router
(R5) that forwards the packets. For more information about adjacencies, see “Displaying
the Status of IS-IS Adjacencies” on page 435.
One interface, so-0/0/2.0, is configured for IS-IS. The management interface (fxp0) is
disabled so that IS-IS packets are not sent over it, and the loopback interface (lo0) is
included because it becomes a point of connection from the router to the IS-IS network.
At the [edit interfaces] hierarchy level, the interface included in the [edit protocols isis]
hierarchy level is also configured with family iso, and the loopback interface (lo0) is
configured with the NET address of 49.0001.1000.0000.0004.00. Every router in an
IS-IS network must have at least one NET address that identifies a point of connection

IS-IS Feature Guide
to the IS-IS network. The NET address is generally configured on the loopback interface
(lo0). Routers that participate in multiple areas can have multiple NET addresses.
See Also • Example: Configuring IS-IS on page 14
Check the Configuration of a Level 2 Router
Purpose Check the configuration of a Level 2 router.
Action To check the configuration of a Level 2 router, enter the following CLI commands:

user@host# [edit protocols isis] run show isis interface
The following sample output is for R6, a Level 2 router in the network shown.
Sample Output

user@R6# show
level 1 disable;
level 2 metric 10;
}
level 2 metric 10;
}
interface fxp0.0 {
disable;
}
interface lo0.0;

[edit interfaces]
user@R6# show
so-0/0/0 {
unit 0 {
family inet {
address 10.1.56.2/30;
}
family iso;
}
}
so-0/0/2 {
unit 0 {

family inet {
address 10.1.26.2/30;
}
family iso;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.0.6/32;
}
family iso {
address 49.0003.1000.0000.0006.00;
}
}
}
Meaning The sample output shows a basic configuration of IS-IS on R6, a Level 2 router. The basic
configuration is at the [edit protocols isis] and [edit interfaces] hierarchy levels.
At the [edit protocols isis] level, four interfaces are included: so-0/0/0.0, so-0/0/2.0,
fxp0, and the loopback interface (lo0). Level 1 is disabled on the two SONET/SDH
interfaces, making this a Level 2 router that routes between areas and toward other ASs.
The management interface (fxp0) is disabled so that IS-IS packets are not sent over it,
and the loopback interface (lo0) is included because it becomes a point of connection
from the router to the IS-IS network.
At the [edit interfaces] hierarchy level, the interfaces included in the [edit protocols isis]
hierarchy level are also configured with family iso, and the loopback interface (lo0) is
configured with the NET address of 49.0003.1000.0000.0006.00. Every router in an
IS-IS network must have at least one NET address that identifies a point of connection
to the IS-IS network. The NET address is generally configured on the loopback interface
(lo0). Routers that participate in multiple areas can have multiple NET addresses.
See Also • Example: Configuring IS-IS on page 14

page 21
Displaying the Status of IS-IS Adjacencies
Purpose
Assuming that all the routers are correctly configured for IS-IS, you can verify which
neighbors are adjacent and able to exchange IS-IS data. In addition, you can examine

IS-IS Feature Guide
the set of routes installed in the forwarding table to verify that the routing protocol process
(rpd) has relayed the correct information into the forwarding table.
Figure 42 on page 436 illustrates the example IS-IS topology used for the procedures in
this topic.
Figure 42: IS-IS Network Topology
The network consists of Level 1 and Level 2 adjacencies. Level 1 adjacencies are within
areas 49.0001 and 49.0002. Level 2 adjacencies occur between all directly connected
Level 2 routers regardless of which area they are in. For example, R5 is in area 49.0001,
R6 is in area 49.0003, R1 is in area 49.0004, and R2 is in area 49.0002. The network in
Figure 42 on page 436 should have the following adjacencies:
• Level 2 adjacencies between all directly connected Level 2 routers (R1, R2, R5, and R6).
• Level 1 adjacencies between routers in area 49.0001 (R4 and R5) and between routers
in area 49.0002 (R2 and R3).
To verify that routers are adjacent and able to exchange IS-IS data, follow these steps:
1. Verifying Adjacent Routers on page 436

2. Examine the Forwarding Table on page 438
Verifying Adjacent Routers
Purpose Verify that routers are adjacent and able to exchange IS-IS data.

Action To verify that routers are adjacent and able to exchange IS-IS data, enter the following
CLI operational mode command:
The following sample output shows the adjacencies that formed for all routers shown
in “Displaying the Status of IS-IS Adjacencies” on page 435.
Sample Output

so-0/0/0.0 R2 2 Up 19
so-0/0/1.0 R5 2 Up 18

so-0/0/0.0 R1 2 Up 19
so-0/0/1.0 R3 1 Up 26
so-0/0/2.0 R6 2 Up 21

so-0/0/1.0 R2 1 Up 24

so-0/0/2.0 R5 1 Up 23

so-0/0/0.0 R6 2 Up 22
so-0/0/1.0 R1 2 Up 20
so-0/0/2.0 R4 1 Up 20

so-0/0/0.0 R5 2 Up 21
so-0/0/2.0 R2 2 Up 20
Meaning The sample output shows the adjacencies that formed in the network illustrated in
“Displaying the Status of IS-IS Adjacencies” on page 435. The Level 1/Level 2 routers (R2
and R5) formed Level 1 adjacencies with Level 1 routers (R3 and R4), and Level 2
adjacencies with the Level 2 routers (R1 and R6). To view the status of the adjacency,
examine the State column. In this example, all adjacencies in the network are up.
If the state is not Up for a particular neighbor, you must first examine the IS-IS
configuration for the particular interface. Make sure that the NET address is correct and
that the loopback interface (lo0) is configured. Use the show isis interface or show isis
interface detail command to display the IS-IS parameters for all interfaces configured
with IS-IS. With these two commands, you can see which interfaces are configured for
IS-IS, whether they are configured for Level 1 or Level 2, the IS-IS metric, and other IS-IS
information.

IS-IS Feature Guide
page 21
Examine the Forwarding Table
Purpose You can display the set of routes installed in the forwarding table to verify that the routing
protocol process (rpd) has relayed the correct information into the forwarding table. This
is especially important when there are network problems, such as connectivity. In this
procedure, you verify that the routes displayed in Step 2 appear in the forwarding table
for Router R5.
Action To examine the forwarding table for a router, enter the following CLI command:
user@host> show route forwarding-table destination destination-prefix
Sample Output
user@R5> show route forwarding-table destination 10.0.0.3
Routing table: inet

Internet:
10.0.0.3/32 user 0 10.1.15.0 ucst 285 7 so-0/0/1.0
user@R5> show route forwarding-table destination 10.0.0.3
Routing table: inet
Internet:
10.0.0.3/32 user 0 10.1.56.0 ucst 281 9 so-0/0/0.0
Meaning The sample output shows the selected next hop between Routers R5 and R3 sent from
the inet routing table and installed into the forwarding table. The first instance shows
the route through Router R1, and the second instance shows the route through Router
R6. In both instances, the preferred route displayed in Step 2 is installed in the forwarding
table.
In general, the sample output includes the destination address and destination type, the
next-hop address and next-hop type, the number of references to the next hop, an index
number into an internal next-hop database, and the interface used to reach the next hop.
See Also • Understanding IS-IS Areas to Divide an Autonomous System into Smaller Groups on
page 20
Related • Verifying the IS-IS Protocol on page 419

Documentation

Displaying Detailed IS-IS Protocol Information
Action To trace IS-IS messages in detail, follow these steps:
1. Configure the flag to display detailed IS-IS protocol messages.

user@host# set flag hello detail
2. Verify the configuration.
user@host# show
For example:

user@host# show
file isislog size 10k files 10;
flag hello detail;
3. Commit the configuration.
user@host# commit
4. View the contents of the file containing the detailed messages.
user@host# run show log filename
For example:
user@host# run show log isislog
Nov 29 23:17:50 trace_on: Tracing to "/var/log/isislog" started

Nov 29 23:17:50 Sending PTP IIH on so-1/1/1.0
Nov 29 23:17:53 Sending PTP IIH on so-1/1/0.0
Nov 29 23:17:54 Received PTP IIH, source id abc-core-01 on so-1/1/0.0
Nov 29 23:17:54 from interface index 11
Nov 29 23:17:54 max area 0, circuit type l2, packet length 4469
Nov 29 23:17:54 hold time 30, circuit id 6
Nov 29 23:17:54 neighbor state up
Nov 29 23:17:54 speaks IP
Nov 29 23:17:54 area address 99.0008 (1)
Nov 29 23:17:54 IP address 10.10.10.29
Nov 29 23:17:54 4396 bytes of total padding
Nov 29 23:17:54 updating neighbor abc-core-01
Nov 29 23:17:55 Received PTP IIH, source id abc-core-02 on so-1/1/1.0
Nov 29 23:17:55 from interface index 12
Nov 29 23:17:55 max area 0, circuit type l2, packet length 4469
Nov 29 23:17:55 hold time 30, circuit id 6
Nov 29 23:17:55 neighbor state up
Nov 29 23:17:55 area address 99.0000 (1)
Nov 29 23:17:55 IP address 10.10.10.33

IS-IS Feature Guide
Nov 29 23:17:55 4396 bytes of total padding

Nov 29 23:17:55 updating neighbor abc-core-02
Meaning Table 8 on page 440 lists tracing flags that can be configured specific to IS-IS and presents
example output for some of the flags.
Table 8: IS-IS Protocol Tracing Flags
Tracing Flags Description Example Output
csn Complete sequence Nov 28 20:02:48 Sending L2 CSN on interface so-1/1/0.0Nov 28 20:02:48 Sending L2 CSN
number PDU (CSNP) on interface so-1/1/1.0
With the detail option.
Nov 28 20:06:08 Sending L2 CSN on interface so-1/1/1.0Nov 28 20:06:08 LSP

abc-core-01.00-00 lifetime 1146Nov 28 20:06:08 sequence 0x1c4f8 checksum 0xa1e9Nov
28 20:06:08 LSP abc-core-02.00-00 lifetime 411Nov 28 20:06:08 sequence 0x7435
checksum 0x5424Nov 28 20:06:08 LSP abc-brdr-01.00-00 lifetime 465Nov 28 20:06:08
sequence 0xf73 checksum 0xab10Nov 28 20:06:08 LSP abc-edge-01.00-00 lifetime
1089Nov 28 20:06:08 sequence 0x1616 checksum 0xdb29Nov 28 20:06:08 LSP
abc-edge-02.00-00 lifetime 1103Nov 28 20:06:08 sequence 0x45cc checksum 0x6883
hello Hello packet Nov 28 20:13:50 Sending PTP IIH on so-1/1/1.0Nov 28 20:13:50 Received PTP IIH, source
id abc-core-01 on so-1/1/0.0Nov 28 20:13:53 Received PTP IIH, source id abc-core-02 on
so-1/1/1.0Nov 28 20:13:57 Sending PTP IIH on so-1/1/0.0Nov 28 20:13:58 Received PTP IIH,
source id abc-core-01 on so-1/1/0.0Nov 28 20:13:59 Sending PTP IIH on so-1/1/1.0
lsp Link-state PDUs Nov 28 20:15:46 Received L2 LSP abc-edge-01.00-00, interface so-1/1/0.0Nov 28 20:15:46
(LSPs) from abc-core-01Nov 28 20:15:46 sequence 0x1617, checksum 0xd92a, lifetime 1197Nov
28 20:15:46 Updating L2 LSP abc-edge-01.00-00 in TEDNov 28 20:15:47 Received L2 LSP
abc-edge-01.00-00, interface so-1/1/1.0Nov 28 20:15:47 from abc-core-02Nov 28 20:15:47
sequence 0x1617, checksum 0xd92a, lifetime 1197
lsp-generation Link-state PDU Nov 28 20:21:24 Regenerating L1 LSP abc-edge-03.00-00, old sequence 0x682Nov 28
generation packets 20:21:27 Rebuilding L1, fragment abc-edge-03.00-00Nov 28 20:21:27 Rebuilt L1 fragment
abc-edge-03.00-00, size 59Nov 28 20:31:52 Regenerating L2 LSP abc-edge-03.00-00,
old sequence 0x689Nov 28 20:31:54 Rebuilding L2, fragment abc-edge-03.00-00Nov 28
20:31:54 Rebuilt L2 fragment abc-edge-03.00-00, size 256Nov 28 20:34:05 Regenerating
L1 LSP abc-edge-03.00-00, old sequence 0x683Nov 28 20:34:08 Rebuilding L1, fragment
abc-edge-03.00-00Nov 28 20:34:08 Rebuilt L1 fragment abc-edge-03.00-00, size 59
packets All IS-IS protocol Not available.

packets

Table 8: IS-IS Protocol Tracing Flags (continued)
Tracing Flags Description Example Output
psn Partial sequence Nov 28 20:40:39 Received L2 PSN, source abc-core-01, interface so-1/1/0.0Nov 28 20:40:39
number PDU (PSNP) Received L2 PSN, source abc-core-02, interface so-1/1/1.0Nov 28 20:41:36 Sending L2 PSN
packets on interface so-1/1/1.0Nov 28 20:41:36 Sending L2 PSN on interface so-1/1/0.0Nov 28
20:42:35 Received L2 PSN, source abc-core-02, interface so-1/1/1.0Nov 28 20:42:35 LSP
abc-edge-03.00-00 lifetime 1196Nov 28 20:42:35 sequence 0x68c checksum 0x746dNov
28 20:42:35 Received L2 PSN, source abc-core-01, interface so-1/1/0.0Nov 28 20:42:35
LSP abc-edge-03.00-00 lifetime 1196Nov 28 20:42:35 sequence 0x68c checksum
0x746dNov 28 20:42:49 Sending L2 PSN on interface so-1/1/1.0Nov 28 20:42:49 LSP
abc-core-01.00-00 lifetime 1197Nov 28 20:42:49 sequence 0x1c4fb checksum 0x9becNov
28 20:42:49 Sending L2 PSN on interface so-1/1/0.0Nov 28 20:42:49 LSP
abc-core-01.00-00 lifetime 1197Nov 28 20:42:49 sequence 0x1c4fb checksum 0x9bec
spf Shortest-path-first Nov 28 20:44:01 Scheduling SPF for L1: ReconfigNov 28 20:44:01 Scheduling multicast
(SPF) calculations SPF for L1: ReconfigNov 28 20:44:01 Scheduling SPF for L2: ReconfigNov 28 20:44:01
Scheduling multicast SPF for L2: ReconfigNov 28 20:44:02 Running L1 SPFNov 28 20:44:02
L1 SPF initialization complete: 0.000099s cumulative timeNov 28 20:44:02 L1 SPF primary
processing complete: 0.000303s cumulative timeNov 28 20:44:02 L1 SPF result
postprocessing complete: 0.000497s cumulative timeNov 28 20:44:02 L1 SPF RIB
postprocessing complete: 0.000626s cumulative timeNov 28 20:44:02 L1 SPF routing
table postprocessing complete: 0.000736s cumulative time

page 21
Analyzing IS-IS Link-State PDUs in Detail
To analyze IS-IS link-state PDUs in detail, follow these steps:
1. Configure IS-IS open messages.

user@host# set flag lsp detail
user@host# show
For example:

user@host# show
file isislog size 5m world-readable;
flag error;
flag lsp detail;

IS-IS Feature Guide
user@host# commit
For example:

Nov 28 20:17:24 Received L2 LSP abc-core-01.00-00, interface so-1/1/0.0
Nov 28 20:17:24 from abc-core-01
Nov 28 20:17:24 sequence 0x1c4f9, checksum 0x9fea, lifetime 1199
Nov 28 20:17:24 max area 0, length 426
Nov 28 20:17:24 no partition repair, no database overload
Nov 28 20:17:24 IS type 3, metric type 0
Nov 28 20:17:24 area address 99.0908 (1)
Nov 28 20:17:24 speaks CLNP
Nov 28 20:17:24 dyn hostname abc-core-01
Nov 28 20:17:24 IP address 10.10.134.11
Nov 28 20:17:24 IP prefix: 10.10.10.0/30 metric 1 up
Nov 28 20:17:24 IP prefix 10.10.10.0 255.255.255.252
Nov 28 20:17:24 internal, metrics: default 1
Nov 28 20:17:24 IP prefix 10.10.10.4 255.255.255.252
Nov 28 20:17:24 IP prefix 10.10.10.56 255.255.255.252
Nov 28 20:17:24 IP prefix 10.10.10.52 255.255.255.252
Nov 28 20:17:24 IP prefix 10.10.10.64 255.255.255.252
Nov 28 20:17:24 IP prefix 10.10.10.20 255.255.255.252
Nov 28 20:17:24 IP prefix 10.10.10.28 255.255.255.252
Nov 28 20:17:24 IP prefix 10.10.10.44 255.255.255.252
Nov 28 20:17:24 IS neighbors:
Nov 28 20:17:24 IS neighbor abc-core-02.00
Nov 28 20:17:24 IS neighbor abc-brdr-01.00
Nov 28 20:17:24 IS neighbor abc-core-02.00, metric: 1
Nov 28 20:17:24 IS neighbor abc-esr-02.00, metric: 5
Nov 28 20:17:24 IS neighbor abc-edge-03.00, metric: 5
Nov 28 20:17:24 IS neighbor abc-brdr-01.00, metric: 5


Nov 28 20:17:24 IP prefix 10.10.134.11 255.255.255.255
Nov 28 20:17:24 IP prefix 10.11.0.0 255.255.0.0
Nov 28 20:17:24 IP prefix 10.211.0.0 255.255.0.0
Nov 28 20:17:24 Updating LSP
Nov 28 20:17:24 Updating L2 LSP abc-core-01.00-00 in TED
Nov 28 20:17:24 Analyzing subtlv's for abc-core-02.00
Nov 28 20:17:24 Analysis complete
Nov 28 20:17:24 Analyzing subtlv's for abc-esr-02.00
Nov 28 20:17:24 Analyzing subtlv's for abc-edge-03.00
Nov 28 20:17:24 Analyzing subtlv's for abc-brdr-01.00
Nov 28 20:17:24 Scheduling L2 LSP abc-core-01.00-00 sequence 0x1c4f9 on
interface so-1/1/1.0

page 21
Displaying Sent or Received IS-IS Protocol Packets
To configure the tracing for only sent or received IS-IS protocol packets, follow these
steps:
1. Configure the flag to display sent, received, or both sent and received packets.

user@host# set flag hello send
or

user@host# set flag hello receive
or

user@host# set flag hello

IS-IS Feature Guide
user@host# show
For example:

user@host# show
flag hello send;
or

user@host# show
flag hello receive;
or

user@host# show
flag hello send receive;
user@host# commit
For example:

Sep 27 18:17:01 ISIS periodic xmit to 01:80:c2:00:00:15 (IFL 2)
Sep 27 18:17:06 ISIS L2 hello from 0000.0000.0008 (IFL 2) absorbed
Sep 27 18:17:06 ISIS L1 hello from 0000.0000.0008 (IFL 2) absorbed

page 21

PART 4
Configuration Statements and

Operational Commands
• Configuration Statements on page 447
• Operational Commands on page 599

IS-IS Feature Guide

CHAPTER 16
Configuration Statements
• admin-group on page 451

• authentication-key (Protocols IS-IS) on page 454
• authentication-key-chain (Protocols IS-IS) on page 455
• authentication-type (Protocols IS-IS) on page 456
• auto-bandwidth on page 457
• backup-spf-options (Protocols IS-IS) on page 461
• bfd-liveness-detection (Protocols IS-IS) on page 463
• checksum (Protocols IS-IS) on page 466
• clns-routing on page 467
• clns-updown-compatibility on page 468
• context-identifier (Protocols IS-IS) on page 469
• csnp-interval on page 470
• destination on page 471
• disable (Protocols IS-IS) on page 473
• disable (LDP Synchronization for IS-IS) on page 474
• export on page 475
• external-preference (Protocols IS-IS) on page 476
• family (Protocols IS-IS) on page 477
• flood-group (Protocols IS-IS) on page 478
• graceful-restart (Protocols IS-IS) on page 479
• hello-authentication-key on page 480
• hello-authentication-key-chain on page 481
• hello-authentication-type on page 482
• hello-interval (Protocols IS-IS) on page 484
• hello-padding on page 486
• hold-time (Protocols IS-IS) on page 488

IS-IS Feature Guide
• hold-time (LDP Synchronization for IS-IS) on page 490

• ignore-attached-bit on page 491
• ignore-lsp-metrics (Protocols IS-IS) on page 492
• import (Protocols IS-IS) on page 493
• interface (Protocols IS-IS) on page 494
• interface-group-holddown-delay on page 496
• interface (Protocols ISIS) on page 497
• ipv4-multicast on page 501
• ipv4-multicast-metric on page 502
• ipv6-multicast on page 503
• ipv6-multicast-metric on page 504
• ipv6-unicast on page 505
• ipv6-unicast-metric on page 506
• isis on page 507
• label-switched-path (Protocols IS-IS) on page 508
• layer2-map on page 509
• ldp-synchronization on page 510
• level (Global IS-IS) on page 511
• level (IS-IS Interfaces) on page 513
• link-group-protection (Protocols IS-IS) on page 514
• link-protection (Protocols IS-IS) on page 515
• loose-authentication-check on page 516
• lsp-equal-cost on page 517
• lsp-interval on page 518
• lsp-lifetime on page 520
• max-areas on page 522
• max-hello-size on page 523
• max-lsp-size on page 524
• max-snp-size on page 525
• mesh-group (Protocols IS-IS) on page 526
• metric (Protocols IS-IS) on page 527
• multicast-rpf-routes on page 528
• multipath (Protocols IS-IS) on page 529
• multipath (SPF Options) on page 530
• no-adjacency-down-notification (Protocols IS-IS) on page 531
• no-adjacency-holddown on page 532
• no-authentication-check (Protocols IS-IS) on page 533

Chapter 16: Configuration Statements
• no-advertise-adjacency-segment (Protocols IS-IS) on page 534

• no-csnp-authentication on page 535
• node on page 536
• node-segment (Protocols IS-IS) on page 538
• node-tag on page 540
• node-link-protection (Protocols IS-IS) on page 542
• no-eligible-backup (Protocols IS-IS) on page 543
• no-hello-authentication on page 545
• no-ipv4-multicast on page 546
• no-ipv4-routing on page 547
• no-ipv6-multicast on page 548
• no-ipv6-routing on page 549
• no-ipv6-unicast on page 550
• no-psnp-authentication on page 551
• no-unicast-topology on page 552
• overload (Protocols IS-IS) on page 553
• passive (Protocols IS-IS) on page 556
• per-interface-per-member-link on page 558
• point-to-point on page 560
• preference (Protocols IS-IS) on page 562
• prefix-export-limit (Protocols IS-IS) on page 563
• priority (Protocols IS-IS) on page 565
• protocols on page 566
• purge-originator on page 569
• reference-bandwidth (Protocols IS-IS) on page 570
• rib-group (Protocols IS-IS) on page 572
• routing-instances (Multiple Routing Entities) on page 573
• sensor-based-stats (Protocols IS-IS) on page 574
• shortcuts (Protocols IS-IS) on page 575
• spf-options (Protocols IS-IS) on page 576
• static-host-mapping on page 578

IS-IS Feature Guide
• source-packet-routing-disable (Protocols IS-IS) on page 579

• te-metric (Protocols IS-IS) on page 583
• topologies (Protocols IS-IS) on page 584
• traceoptions (Protocols IS-IS) on page 585
• traffic-engineering (Protocols IS-IS) on page 588
• traffic-statistics on page 592
• update-threshold-max-reservable on page 593
• use-source-packet-routing (Protocols IS-IS) on page 594
• wide-metrics-only on page 597

admin-group
Syntax admin-group {
exclude [ group-name ];
include-all [ group-name ];
include-any [ group-name ];
preference [ group-name ];
}
Hierarchy Level [edit logical-systems logical-system-name routing-options backup-selection destination

prefix interface interface name],
[edit logical-systems logical-system-name routing-instances instance-name routing-options
backup-selection destination prefix interface interface-name],
[edit routing-instances instance-name routing-options backup-selection destination prefix
interface interface-name],
[edit routing-options backup-selection destination prefix interface interface name]
Release Information Statement introduced in Junos OS Release 14.1.
Description Define the administrative groups criteria for the selection of the backup path.
NOTE: Configure group names of admin-group under the [edit protocols

mpls] hierarchy level.
Options exclude [ group-name ]— Specify the administrative groups to be excluded. The backup
path is not selected as the loop-free alternate (LFA) or backup next hop if any of
the links in the path have any one of the listed administrative groups.
group-name— Name of one or more admin-group defined under the [edit protocols
include-all [ group-name ]— Require each link in the backup path to have all the listed
administrative groups in order to accept the path.
include-any [ group-name ]— Require each link in the backup path to have at least one
of the listed administrative groups in order to select the path.

IS-IS Feature Guide
preference [ group-name ]— Define an ordered set of administrative groups that specifies

the preference of the backup path. The leftmost element in the set is given the highest
preference.
Required Privilege routing—To view this statement in the configuration.

Level routing-control—To add this statement to the configuration.

Documentation
• Configuring Backup Selection Policy for IS-IS Protocol
• Understanding Backup Selection Policy for OSPF Protocol
• interface on page 497

adjacency-segment
Syntax adjacency-segment {
hold-time hold-time;
}
Hierarchy Level [edit logical-systems name protocols isis source-packet-routing],

[edit logical-systems name routing-instances name protocols isis source-packet-routing],
[edit protocols isis source-packet-routing],
[edit routing-instances name protocols isis source-packet-routing],
[edit logical-systems name protocols ospf source-packet-routing],
[edit logical-systems name routing-instances name protocols ospf source-packet-routing],
[edit logical-systems name tenants name routing-instances name protocols ospf
source-packet-routing],
[edit protocols ospf source-packet-routing],
[edit routing-instances name protocols ospf source-packet-routing]
Release Information Statement introduced in Junos OS Release 17.2R1 for MX Series routers, PTX Series
routers, QFX5100 switches, and QFX10000 switches.
Statement introduced in Junos OS Release 17.3R1 for QFX5110 and QFX5200 switches.
Description Configure attributes for adjacency segments in source packet routing in networking
(SPRING), or configure segment routing (SR) to ensure that the adjacency segment
identifiers are retained during adjacency or link flaps. The adjacency segments are not
released immediately and are retained for the configured hold time duration.
Options hold-time—Duration, in milliseconds, to retain adjacency segments after isolating from

an interface.
Range: 180,000 through 900,000



IS-IS Feature Guide
authentication-key (Protocols IS-IS)
Syntax authentication-key key;
Hierarchy Level [edit logical-systems logical-system-name protocols isis level level-number],

[edit logical-systems logical-system-name routing-instances routing-instance-name protocols
isis level level-number],
[edit protocols isis level level-number],
[edit routing-instances routing-instance-name protocols isis level level-number]
Release Information Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.
Statement introduced in Junos OS Release 12.1 for the QFX Series.
Statement introduced in Junos OS Release 14.1X53-D20 for the OCX Series.
Description Authentication key (password). Neighboring routing devices use the password to verify
the authenticity of packets sent from this interface. For the key to work, you also must
include the authentication-type statement.
All routing devices must use the same password. If you are using the Junos OS IS-IS
software with another implementation of IS-IS, the other implementation must be
configured to use the same password for the domain, the area, and all interfaces adjacent
to the Juniper Networks routing device.
Default If you do not include this statement and the authentication-type statement, IS-IS
authentication is disabled.
Options key—Authentication password. The password can be up to 1024 characters long.

Characters can include any ASCII strings. If you include spaces, enclose all characters
in quotation marks (“ ”).
CAUTION: A simple password for authentication is truncated if it exceeds

254 characters.


Documentation

authentication-key-chain (Protocols IS-IS)
Syntax authentication-key-chain key-chain-name;
Hierarchy Level [edit logical-systems name protocols isis level level-number],

[edit logical-systems name routing-instances instance-name protocols isis level level-number],
[edit routing-instances instance-name protocols isis level level-number]

Description Apply and enable an authentication keychain to the routing device.
Options key-chain—Authentication keychain name. It can be up to 126 characters. Characters can

include any ASCII strings. If you include spaces, enclose all characters in quotation
marks (“ ”).

Related • Example: Configuring Hitless Authentication Key Rollover for IS-IS on page 36
Documentation
• Example: Configuring Router Authentication for BGP
• Example: Configuring BFD Authentication for Securing Static Routes
• Configuring the Authentication Key Update Mechanism for BGP and LDP Routing Protocols

IS-IS Feature Guide
authentication-type (Protocols IS-IS)
Syntax authentication-type authentication;


Description Enable authentication and specify the authentication scheme for IS-IS. If you enable
authentication, you must specify a password by including the authentication-key
statement.
Default If you do not include this statement and the authentication-key statement, IS-IS
authentication is disabled.
Options authentication—Authentication scheme:
• md5—Use HMAC authentication in combination with MD5. HMAC-MD5 authentication

is defined in RFC 2104, HMAC: Keyed-Hashing for Message Authentication.
• simple—Use a simple password for authentication. The password is included in the

transmitted packet, making this method of authentication relatively insecure. We
recommend that you not use this authentication method.

Related • authentication-key on page 454

Documentation
• no-authentication-check on page 533

auto-bandwidth
Syntax auto-bandwidth {
template name {
adjust-interval adjust-interval;
adjust-threshold adjust-threshold;
auto-bandwidth-subscription auto-bandwidth-subscription;
statistic-collection-interval statistic-collection-interval;
}
traceoptions {
file filename <files files> <size size> <(world-readable | no-world-readable)>;
flag (all | state | timer) {
detail detail;
disable disable;
receive receive;
send send;
}
}
}
Hierarchy Level [edit logical-systems name routing-instances name routing-options],

[edit logical-systems name routing-options],
[edit routing-instances name routing-options],
Release Information Statement introduced in Junos OS Release 17.3R1 for MX Series and PTX Series.
Description Configure an auto-bandwidth template to define parameters that measure the available
bandwidth and periodically trigger updates to RSVP and IGP. You can configure this
option both at the IS-IS protocol level or at the IS-IS interface level.
Traffic samples are collected periodically at each statistics interval and the average
SPRING bandwidth utilization is calculated. If this average value increases beyond the
configured adjust threshold percentage, that is the last reported SPRING bandwidth,
then RSVP adjusts the subscription percentage accordingly. which might cause RSVP
LSP preemption, IGP updates, and further re-routing of RSVP LSPs. However, if the
SPRING bandwidth utilization drops below the configured threshold, the RSVP
subscription percentage is modified to reflect the increase. You can configure parameters
such as the threshold, the collection interval, and the adjust interval as per your
requirements.
CAUTION: Configure the adjust-interval and statistics-interval options

appropriately to avoid scaling issues. You can fine tune these values based
on route and label-switched path (LSP) scale.

IS-IS Feature Guide
Options template name— Specify an auto-bandwidth template name with a maximum length
of 64 characters.
adjust-interval— Specify the time interval after which the average bandwidth utilization
is measured.
Range: 30 through 3600 seconds
Default: 900 seconds
adjust-threshold— Specify the percentage change threshold after which an action is

triggered.
Range: 0 through 100 percent
Default: 10 percent
auto-bandwidth-subscription— Specify the threshold for RSVP subscription in

percentage.
Range: 0 through 200 percent
Default: 100 percent
statistic-collection-interval— Specify the time interval after which the traffic statistics
is collected from the line cards.
Default: 60 seconds

Related • traffic-statistics on page 592

Documentation

backup-selection (Protocols ISIS)
Syntax backup-selection {
destination prefix {
interface (interface-name| all){
admin-group {
}
dest-metric (highest | lowest);
downstream-paths-only;
metric-order [ root dest ];
node {
exclude [ node-address ];
preference [ node-address ];
}
node-tag {
exclude [ route-tag ];
preference [ route-tag ];
}
protection-type (link | node | node-link);
root-metric (highest | lowest);
srlg (loose | strict);
evaluation-order [ admin-group srlg bandwidth protection-type node node-tag metric
];
}
}
}
Hierarchy Level [edit logical-systems logical-system-name routing-options],

[edit logical-systems logical-system-name routing-instances instance-name routing-options],
[edit routing-instances instance-name routing-options],
Description Define backup selection policies, per prefix per primary next-hop interface, to enforce
loop-free alternate (LFA) selection based on admin-group, srlg, bandwidth,
protection-type, node, node-tag, and metric attributes of the backup path.
The remaining statements are explained separately. See CLI Explorer.


IS-IS Feature Guide

Documentation
• Example: Configuring Backup Selection Policy for IS-IS Protocol on page 50

backup-spf-options (Protocols IS-IS)
Syntax backup-spf options {

node-link-degradation;
per-prefix-calculation;
use-source-packet-routing;
}
Hierarchy Level [edit logical-systems logical-system-name protocols isis],

isis],
[edit protocols isis],
[edit routing-instances routing-instance-name protocols isis]
Release Information Statement introduced in Junos OS Release 11.4R3.

node-link-degradation option added in Junos OS Release 14.2.
use-source-packet-routing option introduced in Junos OS Release 16.2R1 for MX Series
and PTX Series routers.
Support for this option introduced in Junos OS Release 17.2R1 for QFX5100 and QFX10000
switches.
Support for remote-backup-calculation option introduced in Junos OS Release 18.2R1 for
QFX5100, QFX5110, and QFX5200 switches.
Description Configure options for running the shortest-path-first (SPF) algorithm for backup next
hops for protected interfaces. Use these options to override the default behavior of having
Junos OS calculate backup paths for all the topologies in an instance when at least one
interface is configured with link protection or node-link protection.
This configuration option is used in conjunction with the node-link-protection statement

to compute per-prefix loop-free alternate routes (LFAs).
Options node-link-degradation—Degrade an interface from node-link to link protection in case

no node protection LFA route is found for a given destination node.
per-prefix-calculation—Calculate backup next hops for non-best prefix originators.
The remaining statements are explained separately.

Level routing-control-level—To add this statement to the configuration.
Related • Example: Configuring MPLS Egress Protection for Layer 3 VPN Services
Documentation
• Example: Configuring Layer 3 VPN Egress Protection with RSVP and LDP
• link-protection

IS-IS Feature Guide
• node-link-protection

bfd-liveness-detection (Protocols IS-IS)
Syntax bfd-liveness-detection {
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
threshold milliseconds;
}
minimum-interval milliseconds;
minimum-receive-interval milliseconds;
multiplier number;
no-adaptation;
transmit-interval {
}
version (1 | automatic);
}
Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name],

isis interface interface-name],
[edit protocols isis interface interface-name],
[edit protocols isis interface interface-name family inet|inet6],
[edit routing-instances routing-instance-name protocols isis interface interface-name]

detection-time threshold and transmit-interval threshold options added in Junos OS
Release 8.2.
Support for logical systems introduced in Junos OS Release 8.3.
no-adaptation statement introduced in Junos OS Release 9.0.
authentication algorithm, authentication key-chain, and authentication loose-check options
introduced in Junos OS Release 9.6.
Description Configure bidirectional failure detection timers and authentication.
NOTE: Starting with Junos OS Release 16.1, you can configure IS-IS BFD
sessions for the IPv6 address family. Therefore, this configuration statement
is also available under the [edit protocols isis interface interface-name family
inet|inet6] hierarchy level.

IS-IS Feature Guide
The BFD failure detection timers are adaptive and can be adjusted to be faster or slower.
For example, the timers can adapt to a higher value if the adjacency fails, or a neighbor
can negotiate a higher value for a timer than the configured value. The timers adapt to
a higher value when a BFD session flap occurs more than three times in a span of 15
seconds. A back-off algorithm increases the receive (RX) interval by two if the local BFD
instance is the reason for the session flap. The transmission (TX) interval is increased by
two if the remote BFD instance is the reason for the session flap.
You can use the clear bfd adaptation command to return BFD interval timers to their
configured values. The clear bfd adaptation command does not affect traffic flow on the
routing device.

Options authentication algorithm algorithm-name —Configure the algorithm used to authenticate

the specified BFD session: simple-password, keyed-md5, keyed-sha-1,
meticulous-keyed-md5, meticulous-keyed-sha-1.
authentication key-chain key-chain-name—Associate a security key with the specified

BFD session using the name of the security keychain. The name you specify must
match one of the keychains configured in the authentication-key-chains key-chain
statement at the [edit security] hierarchy level.
authentication loose-check—(Optional) Configure loose authentication checking on the

BFD session. Use only for transitional periods when authentication might not be
configured at both ends of the BFD session.
detection-time threshold milliseconds—Configure a threshold for the adaptation of the

BFD session detection time. When the detection time adapts to a value equal to or
greater than the threshold, a single trap and a single system log message are sent.
minimum-interval milliseconds—Configure the minimum interval after which the local

routing device transmits a hello packet and then expects to receive a reply from the
neighbor with which it has established a BFD session. Optionally, instead of using
this statement, you can specify the minimum transmit and receive intervals separately
using the transmit-interval minimum-interval and minimum-receive-interval
statements.
Range: 1 through 255,000
minimum-receive-interval milliseconds—Configure the minimum interval after which the

local routing device expects to receive a reply from a neighbor with which it has
established a BFD session. Optionally, instead of using this statement, you can
configure the minimum receive interval using the minimum-interval statement.
multiplier number—Configure the number of hello packets not received by a neighbor

that causes the originating interface to be declared down.
Range: 1 through 255
Default: 3
no-adaptation—Specify that BFD sessions not adapt to changing network conditions.

We recommend that you not disable BFD adaptation unless it is preferable not to
have BFD adaptation enabled in your network.
transmit-interval threshold milliseconds—Configure the threshold for the adaptation of

the BFD session transmit interval. When the transmit interval adapts to a value
greater than the threshold, a single trap and a single system message are sent. The
interval threshold must be greater than the minimum transmit interval.
32
Range: 0 through 4,294,967,295 (2 – 1)
transmit-interval minimum-interval milliseconds—Configure a minimum interval after

which the local routing device transmits hello packets to a neighbor. Optionally,
instead of using this statement, you can configure the minimum transmit interval
using the minimum-interval statement.

IS-IS Feature Guide
version—Configure the BFD version to detect: 1 (BFD version 1) or automatic (autodetect

the BFD version)
Default: automatic

Related • Example: Configuring BFD for IS-IS on page 129

Documentation
checksum (Protocols IS-IS)
Syntax checksum;


Description Enable checksums for packets on this interface.
Junos OS supports IS-IS checksums as documented in RFC 3358, Optional Checksums

in Intermediate System to Intermediate System (ISIS).
The checksum cannot be enabled with MD5 hello authentication on the same interface.


clns-routing
Syntax clns-routing;
Hierarchy Level [edit protocols isis],


Statement introduced in Junos OS Release 11.2 for MX Series routers.
Description Enable IS-IS to exchange Connectionless Network Service (CLNS) routes. CLNS is a
Layer 3 protocol, similar to IPv4. CLNS uses network service access points (NSAPs) to
address end systems and intermediate systems.

Related • Example: Configuring IS-IS for CLNS on page 379

Documentation
• Example: Configuring Static Routes for CLNS When No IGP is Present
• Example: Configuring BGP for CLNS VPNs
• Understanding BGP for CLNS VPNs
• Understanding Static Routes for CLNS

IS-IS Feature Guide
clns-updown-compatibility
Syntax clns-updown-compatibility;

isis],
Release Information Statement introduced in Junos OS Release 11.4R7.
Description When you enable IS-IS to exchange Connectionless Network Service (CLNS) routes,
Junos OS sets the reserved (R) bit in the default metric field inside type, length, and value
(TLV) type-3 (ES-Neighbor) as a marker for routing loop prevention. Junos OS uses the
up/down bit for marking prefixes on the Level 2-to-Level 1 boundary as being propagated
Down, such that any router in that area never propagates it Up on a Level 1-to-Level 2
boundary. For detailed information about how this works in IP routing environments, see
RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS.
Some other vendors’ platforms might not support up/down bit setting in CLNS route
TLVs. If one of these vendors’ platforms receives this TLV with the R bit set, the platform
discards the information.
When you use the clns-updown-compatibility statement in the IS-IS configuration, the
R bit is set to 0, and the issue is resolved. The clns-updown-compatibility statement
causes Junos OS to use the Internal/External metric-type bit in the TLV header instead
of using the R bit as the up/down bit marker. This has the advantage that older end
system (ES) equipment does not receive TLV headers with the R bit set.
CAUTION: Not using the R bit can lead to potential routing loops. You can
use the site-of-origin (SoO) extended community to prevent a looped BGP
update from being injected back to IS-IS when received from a remote provider
edge (PE) device. The receiving PE device can check against the SoO
community, and if the value matches its own, the NLRI is not accepted.

Related • Example: Configuring IS-IS for CLNS on page 379

Documentation
• Example: Configuring Static Routes for CLNS When No IGP is Present
• Example: Configuring BGP for CLNS VPNs

• Understanding BGP for CLNS VPNs
• Understanding Static Routes for CLNS
context-identifier (Protocols IS-IS)
Syntax context-identifier identifier;

Description Configure IS-IS context identifier information.
Options identifier—IPv4 address that defines a protection pair. The context identifier is manually
configured on both primary and protector PEs.

Related • show isis context-identifier on page 665

Documentation

IS-IS Feature Guide
csnp-interval
Syntax csnp-interval (seconds | disable);


Description Configure the interval between complete sequence number PDUs (CSNPs) on a LAN
interface.
If the routing device is the designated router on a LAN, IS-IS sends CSN packets every
10 seconds.
NOTE: The csnp-interval statement is effective only when configured on LAN

interfaces.
To configure the interface not to send any CSNPs, specify the disable option.
Default By default, IS-IS sends CSNPs periodically. If the routing device is the designated router
on a LAN, IS-IS sends CSNPs every 10 seconds.
Options disable—Do not send CSNPs on this interface.
seconds—Number of seconds between the sending of CSNPs.

Range: 1 through 65,535 seconds
Default: 10 seconds on LAN broadcast links


destination
Syntax destination prefix {

interface (interface-name |all) {
admin-group {
}
downstream-paths-only ;
evaluation-order [ admin-group srlg bandwidth protection-type neighbor neighbor-tag
metric ];
node {
exclude [ neighbor-address ];
preference [ neighbor-address ];
}
node-tag {
}
protection-type (link |node | node-link);
root-metric (highest | lowest) ;
srlg (loose |strict);
}
}
Hierarchy Level [edit logical-systems logical-system-name routing-options backup-selection],

backup-selection],
[edit routing-instances instance-name routing-options backup-selection],
[edit routing-options backup-selection]
Description Define the backup selection policy for a particular destination prefix or for all the prefixes.
Options prefix— Destination prefix name and prefix length. You can specify 0/0 for the IPv4
least-specific prefix or 0::0/0 for the IPv6 least-specific prefix.


IS-IS Feature Guide

Documentation

disable (Protocols IS-IS)
Syntax disable;

[edit logical-systems logical-system-name protocols isis interface interface-name],
[edit logical-systems logical-system-name protocols isis interface interface-name level
level-number],
[edit logical-systems logical-system-name protocols isis traffic-engineering],
isis],
[edit logical-systems logical-system-name routing-instances routing-instance-name
protocols isis interface interface-name level level-number],
isis traffic-engineering],
[edit protocols isis interface interface-name level level-number],
[edit protocols isis traffic-engineering],
[edit routing-instances routing-instance-name protocols isis],
[edit routing-instances routing-instance-name protocols isis interface interface-name],
[edit routing-instances routing-instance-name protocols isis interface interface-name level
level-number],
[edit routing-instances routing-instance-name protocols isis traffic-engineering]

Description Disable IS-IS on the routing device, on an interface, or on a level.
At the [edit protocols isis traffic-engineering] hierarchy level, disable IS-IS support for
traffic engineering.
Enabling IS-IS on an interface (by including the interface statement at the [edit protocols
isis] or the [edit routing-instances routing-instance-name protocols isis] hierarchy level),
disabling it (by including the disable statement), and not actually having IS-IS run on an
interface (by including the passive statement) are mutually exclusive states.
Default IS-IS is enabled for Level 1 and Level 2 routers on all interfaces on which family iso is
enabled.
IS-IS support for traffic engineering is enabled.

IS-IS Feature Guide


• IS-IS Overview on page 3
disable (LDP Synchronization for IS-IS)
Syntax disable;
Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name

ldp-synchronization],
isis interface interface-name ldp-synchronization],
[edit protocols isis interface interface-name ldp-synchronization],
[edit routing-instances routing-instance-name protocols isis interface interface-name
ldp-synchronization]
Description Disable LDP synchronization for IS-IS.

Related • Understanding LDP-IGP Synchronization on page 275

Documentation

export
Syntax export [ policy-names ];

isis],

Description Apply one or more policies to routes being exported from the routing table into IS-IS.
All routing protocols store the routes that they learn in the routing table. The routing table
uses this collected route information to determine the active routes to destinations. The
routing table then installs the active routes into its forwarding table and exports them
into the routing protocols. It is these exported routes that the protocols advertise.
For each protocol, you control which routes the protocol stores in the routing table and
which routes the routing table exports into the protocol from the routing table by defining
a routing policy for that protocol.
NOTE: For IS-IS, you cannot apply routing policies that affect how routes are
imported into the routing table; doing so with a link-state protocol can easily
lead to an inconsistent topology database.
Options policy-names—Name of one or more policies.

Related
Documentation

IS-IS Feature Guide
external-preference (Protocols IS-IS)
Syntax external-preference preference;


Description Configure the preference of external routes.
Options preference—Preference value.

32
Range: 0 through 4,294,967,295 (2 – 1)
Default: 15 (for Level 1 internal routes), 18 (for Level 2 internal routes), 160 (for Level 1
external routes), 165 (for Level 2 external routes)

Related • Route Preferences Overview

Documentation


• preference on page 562

family (Protocols IS-IS)
Syntax family inet {

shortcuts {
multicast-rpf-routes;
}
}
family inet-mpls {
shortcuts;
}
family inet6 {
shortcuts;
}
family inet6-mpls {
shortcuts;
}
Hierarchy Level [edit logical-systems logical-system-name protocols isis traffic-engineering],


Support for IPv6 for IGP shortcuts introduced in Junos OS Release 9.3.
Support for inet-mpls and inet6-mpls statements introduced in Junos OS Release 17.2
for the MX Series routers, PTX Series routers, QFX5100, and QFX10000 switches.
Description Configure the address family for traffic engineering IS-IS interior gateway protocol (IGP)
shortcuts.
Options inet—IPv4 address family
inet-mpls—IPv4-MPLS address family
inet6—IPv6 address family
inet6-mpls—IPv6-MPLS address family


IS-IS Feature Guide
flood-group (Protocols IS-IS)
Syntax flood-group;

Description IS-IS supports flood-group. This feature limits link-state packet data unit (PDU) flooding
over IS-IS interfaces.


graceful-restart (Protocols IS-IS)
Syntax graceful-restart {
disable;
helper-disable;
restart-duration seconds;
}


Description Configure graceful restart parameters for IS-IS.
Graceful restart allows a routing device to restart with minimal effects to the network,
and is enabled for all routing protocols at the [edit routing-options] hierarchy level. When
graceful restart is enabled, the restarting routing device is not removed from the network
topology during the restart period. The adjacencies are reestablished after restart is
complete.
On LAN interfaces where IS-IS is configured on a transit router that serves as the
designated router (DR), a graceful restart causes:
• The ingress router of the label-switched path (LSP), which passes through the DR, to
break the LSP.
• The ingress router to re-signal the LSP.
Options disable—Disable graceful restart for IS-IS.
helper-disable—Disable graceful restart helper capability. Helper mode is enabled by

default.
restart-duration seconds—Time period for the restart to last, in seconds.

Default: 30 seconds

Related • Configuring Routing Protocols Graceful Restart

Documentation

IS-IS Feature Guide
hello-authentication-key
Syntax hello-authentication-key password;
Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name level
number],
isis interface interface-name level number],
[edit protocols isis interface interface-name level number],
number]

Description Configure an authentication key (password) for hello packets. Neighboring routing devices
use the password to verify the authenticity of packets sent from an interface. For the key
to work, you also must include the hello-authentication-type statement.
Default By default, hello authentication is not configured on an interface. However, if IS-IS

authentication is configured, the hello packets are authenticated using the IS-IS
authentication type and password.
Options password—Authentication password. The password can be up to 255 characters.

Characters can include any ASCII strings. If you include spaces, enclose all characters
in quotation marks (“ ”).


Documentation
• authentication-type on page 456

hello-authentication-key-chain
Syntax hello-authentication-key-chain key-chain-name;
Hierarchy Level [edit logical-systems name protocols isis interface interface-name level level-number],
[edit logical-systems name routing-instances instance-name protocols isis interface
interface-name level level-number],
[edit routing-instances instance-name protocols isis interface interface-name level
level-number]

Description Apply an authentication keychain to the IS-IS interface.
Options key-chain-name—Authentication keychain name. It can be up to 126 characters. Characters

can include any ASCII strings. If you include spaces, enclose all characters in quotation
marks (“ ”).


Documentation

IS-IS Feature Guide
hello-authentication-type
Syntax hello-authentication-type (md5 | simple);
number],
isis interface interface-name level number],
[edit protocols isis interface interface-name level number],
number]

Description Enable authentication on an interface for hello packets. If you enable authentication on
hello packets, you must specify a password by including the hello-authentication-key
statement.
You can configure authentication for a given IS-IS level on an interface. On a point-to-point
link, if you enable hello authentication for both IS-IS levels, the password configured for
Level 1 is used for both levels.
CAUTION: If no authentication is configured for Level 1 on a point-to-point

link with both levels enabled, the hello packets are sent without any password,
regardless of the Level 2 authentication configurations.
Default By default, hello authentication is not configured on an interface. However, if IS-IS

authentication is configured, the hello packets are authenticated using the IS-IS
authentication type and password.
Options md5—Specifies Message Digest 5 as the packet verification type.
simple—Specifies simple authentication as the packet verification type.


Documentation
• authentication-type on page 456

• hello-authentication-key on page 480

IS-IS Feature Guide
hello-interval (Protocols IS-IS)
Syntax hello-interval seconds;
level-number],
isis interface interface-name level level-number],
level-number]

Description Modify the frequency with which the routing device sends hello packets out of an interface,
in seconds.
Routing devices send hello packets at a fixed interval on all interfaces to establish and
maintain neighbor relationships. This interval is advertised in the hello interval field in the
hello packet.
You can send out hello packets in subsecond intervals. To send out hello packets every
333 milliseconds, set the hold-time value to 1.
Options seconds—Frequency of transmission for hello packets.

Default: 3 seconds (for designated intermediate system [DIS] routers), 9 seconds (for
non-DIS routers)
NOTE: When elected as a designated intermediate system [DIS] router on

any LAN adjacency, the hello and hold-timer intervals are scaled down by a
factor of 3. This means the default values of 9 and 27 seconds of ISIS hello
and hold time intervals are scaled down to 3 and 9 seconds for LAN
adjacencies. During switchovers, this hello interval is too short to form LAN
adjacencies. Therefore, you can configure one of the following solutions:
• Set the hello and hold time interval for LAN adjacencies to 30 seconds and
90 seconds respectively on both the DIS and a neighboring router.
• Convert the LAN interfaces to point-to-point IS-IS interfaces.

BEST PRACTICE: On QFX10000 switches, we strongly recommend that you

configure all IS-IS interfaces, including peer interfaces, as point-to-point
interfaces. If you do not, you might experience session flaps, that is, IS-IS
sessions that go down and then come back up, when IS-IS is configured in
virtual routing and forwarding (VRF) instances. When you scale IS-IS in any
scenario, you might also experience scaling issues if you do not configure
IS-IS interfaces as point-to-point interfaces.

Related • hold-time on page 490

Documentation

IS-IS Feature Guide
hello-padding
Syntax hello-padding (adaptive | loose | strict);


Description Configure padding on hello packets to accommodate asymmetrical maximum transfer

units (MTUs) from different hosts.
This helps to prevent a premature adjacency Up state when one routing device’s MTU
does not meet the requirements to establish the adjacency.
As an OSI Layer 2 protocol, IS-IS does not support data fragmentation. Therefore,
maximum packet sizes must be established and supported between two routers. During
adjacency establishment, the IS-IS protocol makes sure that the link supports a packet
size of 1492 bytes by padding outgoing hello packets up to the maximum packet size of
1492 bytes.
This is the default behavior of the Junos OS IS-IS implementation. However, Junos OS
provides an option to disable hello padding that can override this behavior.
There are four types of hello padding:
• Adaptive padding—On point-to-point connections, the hello packets are padded from
the initial detection of a new neighbor until the neighbor verifies the adjacency as Up
in the adjacency state type, length, and value (TLV) tuple. If the neighbor does not
support the adjacency state TLV, then padding continues. On LAN connections, padding
starts from the initial detection of a new neighbor until there is at least one active
adjacency on the interface. Adaptive padding has more overhead than loose padding
and is able to detect MTU asymmetry from one side of the connection. This one-sided
detection can result in generation of extra link-state PDUs that are flooded throughout
the network. Specify the adaptive option to configure enough padding to establish an
adjacency to neighbors.
• Disabled padding—Padding is disabled on all types of interfaces for all adjacency

states. Specify the disable option to accommodate interfaces that support less than
the default packet size of 1492 bytes.
• Loose padding (the default)—The hello packet is padded from the initial detection of
a new neighbor until the adjacency transitions to the Up state. Loose padding might

not be able to detect certain situations such as asymmetrical MTUs between the
routing devices. Specify the loose option to configure enough padding to initialize an
adjacency to neighbors.
• Strict padding—Padding is done on all interface types and for all adjacency states, and
is continuous. Strict padding has the most overhead. The advantage is that strict
padding detects MTU issues on both sides of a link. Specify the strict option to configure
padding to allow all adjacency states with neighbors.
Options adaptive—Configure padding until the neighbor adjacency is established and active.
disable—Disable padding on all types of interfaces for all adjacency states.
loose—Configure padding until the state of the adjacency is initialized.
strict—Configure padding for all adjacency states.


IS-IS Feature Guide
hold-time (Protocols IS-IS)
Syntax hold-time seconds;
level-number],
level-number]

Description Set the length of time a neighbor considers this router to be operative (up) after receiving
a hello packet. If the neighbor does not receive another hello packet within the specified
time, it marks this routing device as inoperative (down). The hold time itself is advertised
in the hello packets.
The hold time specifies how long a neighbor should consider this routing device to be
operative without receiving another hello packet. If the neighbor does not receive a hello
packet from this routing device within the hold time, it marks the routing device as being
unavailable.
For systems configured with graceful routing switchover (GRES) with Graceful Restart,
the hold time for Master and Backup Routing Engines should be set to a value higher
than 40 seconds. This ensures that adjacencies between the Routing Engine and the
neighboring peer 'helper' routers do not time out, stopping graceful restart, and all traffic.
Options seconds—Hold-time value, in seconds.

Range: 3 through 65,535 seconds, or 1 to send out hello packets every 333 milliseconds
Default: 9 seconds (for designated intermediate system [DIS] routers), 27 seconds (for
non-DIS routers; three times the default hello interval)
NOTE: When elected as a designated intermediate system [DIS] router on

any LAN adjacency, the hello and hold-timer intervals are scaled down by a
factor of 3. This means the default values of 9 and 27 seconds of ISIS hello
and hold time intervals are scaled down to 3 and 9 seconds for LAN
adjacencies. During switchovers, this hold time is too short to form LAN
adjacencies. Therefore, you can configure one of the following solutions:
• Set the hello and hold time interval for LAN adjacencies to 30 seconds and
90 seconds respectively on both the DIS router and a neighboring router.

• Convert the LAN interfaces to point-to-point IS-IS interfaces.


Related • Configuring Graceful Routing Engine Switchover

Documentation
• Example: Configuring IS-IS for GRES with Graceful Restart
• Understanding IS-IS Configuration on page 13
• hello-interval on page 484

IS-IS Feature Guide
hold-time (LDP Synchronization for IS-IS)
Syntax hold-time seconds;
Hierarchy Level [edit logical-systems logical-system-name protocols isis interface interface-name

ldp-synchronization],
isis interface interface-name ldp-synchronization],
[edit protocols isis interface interface-name ldp-synchronization],
[edit routing-instances routing-instance-name protocols isis interface interface-name
ldp-synchronization]
Description Configure the time period to advertise the maximum cost metric for a link that is not fully
operational.
NOTE: When an interface has been in the holddown state for more than
3 minutes, a system log message with a warning level is sent. This message
appears in both the messages file and the trace file.
Options seconds—Hold-time value, in seconds.

Default: Infinity

Related • Example: Configuring Synchronization Between IS-IS and LDP on page 277
Documentation

ignore-attached-bit
Syntax ignore-attached-bit;

isis],

Description Ignore the attached bit on IS-IS Level 1 routers. Configuring this statement enables the
routing device to ignore the attached bit on incoming Level 1 link-state PDUs. If the
attached bit is ignored, no default route, which points to the routing device which has set
the attached bit, is installed.
There might be times, such as during a denial-of-service (DoS) attack, that you do not
want a Level 1 router to be able to forward traffic based on a default route.
To prevent a routing device from being able to reach interarea destinations, you can
prevent the routing device from installing the default route without affecting the status
of its IS-IS adjacencies. The ignore-attached-bit statement is used to tell the routing
device to ignore the presence of the attached bit in Level 1 link-state PDUs, which blocks
the installation of the IS-IS default route.
Default The ignore-attached-bit statement is disabled by default.


IS-IS Feature Guide
ignore-lsp-metrics (Protocols IS-IS)
Syntax ignore-lsp-metrics;

Description Ignore the metrics for RSVP label-switched paths (LSPs) in IS-IS traffic engineering
shortcut calculations or when you configure LDP over RSVP LSPs.
If you are using RSVP for traffic engineering, you can run LDP simultaneously to eliminate
the distribution of external routes in the core. The LSPs established by LDP are tunneled
through the LSPs established by RSVP. LDP effectively treats the traffic-engineered LSPs
as single hops. Ignoring the metric of RSVP LSPs avoids mutual dependency between
IS-IS and RSVP, eliminating the time period when the RSVP metric used for tunneling
traffic is not up to date.

Related • Example: Enabling IS-IS Traffic Engineering Support on page 248

Documentation
• Example: Advertising Label-Switched Paths into IS-IS on page 263
• shortcuts on page 575

import (Protocols IS-IS)
Syntax import [ policy-names ];

isis],
Description Apply one or more routing policies to routes being imported into the Junos OS routing
table from IS-IS. You can import a routing policy to filter or restrict routes.
Options policy-names—Name of one or more routing policies.

Related • Example: Configuring a Routing Policy to Prioritize IS-IS Routes on page 115
Documentation
• Understanding Routing Policies

IS-IS Feature Guide
interface (Protocols IS-IS)
Syntax interface (all | interface-name) {

disable;
authentication {
algorithm algorithm-name;
key-chain key-chain-name;
loose-check;
}
detection-time {
}
minimum-receive-interval milliseconds;
transmit-interval {
}
multiplier number;
}
checksum;
flood-group;
csnp-interval (seconds | disable);
hello-padding (adaptive | loose | strict);
interface-group-holddown-delay
ldp-synchronization {
disable;
hold-time seconds;
}
lsp-interval milliseconds;
max-hello-size size;
mesh-group (value | blocked);
no-adjacency-holddown;
no-eligible-remote-backup;
no-ipv4-multicast;
no-ipv6-multicast;
no-ipv6-unicast;
no-unicast-topology;
passive;
point-to-point;
level level-number {
disable;
hello-authentication-key key;
hello-authentication-key-chain key-chain-name;
hello-authentication-type authentication;
hello-interval seconds;
hold-time seconds;
ipv4-multicast-metric metric;
ipv6-multicast-metric metric;
ipv6-unicast-metric metric;
metric metric;
passive;

priority number;
te-metric metric;
}
}

isis],

no-eligible-remote-backup option introduced in Junos OS Release 14.2 for the MX Series.
interface-group-holddown-delay option introduced in Junos OS Release 15.2 for the MX
Series.
max-hello-size option introduced in Junos OS Release 17.1 for the MX Series.
Description Configure interface-specific IS-IS properties. To configure more than one interface, include
the interface statement multiple times.
Enabling IS-IS on an interface (by including the interface statement at the [edit protocols
isis] or the [edit routing-instances routing-instance-name protocols isis] hierarchy level),
disabling it (by including the disable statement), and not actually having IS-IS run on an
interface (by including the passive statement) are mutually exclusive states.
Options all—Have Junos OS create IS-IS interfaces automatically. If you include this option, disable
IS-IS on the management interface (fxp0).
interface-name—Name of an interface. Specify the full interface name, including the

physical and logical address components.


Documentation

page 20

page 21

IS-IS Feature Guide
interface-group-holddown-delay
Syntax interface-group-holddown-delay seconds;

Description Configure the time interval that the IS-IS takes before replacing the metric with the new
metric value and before flooding the new metric to the labeled-switched paths (LSPs).
When the bundle changes from a worse bandwidth based metric to a better metric the
system waits for the configured time before switching to the new metric. The system
also uses this time delay when a link status changes from down to up or when a member
link changes status from degrade to non-degrade.
Default By default, the time delay for a routing device is 20 seconds.
Options seconds—Number of seconds before the routing device replaces the bandwidth based
metric.
Default: 20 seconds

Related • interface on page 494

Documentation
• show isis interface-group on page 688

interface (Protocols ISIS)
Syntax interface (interface-name | all) {

admin-group {
}
downstream-paths-only ;
metric ];
node {
exclude [ neighbor-address ];
preference [ neighbor-address ];
}
node-tag {
}
protection-type (link | node| node-link);
root-metric (highest | lowest);
srlg (loose |strict);
}
Hierarchy Level [edit logical-systems logical-system-name routing-options backup-selection destination

prefix],
backup-selection destination prefix],
[edit routing-instances instance-name routing-options backup-selection prefix],
[edit routing-options backup-selection destination prefix]
Description Define the backup selection policy for a specific primary next hop.
Options interface-name— Name of the primary next-hop interface.
all— All the interfaces.
bandwidth-greater-equal-primary— Allow the selection of the backup next hop only if

the bandwidth is greater than or equal to the bandwidth of the primary next hop.
dest-metric (highest | lowest)—Specifiy the metric from the one-hop neighbor or from
the remote router such as an RSVP backup label-switched-path (LSP) tail-end
router to the final destination.

IS-IS Feature Guide
highest— Select the backup path that has the highest destination metric.
lowest— Select the backup path that has the lowest destination metric.
downstream-paths-only— Select the backup path that is a downstream path to the

destination.

metric ]—Control the order and the criteria of evaluating the backup path. The default
order of evaluation is admin-group, srlg, bandwidth, protection-type, neighbor,
neighbor-tag, and metric.
NOTE: For the explicitly configured evaluation order, only the listed
attributes influence the selection of the backup path.

metric-order [ root dest ]— Specify the order of preference of the root and the destination
metric during the backup path selection. The preference order can be:
• [root dest] — Backup path selection or preference is first based on the root-metric
criteria. If the criteria of all the root-metric is the same, then the selection or
preference is based on the dest-metric.
• [dest root] — Backup path selection or preference is first based on the dest-metric
criteria. If the criteria of all the dest-metric is the same, then the selection is based
on the root-metric.
NOTE: By default, backup paths with lower destination metric criteria

are selected or preferred. If the criteria is the same, then the lowest root
metric criteria is preferred or selected.
root— The metric to a one-hop neighbor or a remote router.
dest— The metric from a one-hop neighbor or remote router to the final destination.
protection-type (link | node | node-link)—Specify the required protection type of the

backup path.
NOTE: If no protection-type is configured, then by default the first best

path that matches all the other criteria is executed.
link— Select the backup path that provides link protection.
node— Select the backup path that provides node protection.
node-link— Allow either node or link protection LFA where node-protection LFA is
preferred over link-protection LFA.
root-metric (highest | lowest)—Specify the metric to the one-hop neighbor or to the

remote router such as an RSVP backup label-switched-path (LSP) tail-end router.
highest— Select the highest root metric.
lowest— Select the lowest root metric.

IS-IS Feature Guide
srlg (loose | strict)—Define the backup selection to either allow or reject the common
shared risk link groups (SRLGs) between the primary link and any link in the backup
path.
loose— Allow the backup path that has common srlgs between the primary link and
any link in the backup path. A backup path with a fewer number of srlg collisions
is preferred.
strict— Reject the backup path that has common srlgs between the primary link and
each link in the backup path.


Documentation

ipv4-multicast
Syntax ipv4-multicast;
Hierarchy Level [edit logical-systems logical-system-name protocols isis topologies],

isis topologies],
[edit protocols isis topologies],
[edit routing-instances routing-instance-name protocols isis topologies]

Description Configure alternate IPv4 multicast topologies.
NOTE: The IS-IS interface metrics for the IPv4 topology can be configured
independently of the IPv6 metrics. You can also selectively disable interfaces
from participating in the IPv6 topology while continuing to participate in the
IPv4 topology. This lets you exercise control over the paths that unicast data
takes through a network.
Default Multicast topologies are disabled.


Documentation

IS-IS Feature Guide
ipv4-multicast-metric
Syntax ipv4-multicast-metric metric;
level-number],
level-number]

Description Specify the multicast topology metric value for the level.
Options metric—Metric value.

Range: 0 through 16,777,215


Documentation

ipv6-multicast
Syntax ipv6-multicast;

isis topologies],

Description Configure alternate IPv6 multicast topologies.


Documentation

IS-IS Feature Guide
ipv6-multicast-metric
Syntax ipv6-multicast-metric metric;
level-number],
level-number]

Description Specify the IPv6 alternate multicast topology metric value for the level.



Documentation

ipv6-unicast
Syntax ipv6-unicast;

isis topologies],

Description Configure alternate IPv6 unicast topologies.
This statement causes IS-IS to calculate an alternate IPv6 unicast topology, in addition
to the normal IPv4 unicast topology, and add the corresponding routes to inet6.0.
NOTE: The IS-IS interface metrics for the IPv4 topology can be configured
independently of the IPv6 metrics. You can also selectively disable interfaces
from participating in the IPv6 topology while continuing to participate in the
IPv4 topology. This lets you exercise control over the paths that unicast data
takes through a network.
Default IPv6 unicast topologies are disabled.

Related • Understanding IS-IS IPv4 and IPv6 Unicast Topologies on page 177
Documentation
• Example: Configuring IS-IS IPv4 and IPv6 Unicast Topologies on page 178

IS-IS Feature Guide
ipv6-unicast-metric
Syntax ipv6-unicast-metric metric;
level-number],
level-number]

Description Specify the IPv6 unicast topology metric value for the level. The IS-IS interface metrics
for the IPv4 topology can be configured independently of the IPv6 metrics.


Documentation

isis
Syntax isis { ... }
Hierarchy Level [edit logical-systems logical-system-name protocols],

protocols],
[edit protocols],
[edit routing-instances routing-instance-name protocols]

Description Enable IS-IS routing on the routing device or for a routing instance.
The isis statement is the one statement you must include in the configuration to run IS-IS
on the routing device or in a routing instance.
Default IS-IS is disabled on the routing device.

Related • Example: Configuring IS-IS on page 14

Documentation
page 21

IS-IS Feature Guide
label-switched-path (Protocols IS-IS)
Syntax label-switched-path name level level-number metric metric;

isis],
Description Advertise label-switched paths (LSPs) into IS-IS as point-to-point links. The LSP is
advertised in the appropriate IS-IS levels as a point-to-point link and contains a local
address and a remote address.
When you advertise LSPs into IS-IS as point-to-point links, the LSPs are used in SPF
calculations. The advertisement contains a local address (the from address of the LSP),
a remote address (the to address of the LSP), and a metric.
Before a single-hop LSP between a multiaccess link can be announced as up and used
in SPF calculations, you must configure an LSP in both directions between two
label-switched routers.
Options name—Identifies the LSP.
level-number—IS-IS level number.

Values: 1 or 2
metric—Metric value.
Range: 1 through 63, or 1 through 16,777,215 (if you have configured wide metrics)
Default: 0 (for lo0), 10 (for all other interfaces)

Related • Example: Advertising Label-Switched Paths into IS-IS on page 263

Documentation

layer2-map
Syntax layer2-map;

[edit logical-systems logical-system-name protocols isis interface interface-name],
isis],
Release Information Statement introduced in Junos OS Release 16.1 for the MX Series and PTX Series.
Description Enable Layer 2 mapping of ARP or neighbor discovery next hops in the kernel for the
specified instance or interface. IS-IS Layer 2 mapping ensures that forwarding next-hop
resolution is topology-driven rather than traffic-driven, which results in minimal traffic
loss while activating an Ethernet link.
IS-IS LAN and point-to-point Hellos supply all relevant Layer 2 and Layer 3 binding address
information for address resolution. The device at the receiving end can extract the
information and populate the ARP or neighbor discovery cache of the kernel even before
the route installation time. When Layer 2 mapping is enabled, IS-IS installs ARP or neighbor
discovery next-hop entries into the forwarding table. Because this provides Layer 2
next-hop bindings ahead of time, IS-IS networks do not experience traffic loss while
bringing up a link.
Default The default setting is no-layer2-map for both instances and interfaces.

Related • Layer 2 Mapping for IS-IS on page 281

Documentation

IS-IS Feature Guide
ldp-synchronization
Syntax ldp-synchronization {
disable;
hold-time seconds;
}

Description Enable synchronization by advertising the maximum cost metric until LDP is operational
on the link.
LDP distributes labels in non-traffic-engineered applications. Labels are distributed along

the best path determined by IS-IS. If the synchronization between LDP and IS-IS is lost,
the label-switched path (LSP) goes down. Therefore, IS-IS and LDP synchronization is
beneficial. When LDP synchronization is configured and when LDP is not fully operational
on a given link (a session is not established and labels are not exchanged), IS-IS advertises
the link with the maximum cost metric. The link is not preferred but remains in the network
topology.
LDP synchronization is supported only on point-to-point interfaces and LAN interfaces

configured as point-to-point interfaces under IS-IS. LDP synchronization is not supported
during graceful restart.
To advertise the maximum cost metric until LDP is operational for LDP synchronization,
include the ldp-synchronization statement.

Related • Example: Configuring Synchronization Between LDP and OSPF

Documentation

level (Global IS-IS)
Syntax level level-number {

authentication-key key;
authentication-key-chain (Protocols IS-IS) key-chain-name;
authentication-type type;
disable;
external-preference preference;
no-csnp-authentication;
no-hello-authentication;
no-psnp-authentication;
preference preference;
purge-originator {
empty|self;
}
wide-metrics-only;
}

isis],

Description Configure the global-level properties.
You can administratively divide a single AS into smaller groups called areas. You configure
each routing device interface to be in an area. Any interface can be in any area. The area
address applies to the entire routing device. You cannot specify one interface to be in
one area and another interface in a different area. To route between areas, you must
have two adjacent Level 2 routers that communicate with each other.
Level 1 routers can only route within their IS-IS area. To send traffic outside their area,
Level 1 routers must send packets to the nearest intra-area Level 2 router. A routing device
can be a Level 1 router, a Level 2 router, or both. You specify the router level on a
per-interface basis, and a routing device becomes adjacent to other routing devices on
the same level on that link only.
You can configure one Level 1 routing process and one Level 2 routing process on each
interface, and you can configure the two levels differently.
Options level-number—IS-IS level number.

Values: 1 or 2

IS-IS Feature Guide


Documentation

page 20

page 21

level (IS-IS Interfaces)
Syntax level level-number {

level (IS-IS Interfaces);
hello-authentication-key key;
hello-authentication-key-chain key-chain-name;
hello-authentication-type authentication;
hello-interval seconds;
hold-time seconds;
ipv4-multicast-metric number;
ipv6-unicast-metric number;
metric metric;
passive;
priority number;
te-metric metric;
}


Description Configure the IS-IS level. You can configure one instance of Level 1 routing and one
instance of Level 2 routing on each interface, and you can configure the two levels
differently.
Options level-number—IS-IS level number.

Values: 1 or 2
Default: The routing device operates as both a Level 1 and Level 2 router.


Documentation

page 20

page 21

IS-IS Feature Guide
link-group-protection (Protocols IS-IS)
Syntax link-group-protection {
minimum-bandwidth rate;
revert-bandwidth rate;
}
Hierarchy Level [edit logical-systems logical-system-name protocols isis interface-group group-name],

isis interface-group group-name],
[edit protocols isis interface-group group-name],
[edit routing-instances routing-instance-name protocols isis interface-group group-name]
Release Information Statement introduced in Junos OS Release 16.1 for the MX Series.
Description Configure link group protection. This enables Packet Forwarding Engine-based local
repair by pre-downloading suboptimal backup paths with appropriate weights in the
Packet Forwarding Engine.
Options minimum-bandwidth rate—Minimum bandwidth to carry traffic. This is the minimum

bandwidth below which the outgoing traffic can no longer be carried on this link
group. The Packet Forwarding Engine needs to load-balance across links of best or
suboptimal interface groups as well.
Range: 9600 through 1,000,000,000,000
revert-bandwidth rate—Revert bandwidth to carry traffic. This is the bandwidth above

which the outgoing traffic can be carried over the members of this link group. There
is no need for the Packet Forwarding Engine to load-balance across member links
of other suboptimal link groups if it provides a path with the shortest metric.
Range: 9600 through 1,000,000,000,000


link-protection (Protocols IS-IS)
Syntax link-protection;


Description Enable link protection on the specified IS-IS interface. Junos OS creates a backup loop-free
alternate path to the primary next hop for all destination routes that traverse the protected
interface.


Documentation
• node-link-protection on page 542

IS-IS Feature Guide
loose-authentication-check
Syntax loose-authentication-check;

isis],

Description Allow the use of MD5 authentication without requiring network-wide deployment.


Documentation

lsp-equal-cost
Syntax lsp-equal-cost;
Hierarchy Level [edit logical-systems logical-system-name protocols isis traffic-engineering multipath],

[edit protocols isis traffic-engineering multipath]
Description Configure label-switched paths (LSPs) to be retained as equal cost paths for load
balancing when a better path metric is found during the IS-IS internal routing table
calculation.
When a route with an improved metric is added to the IS-IS internal routing table, IS-IS
flushes all next-hop information (including LSP next-hop information) for a route. This
is undesirable, because certain equal-cost multipath (ECMP) combinations can be lost
during route calculation. To override this default IS-IS behavior, include the lsp-equal-cost
statement for load balancing, so that the equal cost path information is retained in the
routing table.

Documentation
• multipath on page 529

IS-IS Feature Guide
lsp-interval
Syntax lsp-interval milliseconds;


Description Configure the link-state PDU interval time.
By default, the routing device sends one link-state PDU packet out an interface every
100 milliseconds. To disable the transmission of all link-state PDUs, set the interval to 0.
Link-state PDU throttling by use of the lsp-interval statement controls the flooding pace
to neighboring routing devices in order to not overload them.
Also, consider that control traffic (such as link-state PDUs and related packets) might
delay user traffic (information packets) because control traffic always has precedence
in terms of scheduling on the routing device interface cards. Unfortunately, the control
traffic transmission rate is not decreased on low-bandwidth interfaces, such as DS-0 or
fractional T1 and E1 interface. Line control traffic stays the same. On a low-bandwidth
circuit that is transmitting 30 full-MTU-sized packets, there is not much bandwidth left
over for other types of packets.
Default By default, the routing device sends one link-state PDU out an interface every
100 milliseconds.
Options milliseconds—Number of milliseconds between the sending of link-state PDUs. Specifying

a value of 0 blocks all link-state PDU transmission.
Range: 0 through 1000 milliseconds
Default: 100 milliseconds

Related • Example: Configuring the Transmission Frequency for Link-State PDUs on IS-IS
Documentation Interfaces on page 360

• Example: Configuring the Transmission Frequency for CSNP Packets on IS-IS Interfaces
on page 365

IS-IS Feature Guide
lsp-lifetime
Syntax lsp-lifetime seconds;

isis],

Description Specify how long a link-state PDU originating from the routing device should persist in
the network. The routing device sends link-state PDUs often enough so that the link-state
PDU lifetime never expires.
Because link-state PDUs have a maximum lifetime, they need to be refreshed. Refreshing
means that a routing device needs to re-originate its link-state PDUs periodically. The
re-origination interval must be less than the link-state PDU’s lifetime. For example, if the
link-state PDU is valid for 1200 seconds, the routing device needs to refresh the link-state
PDU in less than 1200 seconds to avoid removal of the link-state PDU from the link-state
database by other routing devices. The recommended maximum link-state PDU origination
interval is the lifetime minus 300 seconds. So, in a default environment this would be
900 seconds. In Junos OS, the refresh interval is derived from the lifetime and is equal
to the lifetime minus 317 seconds. You can change the lifetime to a higher value to reduce
the number of refreshes in the network. (You would rarely want to increase the number
of refreshes.) Often theses periodic link-state PDU refreshes are referred to as refresh
noise, and network administrators want to reduce this noise as much as possible.
The show isis overview command displays the link-state PDU lifetime.
Default By default, link-state PDUs are maintained in network databases for 1200 seconds
(20 minutes) before being considered invalid. This length of time, called the LSP lifetime,
normally is sufficient to guarantee that link-state PDUs never expire.
Options seconds—link-state PDU lifetime, in seconds.

Default: 1200 seconds



• https://www.juniper.net/us/en/training/certification/JNCIP_studyguide.pdf

IS-IS Feature Guide
max-areas
Syntax max-areas number;

isis]

Description Modify the maximum number of IS-IS areas advertised.
This value is included in the Maximum Address Area field of the IS-IS common PDU
header included in all outgoing PDUs.
The maximum number of areas you can advertise is restricted to 36 to ensure that the
IIH PDUs have enough space to include other type, length, and value (TLV) fields, such
as the Authentication and IPv4 and IPv6 Interface Address TLVs.
Options number—Maximum number of areas to include in the IS-IS hello (IIH) PDUs and link-state
PDUs.
Range: 3 through 36
Default: 3


page 21

max-hello-size
Syntax max-hello-size size;

isis],

interface interface-name option introduced in Junos OS Release 17.1 for the MX Series.
Description Modify the maximum size of IS-IS hello packets. IS-IS sends hello packets out of all IS-IS
enabled interfaces to discover neighbors and form adjacencies between the devices.
Based on the actual MTU of the physical interface, you can configure upto 16000 bytes
as the maximum size for IS-IS packets.
Options size—Maximum size allocated for IS-IS hello packets.

Range: 512 through 16000 bytes
Default: 1492 bytes


Documentation

IS-IS Feature Guide
max-lsp-size
Syntax max-lsp-size size;

isis],
Description Modify the maximum size of IS-IS link-state PDUs. IS-IS sends link-state PDUs out of
IS-IS enabled interfaces to distribute routing information between the IS-IS nodes.
Options size—Maximum size allocated for IS-IS link-state PDUs.

Default: 1492 bytes


Documentation

max-snp-size
Syntax max-snp-size size;

isis],
Description Modify the maximum size of partial or complete IS-IS sequence number PDUs. IS-IS
sends sequence number packets out of IS-IS enabled interfaces to control the distribution
of link-state PDUs between the IS-IS nodes. Sequence number packets provide a
mechanism to synchronize the link-state databases of routers in the same area.
Options size—Maximum size allocated for sequence number of partial or complete IS-IS packets.
Default: 1400 bytes


Documentation

IS-IS Feature Guide
mesh-group (Protocols IS-IS)
Syntax mesh-group (blocked | value);


Description Configure an interface to be part of a mesh group, which is a set of fully connected nodes.
A mesh group is a set of routing devices that are fully connected. That is, they have a fully
meshed topology. When link-state PDUs are being flooded throughout an area, each
router within a mesh group receives only a single copy of a link-state PDU instead of
receiving one copy from each neighbor, thus minimizing the overhead associated with
the flooding of link-state PDUs.
To create a mesh group and designate that an interface be part of the group, assign a
mesh-group number to all the routing device interfaces in the group. To prevent an
interface in the mesh group from flooding link-state PDUs, configure blocking on that
interface.
Options blocked—Configure the interface so that it does not flood link-state PDUs.
value—Number that identifies the mesh group.

32
Range: 1 through 4,294,967,295 (2 – 1; 32 bits are allocated to identify a mesh group)

Related • Example: Configuring Mesh Groups of IS-IS Interfaces on page 371

Documentation
• Understanding IS-IS Mesh Groups on page 370

metric (Protocols IS-IS)
Syntax metric metric;
level-number],
level-number]

Description Specify the IPv4 unicast topology metric value for the level. The IS-IS interface metrics
for the IPv6 topology can be configured independently of the IPv4 metrics.
All IS-IS routes have a cost, which is a routing metric that is used in the IS-IS link-state
calculation. The cost is an arbitrary, dimensionless integer that can be from 1 through 63,
24
or from 1 through 16,777,215 (2 – 1) if you are using wide metrics.
Similar to other routing protocols, IS-IS provides a way of exporting routes from the
routing table into the IS-IS network. When a route is exported into the IS-IS network
without a specified metric, IS-IS uses default metric values for the route, depending on
the protocol that was used to learn the route.
Table 9 on page 527 depicts IS-IS route export metric default values.
Table 9: Default Metric Values for Routes Exported into IS-IS
Protocol Used for Learning the Route Default Metric Value
Direct 10
Static Same as reported by the protocol used for exporting the route
Aggregate 10
Generate 10
RIP Same as reported by the protocol used for exporting the route
OSPF Same as reported by the protocol used for exporting the route
BGP 10

IS-IS Feature Guide
The default metric values behavior can be customized by using routing policies.

Range: 1 through 63, or 1 through 16,777,215 (if you have configured wide metrics)
Default: 10 (for all interfaces except lo0), 0 (for the lo0 interface)

Related • Example: Enabling Wide IS-IS Metrics for Traffic Engineering on page 272
Documentation
• te-metric on page 583
multicast-rpf-routes
Syntax multicast-rpf-routes;
Hierarchy Level [edit logical-systems logical-system-name protocols isis traffic-engineering family inet
shortcuts],
[edit logical-systems logical-system-name routing-instances traffic-engineering family inet
shortcuts],
[edit protocols isis traffic-engineering family inet shortcuts],
[edit routing-instances routing-instance-name protocols isis traffic-engineering family inet
shortcuts]
Description Install unicast IPv4 routes into the multicast routing table (inet.2) for multicast
reverse-path-forwarding (RPF) checks.
Traffic engineering shortcuts must be enabled. IPv4 multicast topology must not be
enabled. Label-switched paths (LSPs) must not be advertised into IS-IS.


Documentation

multipath (Protocols IS-IS)
Syntax multipath {
lsp-equal-cost;
}

Description Enable load balancing for multiple label-switched paths (LSPs).
Options lsp-equal-cost—Configure LSPs to be retained as equal cost paths for load balancing
when a better route metric is added to the routing table.
When a route with an improved metric is added to the IS-IS internal routing table,
IS-IS flushes all next-hop information (including LSP next-hop information) for a
route. This is undesirable, because certain equal-cost multipath (ECMP) path
combinations can be lost during route calculation. To override this default IS-IS
behavior, include the lsp-equal-cost statement for load balancing, so that the equal
cost path information is retained in the routing table.

Documentation
• lsp-equal-cost on page 517
• multipath (Protocols BGP)
• multipath (Routing Options)

IS-IS Feature Guide
multipath (SPF Options)
Syntax multipath [
weighted {
one-hop;
}
}
Hierarchy Level [edit protocols isis spf-options]
Release Information Statement introduced in Junos OS Release 15.1F4 for the MX Series.
Description Enable weighted equal-cost multipath (ECMP) for load-sharing data based on the
bandwidth for incoming traffic destined to IS-IS neighbors that are at a one-hop distance.
The IS-IS protocol gets the logical interface bandwidth information associated with the
gateways of ECMP next hop and shares this information with the routing protocol process
(rpd) and the Packet Forwarding Engine.
Instead of distributing traffic equally over multiple paths, weighted equal-cost multipath
(ECMP) routing distributes traffic based on the total available bandwidth for each gateway
of a next hop. It thereby distributes traffic unequally over multiple paths and utilizes
available bandwidth more efficiently for better load balancing.
NOTE: Weighted equal-cost multipath routing displays unequal traffic

distribution prominently when the traffic flow is as heavy as 10000 flows.
Options weighted—Enable weighted ECMP for efficient load sharing.
one-hop—Enable weighted ECMP load balancing on IS-IS neighbors that are just one
hop away based on the interface bandwidth.

Related • show route on page 723

Documentation
• Understanding Weighted ECMP Traffic Distribution on One-Hop IS-IS Neighbors on

page 220

no-adjacency-down-notification (Protocols IS-IS)
Syntax no-adjacency-down-notification;

[edit protocols isis interface interface-name]
Description Disable adjacency down notification for IS-IS to allow for migration from IS-IS to OSPF
without disruption of the RSVP neighbors and associated RSVP-signaled label-switched
paths (LSPs).
Whenever IS-IS is deactivated, the IS-IS adjacencies are brought down. IS-IS signals to
RSVP to bring down any RSVP neighbors associated with the IS-IS adjacencies, and this
further causes the associated LSPs signaled by RSVP to go down as well.
A similar process occurs whenever OSPF is deactivated. The OSPF neighbors are brought
down. OSPF signals to RSVP to bring down any of the RSVP neighbors associated with
the OSPF neighbors, and this further causes the associated LSPs signaled by RSVP to
go down as well.
If you need to migrate from IS-IS to OSPF or from OSPF to IS-IS, the internal gateway
protocol (IGP) notification to RSVP for an adjacency or neighbor down event needs to
be ignored. Using the no-adjacency-down-notification or no-neighbor-down-notification
statements, you can disable IS-IS adjacency down notification or OSPF neighbor down
notification, respectively, until the migration is complete. The network administrator is
responsible for configuring the statements before the migration, and then removing them
from the configuration afterward, so that IGP notification can function normally.

Related • no-neighbor-down-notification
Documentation

IS-IS Feature Guide
no-adjacency-holddown
Syntax no-adjacency-holddown;

isis],

Description Disable the hold-down timer for IS-IS adjacencies.
A hold-down timer delays the advertising of adjacencies by waiting until a time period
has elapsed before labeling adjacencies in the up state. You can disable this hold-down
timer, which labels adjacencies up faster. However, disabling the hold-down timer creates
more frequent link-state PDU updates and SPF computation.

Related • hold-time on page 488

Documentation

no-authentication-check (Protocols IS-IS)
Syntax no-authentication-check;

isis],

Description Generate authenticated packets and check the authentication on received packets, but
do not reject packets that cannot be authenticated.

Related • csnp-interval on page 470

Documentation

IS-IS Feature Guide
no-advertise-adjacency-segment (Protocols IS-IS)
Syntax no-advertise-adjacency-segment;

Release Information Statement introduced in Junos OS Release 16.2 for MX Series routers and PTX Series
routers.
Description Disable advertising of the adjacency segment on all levels for the specified interface.
Default Enabled

Related • isis on page 507

Documentation

no-csnp-authentication
Syntax no-csnp-authentication;


Description Suppress authentication check on complete sequence number PDU (CSNP) packets.

Related • csnp-interval on page 470

Documentation

IS-IS Feature Guide
node
Syntax node {
exclude [ node-address ];
preference [ node-address ];
}
Hierarchy Level [edit logical systems logical-system-name routing-options backup-selection (Protocols

ISIS) destination prefix interface interface name],
[edit routing-options backup-selection (Protocols ISIS) destination prefix interface interface
name]
Description Define a list of loop-back IP addresses of the adjacent nodes to either prefer or exclude
in the backup path selection. The node can be a local (adjacent router) node, remote
node, or any other router in the backup path.
NOTE: The nodes are identified through the TE-router-ID TLV advertised by
a node in the LSP.
Options exclude [ node-address ]— Specify the list of nodes to be excluded. The backup path
that has a router from the list is not selected as the loop-free alternative or backup
next hop.
node-address— Name of one or more nodes to be excluded during backup path

selection.
preference [ node-address ]— Define an ordered set of nodes to be preferred. The backup

path having the leftmost node is selected.
node-address— Name of one or more nodes to be preferred in the backup path

selection.


Documentation

node-protection
Syntax node-protection <cost cost>;
Hierarchy Level [edit logical-systems name protocols isis interface name level number post-convergence-lfa
],
[edit logical-systems name routing-instances name protocols isis interface name level
number post-convergence-lfa ],
[edit protocols isis interface name level number post-convergence-lfa ],
[edit routing-instances name protocols isis interface name level number post-convergence-lfa
]
Release Information Statement introduced in Junos OS Release 17.4R1 for MX Series, PTX Series, and QFX
Series.
Description Enable node protection mode for topology-independent loop-free alternate (TI-LFA)
routes for IS-IS. You can configure the cost of all the links used for calculating the TI-LFA
post-convergence failure path cost. If node protection is enabled without configuring a
cost value, then the cost is set to the maximum cost.
Options cost—Cost for node protection.

Required Privilege routing

Level


IS-IS on page 335

IS-IS Feature Guide
node-segment (Protocols IS-IS)
Syntax node-segment {
index-range index range;
ipv4-index index;
ipv6-index index;
}
Hierarchy Level [edit logical-systems logical-system-name protocols isis source-packet-routing],

isis source-packet-routing],
[edit routing-instances routing-instance-name protocols isis source-packet-routing]
Release Information Statement introduced in Junos OS Release 16.2R1 for MX Series routers.
Statement introduced in Junos OS Release 16.1X65 for the PTX1000 routers.
Description Enable source packet routing in networking (SPRING) at all levels. SPRING or segment
routing is a control-plane architecture that enables an ingress router to steer a packet
through a specific set of nodes and links in the network without relying on the intermediate
nodes in the network to determine the actual path it should take.
NOTE: Provisioning the IPv4 and IPv6 node segment index is allowed per
routing-instance, and will NOT be allowed per IS-IS level. Node segment
index is attached to the IPv4 and IPv6 router-id, if the router-ids are configured
on the loopback interface. Else, lowest IP address on the loopback is chosen
to attach the node-sid.
Options index-range index range— Range of node segment indices allowed.

Default: 4096
ipv4-index index— IPv4 node segment index.

NOTE: Starting with Junos OS Release 17.2, the maximum index for IPv4
node segment index is 199999.
ipv6-index index— IPv6 node segment index.

NOTE: Starting with Junos OS Release 17.2, the maximum index for IPv6
node segment index is 199999.


Documentation

IS-IS Feature Guide
node-tag
Syntax node-tag {
}
Hierarchy Level [edit logical-systems logical-system-name routing-options backup-selection (Protocols

ISIS) destination prefix interface interface name],
[edit routing-options backup-selection destination prefix interface interface name]
Description Define per-neighbor policy to either prefer or exclude a backup path.
NOTE: This statement identifies a group of nodes in the network based on

criteria such as the same neighbor tag values for all PE nodes. This is
implemented using IS-IS admin-tags.
Options exclude [ route-tag ]— Specify that the backup path which has any node or router with
route-tag from this list is not selected as the loop-free alternative or backup-next
hop.
route-tag— Name of one or more tags advertised as part of extended IP reachability

with a /32 prefix length that represents the TE-router-ID or node ID of a router.
preference [ route-tag ]— Specify the set of route tags in descending order of preference.
route-tag— Name of one or more tags advertised as part of extended IP reachability

with a /32 prefix length that represents the TE-router-ID or node ID of a router.


Documentation


IS-IS Feature Guide
node-link-protection (Protocols IS-IS)
Syntax node-link-protection;

[edit logical-routers logical-router-name routing-instances routing-instance-name protocols

Description Enable node-link protection on the specified IS-IS interface. Junos OS creates an alternate
loop-free path to the primary next hop for all destination routes that traverse a protected
interface. This alternate path avoids the primary next-hop routing device altogether and
establishes a path through a different routing device.


Documentation
• link-protection on page 515

no-eligible-backup (Protocols IS-IS)
Syntax no-eligible-backup;


Description Exclude the specified interface as a backup interface for IS-IS interfaces on which link
protection or node-link protection is enabled.


Documentation
• link-protection on page 515
• node-link-protection on page 542

IS-IS Feature Guide
no-eligible-remote-backup
Syntax no-eligible-remote-backup;

[edit protocols isis interface interface-name]
[edit protocols (ospf | ospf3) area area-id interface interface-name]
Description Disable remote LFA backup calculation for the specified interface. If remote LFA is
disabled, Junos OS does not consider the interface for calculating the remote LFA next
hop.

Documentation
• backup-spf-options on page 461

no-hello-authentication
Syntax no-hello-authentication;


Description Suppress authentication check on complete sequence number hello packets.

Related • hello-authentication-type on page 482

Documentation

IS-IS Feature Guide
no-ipv4-multicast
Syntax no-ipv4-multicast;


Description Exclude an interface from IPv4 multicast topologies.


Documentation

no-ipv4-routing
Syntax no-ipv4-routing;

isis],

Description Disable IP version 4 (IPv4) routing.
Disabling IPv4 routing has the following results:
• The routing device does not advertise the network layer protocol identifier (NLPID) for
IPv4 in the Junos OS link-state PDU fragment zero.
• The routing device does not advertise any IPv4 prefixes in Junos OS link-state PDUs.
• The routing device does not advertise the NLPID for IPv4 in Junos OS hello packets.
• The routing device does not advertise any IPv4 addresses in Junos OS hello packets.
• The routing device does not calculate any IPv4 routes.
NOTE: Note: Even when no-ipv4-routing is configured, an IS-IS traceoptions

log can list rejected IPv4 addresses. When a configuration is committed, IS-IS
schedules a scan of the routing table to determine whether any routes need
to be exported into the IS-IS link state database. The implicit default export
policy action is to reject everything. IPv4 addresses from the routing table
are examined for export, rejected by the default policy, and the rejections are
logged.

Documentation

IS-IS Feature Guide
no-ipv6-multicast
Syntax no-ipv6-multicast;


Description Exclude an interface from the IPv6 multicast topologies.


Documentation

no-ipv6-routing
Syntax no-ipv6-routing;

isis],

Description Disable IP version 6 (IPv6) routing.
Disabling IPv6 routing has the following results:
• The routing device does not advertise the network layer protocol identifier (NLPID) for
IPv6 in the Junos OS link-state PDU fragment zero.
• The routing device does not advertise any IPv6 prefixes in Junos OS link-state PDUs.
• The routing device does not advertise the NLPID for IPv6 in Junos OS hello packets.
• The routing device does not advertise any IPv6 addresses in Junos OS hello packets.
• The routing device does not calculate any IPv6 routes.

Documentation

IS-IS Feature Guide
no-ipv6-unicast
Syntax no-ipv6-unicast;


Description Exclude an interface from the IPv6 unicast topologies. This enables you to exercise control
over the paths that unicast data takes through a network.

Documentation

no-psnp-authentication
Syntax no-psnp-authentication;


Description Suppress authentication check on partial sequence number PDU (PSNP) packets.

Related • Configuring IS-IS Authentication on page 33

Documentation

IS-IS Feature Guide
no-unicast-topology
Syntax no-unicast-topology;


Description Exclude an interface from the IPv4 unicast topologies.


Documentation

overload (Protocols IS-IS)
Syntax overload {
advertise-high-metrics;
allow-route-leaking;
external-prefixes;
internal-prefixes;
timeout seconds;
}

isis],

Statement introduced in Junos OS Release 14.
external-prefixes and internal-prefixes options introduced in Junos OS Release 18.3R1.
Description Configure the local routing device so that it appears to be overloaded. This statement
causes the routing device to continue participating in IS-IS routing, but prevents it from
being used for transit traffic. Traffic destined to immediately attached subnets continues
to transit the routing device.
You can also advertise maximum link metrics in network layer reachability information
(NLRI) instead of setting the overload bit.
You configure or disable overload mode in IS-IS with or without a timeout. Without a
timeout, overload mode is set until it is explicitly deleted from the configuration. With a
timeout, overload mode is set if the time elapsed since the IS-IS instance started is less
than the specified timeout.
A timer is started for the difference between the timeout and the time elapsed since the
instance started. If the time elapsed after the IS-IS instance is enabled is less than the
specified timeout, overload mode is set. When the timer expires, overload mode is cleared.
In overload mode, the routing device IS-IS advertisements are originated with the overload
bit set. This causes the transit traffic to take paths around the routing device. However,
the overloaded routing device’s own links are still accessible.
The value of the overload bit depends on these three scenarios:
1. When the overload bit has already been set to a given value and the routing process
is restarted: Link-state PDUs are regenerated with the overload bit cleared.
2. When the overload bit is reset to a lesser value while the routing process is running:
Link-state PDUs are regenerated with the overload bit cleared.

IS-IS Feature Guide
3. When the overload bit is reset to a greater value while the routing process is running:
Link-state PDUs are regenerated with the overload bit set to the difference between
the old and new value.
In overload mode, the routing device advertisement is originated with all the transit routing
device links (except stub) set to a metric of 0xFFFF. The stub routing device links are
advertised with the actual cost of the interfaces corresponding to the stub. This causes
the transit traffic to avoid the overloaded routing device and take paths around the routing
device.
To understand the reason for setting the overload bit, consider that BGP converges slowly.
It is not very good at detecting that a neighbor is down because it has slow-paced
keepalive timers. Once the BGP neighbor is determined to be down, it can take up to 2
minutes for a BGP router to declare the neighbor down. IS-IS is much quicker. IS-IS only
takes 10-30 seconds to detect absent peers. It is the slowness of BGP, more precisely
the slowness of internal BGP (IBGP), that necessitates the use of the overload bit. IS-IS
and BGP routing are mutually dependent on each other. If both do not converge at the
same time, traffic is dropped without notification (black holed).
You might want to configure the routing device so that it appears to be overloaded when
you are restarting routing on the device. Setting the overload bit for a fixed amount of
time right after a restart of the routing protocol process (rpd) ensures that the router
does not receive transit traffic while the routing protocols (especially IBGP) are still
converging.
Setting the overload bit is useful when performing hardware or software maintenance
work on a routing device. After the maintenance work, clear the overload bit to carry on
forwarding transit traffic. Manual clearing of the overload bit is not always possible. What
is needed is an automated way of clearing the overload bit after some amount of time.
Most networks use a time value of 300 seconds. This 5-minute value provides a good
balance, allowing time to bring up even large internal IBGP meshes, while still relatively
quick.
Another appropriate application for setting for the overload bit is on dedicated devices
such as BGP route reflectors, which are intentionally not meant to carry any transit traffic.
In this case, you would not use the timer.
You can verify that the overload bit is set by running the show isis database command.

Options advertise-high-metrics—Advertise maximum link metrics in NLRIs instead of setting the

overload bit.
The advertise-high-metric setting is only valid while the routing device is in overload mode.
When advertise-high-metric is configured, IS-IS does not set the overload bit. Rather,
it sets the metric to 63 or 16,777,214, depending whether wide metrics are enabled.
This allows the overloaded routing device to be used for transit as a last resort.
An L1-L2 router in overload mode stops leaking route information between L1 and L2
levels and clears its attached bit. This is also true when advertise-high-metrics is
configured.
allow-route-leaking—Enable leaking of route information into the network even if the

overload bit is set.
NOTE: The allow-route-leaking option does not work if the routing device is
in dynamic overload mode. Dynamic overload can occur if the device has
exceeded its resource limits, such as the prefix limit.
external–prefixes—Enable this option to stop receiving local traffic destined to external

prefixes unless this is the only router in the network that hosts the prefix. External
prefixes are prefixes that IS-IS receives from other protocols. The overloaded router
advertises these external prefixes with a high metric to stop receiving traffic. After
the configured timeout lapses regular metric is restored to resume traffic reception.
internal-prefixes—Enable this option to stop receiving local traffic destined to internal

prefixes unless this is the only router in the network that hosts the prefix. Internal
prefixes are local IS-IS prefixes that the overloaded router advertises with a high
metric to stop receiving traffic. After the configured timeout lapses regular metric is
restored to resume traffic reception.
timeout seconds—Number of seconds at which the overloading is reset.

Default: 0 seconds


IS-IS Feature Guide
passive (Protocols IS-IS)
Syntax passive {
remote-node-id address;
remote-node-iso iso-id;
}

[edit logical-systems logical-system-name protocols isis interface interface-name level
level-number],
level-number]

remote-node-id address option introduced in Junos OS Release 14.2.
remote-node-iso iso-id option introduced in Junos OS Release 14.2.
Description Advertise the direct interface addresses on an interface or into a level on the interface
without actually running IS-IS on that interface or level.
This statement effectively prevents IS-IS from running on the interface. To enable IS-IS
on an interface, include the interface statement at the [edit protocols isis] or the [edit
routing-instances routing-instance-name protocols isis] hierarchy level. To disable it,
include the disable statement at those hierarchy levels. The three states—enabling,
disabling, or not running IS-IS on an interface—are mutually exclusive.
NOTE: Configuring IS-IS on a loopback interface automatically renders it as

a passive interface, irrespective of whether the passive statement was used
in the configuration of the interface.
If neither passive mode nor the family iso option is configured on the IS-IS interface, then
the routing device treats the interface as not being operational, and no direct IPv4/IPv6
routes are exported into IS-IS. (You configure the family iso option at the [edit interfaces
interface-name unit logical-unit-number] hierarchy level.)

Default By default, IS-IS must be configured on an interface or a level for direct interface addresses
to be advertised into that level.
Options remote-node-id address—IP address of the remote link.
remote-node-iso iso-id—ISO ID of the remote node.
NOTE: The options remote-node-id address and remote-node-iso iso-id do not

apply under the [edit routing-instances routing-instance-name protocols isis]
hierarchy level.


• disable on page 474

IS-IS Feature Guide
per-interface-per-member-link
Syntax per-interface-per-member-link (egress egress-interface | ingress ingress-interface);
Hierarchy Level [edit protocols isis source-packet-routing sensor-based-stats],
Release Information Statement introduced in Junos OS Release 17.4R1 on MX Series routers.

Statement introduced in Junos OS Release 18.1R1 on PTX Series routers.
Description Configure sensor-based statistics per interface.
Sensor-based statistics is the traffic statistics in a segment routing (SR) network that
can be recorded in an OpenConfig compliant format for Layer 3 interfaces. The statistics
is recorded for the Source Packet Routing in Networking (SPRING) traffic only, excluding
RSVP and LDP-signaled traffic, and the family MPLS statistics per interface is accounted
for separately. The SR statistics also includes SPRING traffic statistics per link aggregation
group (LAG) member, and per segment identifier (SID).
Options egress egress-interface—Enable sensor based statistics on the egress interface.
ingress ingress-interface—Enable sensor based statistics on the ingress interface.
NOTE: On PTX Series Routers, the sensor based statistics for SPRING
traffic is recorded at the ingress interface only.

Level
Related • Understanding Source Packet Routing in Networking (SPRING) on page 289

Documentation

per-sid
Syntax per-sid {
egress;
ingress;
}
Hierarchy Level [edit protocols isis source-packet-routing sensor-based-stats],

egress option introduced in Junos OS Release 19.1R1 on MX Series routers with MPC and
MIC interfaces, and PTX series routers.
Description Configure sensor based statistics per Source Packet Routing in Networking (SPRING)
route.
Sensor-based statistics is the traffic statistics in a segment routing (SR) network that
can be recorded in an OpenConfig compliant format for Layer 3 interfaces. The statistics
is recorded for SPRING traffic only, excluding RSVP and LDP-signaled traffic, and the
family MPLS statistics per interface is accounted for separately. The SR statistics also
includes SPRING traffic statistics per link aggregation group (LAG) member, and per
segment identifier (SID).
Options egress—Enable sensor based statistics for IP-MPLS egress accounting. This is supported
only for segment routing label IS-IS egress routes at the ingress provider edge (PE)
device.
ingress ingress—Enable sensor based statistics for per-sid ingress accounting.

Level

Documentation

IS-IS Feature Guide
point-to-point
Syntax point-to-point;


Description Configure an IS-IS interface to behave like a point-to-point connection.
You can use the point-to-point statement to configure a LAN interface to act like a
point-to-point interface for IS-IS. You do not need an unnumbered LAN interface, and it
has no effect if configured on an interface that is already point-to-point.
The point-to-point statement affects only IS-IS protocol procedures on that interface.
All other protocols continue to treat the interface as a LAN interface. Only two IS-IS
routing devices can be connected to the LAN interface, and both must be configured as
point-to-point.



Documentation
• Understanding IS-IS Designated Routers on page 29

post-convergence-lfa
Syntax post-convergence-lfa <fate-sharing-protection fate-sharing-protection> <node-protection

<cost cost>;
Hierarchy Level [edit logical-systems name protocols isis interface name level number],
[edit logical-systems name routing-instances name protocols isis interface name level
number],
[edit protocols isis interface name level number ],
[edit routing-instances name protocols isis interface name level number]
Series.
Description Configure backup paths along post-convergence on this interface.
Options fate-sharing-protection—Enable fate-sharing protection. A list of fate-sharing groups

are configured on each point of local repair (PLR) with the links in each fate-sharing
group identified by their respective IP addresses. The PLR associates a cost with
each fate-sharing group. The fate-sharing-aware post-convergence path is computed
by assuming that the cost of each link in the same fate-sharing group as the failed
link has increased the cost associated with that group.
The remaining statements are explained separately. Search for a statement in CLI Explorer
or click a linked statement in the Syntax section for details.

Level


IS-IS on page 335

IS-IS Feature Guide
preference (Protocols IS-IS)
Syntax preference preference;


Description Configure the preference of internal routes.
Route preferences (also known as administrative distances) are used to select which
route is installed in the forwarding table when several protocols calculate routes to the
same destination. The route with the lowest preference value is selected.
To change the preference values, include the preference statement (for internal routes)
or the external-preference statement.
Options preference—Preference value.

32
Range: 0 through 4,294,967,295 (2 – 1)
Default: 15 (for Level 1 internal routes), 18 (for Level 2 internal routes), 160 (for Level 1
external routes), 165 (for Level 2 external routes)

Related • Route Preferences Overview

Documentation

• external-preference on page 476

prefix-export-limit (Protocols IS-IS)
Syntax prefix-export-limit number;


Description Configure a limit to the number of prefixes exported into IS-IS.
By default, there is no limit to the number of prefixes that can be exported into IS-IS. To
configure a limit to the number of prefixes that can be exported into IS-IS, include the
prefix-export-limit statement. The prefix-export-limit statement protects the rest of the
network from a malicious policy by applying a threshold filter for exported routes.
The number of prefixes depends on the size of your network. Good design advice is to
set it to double the total number of IS-IS Level 1 and Level 2 routing devices in your
network.
If the number of prefixes exported into IS-IS exceeds the configured limit, the overload
bit is set and the overload state is reached. When other routers detect that this bit is set,
they do not use this routing device for transit traffic, but they do use it for packets destined
to the overloaded routing device’s directly connected networks and IP prefixes. The
overload state can be cleared by using the clear isis overload command.
The show isis overview command displays the prefix export limit when it is configured.
Options number—Prefix limit.

32
Range: 0 through 4,294,967,295 (2 – 1)
Default: None

Related • Example: Redistributing OSPF Routes into IS-IS on page 87

Documentation

IS-IS Feature Guide

prefix-segment
Syntax prefix-segment {
index index;
node-segment;
}
Hierarchy Level [edit policy-options policy-statement policy-name term term-name then]

[edit protocols ospf source-packet-routing]
Release Information Statement introduced in Junos OS Release 17.2 for the MX Series routers, PTX Series
routers, QFX5100 switches, and QFX10000 switches.
Statement introduced in Junos OS Release 17.3R1 for the QFX5110 and QFX5200 switches.
Statement introduced under [edit protocols ospf source-packet-routing] hierarchy in
Junos OS Release 19.1R1 for MX Series.
Description Configure prefix segment attributes such as index and node segment. Prefix segment
index is the index assigned to a specific prefix. This is used by all other remote routers in
the network to index the prefix into respective segment routing global blocks (SRGB) to
derive the segment identifier and to forward the traffic destined for the current prefix.
Prefix segment index is provisioned through policy for each prefix along with the option
to mark it as a node segment.
index index—Specify the prefix segment index

node-segment—Set node segment flag for this prefix segment.



priority (Protocols IS-IS)
Syntax priority number;
level-number],
level-number]

Description Configure the interface’s priority for becoming the designated router. The interface with
the highest priority value becomes that level’s designated router.
The priority value is meaningful only on a multiaccess network. It has no meaning on a

point-to-point interface.
A routing device advertises its priority to become a designated router in its hello packets.
On all multiaccess networks, IS-IS uses the advertised priorities to elect a designated
router for the network. This routing device is responsible for sending network link-state
advertisements, which describe all the routing devices attached to the network. These
advertisements are flooded throughout a single area.
A routing device’s priority for becoming the designated router is indicated by an arbitrary
number from 0 through 127. Routing devices with a higher value are more likely to become
the designated router.
Options number—Priority value.

Default: 64

Related • Example: Configuring IS-IS Designated Routers

Documentation

IS-IS Feature Guide
protocols
Syntax protocols {
bgp {
... bgp-configuration ...
}
isis {
... isis-configuration ...
}
ldp {
... ldp-configuration ...
}
mpls {
... mpls -configuration ...
}
msdp {
... msdp-configuration ...
}
mstp {
... mstp-configuration ...
}
ospf {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
<advertise-unnumbered-interfaces>;
<credibility-protocol-preference>;
ignore-lsp-metrics;
no-topology;
shortcuts {
lsp-metric-into-summary;
}
}
... ospf-configuration ...
}
ospf3 {
domain-id domain-id;
domain-vpn-tag number;
route-type-community (iana | vendor);
<advertise-unnumbered-interfaces>;
<credibility-protocol-preference>;
ignore-lsp-metrics;
no-topology;
shortcuts {
lsp-metric-into-summary;
}
}
... ospf3-configuration ...
}

pim {
... pim-configuration ...
}
rip {
... rip-configuration ...
}
ripng {
... ripng-configuration ...
}
rstp {
rstp-configuration;
}
rsvp{
... rsvp-configuration ...
}
vstp {
vstp configuration;
}
vpls {
vpls configuration;
}
}
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],

[edit routing-instances routing-instance-name]

Support for RIPng introduced in Junos OS Release 9.0.
mpls and rsvp options added in Junos OS Release 15.1.
Description Specify the protocol for a routing instance. You can configure multiple instances of many
protocol types. Not all protocols are supported on the switches. See the switch CLI.

IS-IS Feature Guide
Options bgp—Specify BGP as the protocol for a routing instance.
isis—Specify IS-IS as the protocol for a routing instance.
ldp—Specify LDP as the protocol for a routing instance or for a virtual router instance.
l2vpn—Specify Layer 2 VPN as the protocol for a routing instance.
mpls—Specify MPLS as the protocol for a routing instance.
msdp—Specify the Multicast Source Discovery Protocol (MSDP) for a routing instance.
mstp—Specify the Multiple Spanning Tree Protocol (MSTP) for a virtual switch routing
instance.
ospf—Specify OSPF as the protocol for a routing instance.
ospf3—Specify OSPF version 3 (OSPFv3) as the protocol for a routing instance.
NOTE: OSPFv3 supports the no-forwarding, virtual-router, and vrf routing

instance types only.
pim—Specify the Protocol Independent Multicast (PIM) protocol for a routing instance.
rip—Specify RIP as the protocol for a routing instance.
ripng—Specify RIP next generation (RIPng) as the protocol for a routing instance.
rstp—Specify the Rapid Spanning Tree Protocol (RSTP) for a virtual switch routing
instance.
rsvp—Specify the RSVP for a routing instance.
vstp—Specify the VLAN Spanning Tree Protocol (VSTP) for a virtual switch routing
instance.
vpls—Specify VPLS as the protocol for a routing instance.

Related • Example: Configuring Multiple Routing Instances of OSPF

Documentation

purge-originator
Syntax purge-originator {
empty|self;
}
Hierarchy Level [edit protocols isis level level-number] ,

{edit logical-systems logical-system-name protocols isis level level-number]
Release Information Statement introduced in Junos OS Release 15.1 F4 and 16.2R1 for the MX Series and PTX
Series.
Description Enable purge originator identification (POI) by adding the type, length and value (TLV)
with the Intermediate System (IS) identification to the LSPs that do not contain POI
information. If an IS generates a purge, Junos adds this TLV with the system ID of the IS
to the purge.
If an IS receives a purge that does not include this TLV, it adds this TLV with both its own
system ID and the system ID of the IS from which it received the purge. This allows the
IS that receives this purge to log the system ID of the originator, or the upstream source
of the purge and makes it easier to locate the origin of the purge.
Options empty—(Optional) Add POI to a purge received from an IS that does not contain POI
information
self—(Optional) Add POI only to self-originated purge LSPs

Related • show isis overview on page 692

Documentation
• show isis purge log on page 697
• IS-IS Purge Originator Identification Overview on page 409

IS-IS Feature Guide
reference-bandwidth (Protocols IS-IS)
Syntax reference-bandwidth reference-bandwidth;

isis],

Description Optimize routing based on bandwidth by setting the reference bandwidth used in
calculating the default interface cost.
All IS-IS interfaces have a cost, which is a routing metric that is used in the IS-IS link-state
calculation. Routes with lower total path metrics are preferred over those with higher
path metrics. When there are several equal-cost routes to a destination, traffic is
distributed equally among them. Tweak the reference bandwidth to route traffic across
the fastest interface.
The cost of a route is described by a single dimensionless metric that is determined using
the following formula:
cost = reference-bandwidth/bandwidth
For example, if you set the reference bandwidth to 1 Gbps (that is, reference-bandwidth
is set to 1,000,000,000), a 100-Mbps interface has a routing metric of 10.
All IS-IS interfaces have a cost, which is a routing metric that is used in the IS-IS link-state
calculation. Routes with lower total path metrics are preferred over those with higher
path metrics. By default, IS-IS has a metric of 10. Modify the configured reference
bandwidth to increase the cost of an interface in order to avoid a slow route or you can
modify the reference bandwidth value to decrease the cost of a preferred interface. A
route that has a lower cost is selected over a high cost route. Note that fractional metric
values are not allowed. Therefore, if you configure a reference bandwidth that is higher
than the actual bandwidth, which results in a fractional metric value then IS-IS takes the
metric value as 1 because fractional metric values are not allowed.
Options reference-bandwidth—Reference bandwidth value in bits per second.

Range: 9600 through 1,000,000,000,000 bps
Default: None



Documentation
• https://www.juniper.net/us/en/training/certification/JNCIP_studyguide.pdf
remote-backup-calculation
Syntax remote-backup-calculation;
Hierarchy Level [edit logical-systems logical-system-name protocols isis backup-spf-options],

Description Determine the remote LFA backup paths from the point of local repair (PLR) in an IS-IS
network. For every protected link on the PLR, Junos OS creates a dynamic LDP
label-switched path to reach the remote LFA node. When the primary link fails, the PLR
uses these remote LFA backup paths to reach all the destinations reachable via the
primary-link.

Documentation
• backup-spf-options on page 461

IS-IS Feature Guide
rib-group (Protocols IS-IS)
Syntax rib-group {
inet group-name;
inet6 group-name;
}

isis],

Description Install routes learned from IS-IS routing instances into routing tables in the IS-IS routing
table group. You can install IPv4 routes or IPv6 routes.
Support for IPv6 routing table groups in IS-IS enables IPv6 routes that are learned from
IS-IS routing instances to be installed into other routing tables defined in an IS-IS routing
table group.
Options group-name—Name of the routing table group.
inet—Install IPv4 IS-IS routes.
inet6—Install IPv6 IS-IS routes.

Related • Example: Exporting Specific Routes from One Routing Table Into Another Routing Table
Documentation
• Example: Importing Direct and Static Routes Into a Routing Instance
• Configuring BGP Routing Table Groups

routing-instances (Multiple Routing Entities)
Syntax routing-instances routing-instance-name { ... }
Hierarchy Level [edit],

[edit logical-systems logical-system-name]

remote-vtep-v6-list statement introduced in Junos OS Release 17.3 for MX Series routers
with MPC and MIC interfaces.
Description Configure an additional routing entity for a router. You can create multiple instances of
BGP, IS-IS, OSPF, OSPFv3, and RIP for a router. You can also create multiple routing
instances for separating routing tables, routing policies, and interfaces for individual
wholesale subscribers (retailers) in a Layer 3 wholesale network.
Each routing instance consist of the following:
• A set of routing tables
• A set of interfaces that belong to these routing tables
• A set of routing option configurations
Each routing instance has a unique name and a corresponding IP unicast table. For
example, if you configure a routing instance with the name my-instance, its corresponding
IP unicast table is my-instance.inet.0. All routes for my-instance are installed into
my-instance.inet.0.
Routes are installed into the default routing instance inet.0 by default, unless a routing
instance is specified.
In Junos OS Release 9.0 and later, you can no longer specify a routing-instance name of
master, default, or bgp or include special characters within the name of a routing instance.
In Junos OS Release 9.6 and later, you can include a slash (/) in a routing-instance name
only if a logical system is not configured. That is, you cannot include the slash character
in a routing-instance name if a logical system other than the default is explicitly configured.
Routing-instance names, further, are restricted from having the form __.*__ (beginning
and ending with underscores). The colon : character cannot be used when multitopology
routing (MTR) is enabled.
Default Routing instances are disabled for the router.
Options routing-instance-name——Name of the routing instance. This must be a non-reserved

string of not more than 128 characters.
remote-vtep-list—Configure static remote VXLAN tunnel endpoints.

IS-IS Feature Guide
remote-vtep-v6-list—Configure static IPv6 remote VXLAN tunnel endpoints.

Related • Example: Configuring Interprovider Layer 3 VPN Option A

Documentation
• Example: Configuring Interprovider Layer 3 VPN Option B
• Example: Configuring Interprovider Layer 3 VPN Option C
sensor-based-stats (Protocols IS-IS)
Syntax sensor-based-stats (per-interface-per-member-link |per-sid);
Hierarchy Level [edit protocols isis source-packet-routing],
Description Configure traffic statistics in a segment routing (SR) network that can be recorded in an
OpenConfig compliant format for Layer 3 interfaces. The statistics is recorded for the
Source Packet Routing in Networking (SPRING) traffic only, excluding RSVP and
LDP-signaled traffic, and the family MPLS statistics per interface is accounted for
separately. The SR statistics also includes SPRING traffic statistics per link aggregation
group (LAG) member, and per segment identifier (SID).

Level

Documentation
• sensor (Junos Telemetry Interface)
• sensor-based-stats (Junos Telemetry Interface)

shortcuts (Protocols IS-IS)
Syntax shortcuts {
}
Hierarchy Level [edit logical-systems logical-system-name protocols isis traffic-engineering family (inet |
inet6)],
isis traffic-engineering family (inet | inet6)],
[edit protocols isis traffic-engineering family (inet | inet6)],
[edit routing-instances routing-instance-name protocols isis traffic-engineering family (inet
| inet6)]

The family statement and support for IPv6 routes for IS-IS traffic engineering shortcuts
introduced in Junos OS Release 9.3.
Description Configure IS-IS to use MPLS label-switched paths (LSPs) as next hops if possible when
installing routing information into the inet.3 or inet6.3 routing table. Internal gateway
protocol (IGP) shortcuts allow the IGP to install prefixes in inet.3 or inet6.3.
It is only necessary to enable IGP shortcuts on the ingress router because that is the router
performing the shortest-path-first (SPF) calculations.
It is important to understand how IGP shortcuts affect the protocol and routing table
relationship. The IGP performs SPF calculations to subnets downstream of LSP egress
points, but the results of these calculations are entered into the inet.3 table only. At the
same time, the IGP performs its traditional SPF calculations and enters the results of
these calculations into the inet.0 table. The result is that although the IGP is making
entries into the inet.3 table, BGP is still the only protocol with visibility into that table for
the purposes of route resolution. Therefore, forwarding to AS-internal destinations still
uses the inet.0 IGP routes, and the LSPs are only used for BGP next-hop resolution. If
you want the LSPs to be used for IGP next-hop resolution, you must configure
traffic-engineering bgp-igp.
The remaining statement is explained separately. See CLI Explorer.


Documentation
• traffic-engineering (Protocols IS-IS) on page 588
• traffic-engineering (Protocols MPLS)

IS-IS Feature Guide
spf-options (Protocols IS-IS)
Syntax spf-options {
delay milliseconds;
holddown milliseconds;
rapid-runs number;
}

isis],

Description Configure options for running the shortest-path-first (SPF) algorithm.
Running the SPF algorithm is usually the beginning of a series of larger system-wide
events. For example, the SPF algorithm can lead to interior gateway protocol (IGP) prefix
changes, which then lead to BGP nexthop resolution changes. Consider what happens
if there are rapid link changes in the network. The local routing device can become
overwhelmed. This is why it sometimes makes sense to throttle the scheduling of the
SPF algorithm.
You can configure the following SPF options:
• The delay in the time between the detection of a topology change and when the SPF
algorithm actually runs.
• The maximum number of times that the SPF algorithm can run in succession before
the hold-down timer begins.
• The time to hold down, or wait, before running another SPF calculation after the SPF
algorithm has run in succession the configured maximum number of times.
If the network stabilizes during the hold-down period and the SPF algorithm does not
need to run again, the system reverts to the configured values for the delay and rapid-runs
statements.
Options delay milliseconds—Time interval between the detection of a topology change and when
the SPF algorithm runs.
Range: 50 through 1000 milliseconds

holddown milliseconds—Time interval to hold down, or wait before a subsequent SPF

algorithm runs after the SPF algorithm has run the configured maximum number of
times in succession.
Range: 2000 through 10,000 milliseconds
rapid-runs number—Maximum number of times the SPF algorithm can run in succession.
After the maximum is reached, the holddown interval begins.
Range: 1 through 5
Default: 3


Documentation

IS-IS Feature Guide
static-host-mapping
Syntax static-host-mapping {
hostname {
alias [ aliases ];
inet [ addresses ];
inet6 [ addresses];
sysid system-identifier;
}
}
Hierarchy Level [edit system]
Description (Optional) Statically map a hostname to one or more IP addresses and aliases, and
configure an International Organization for Standardization (ISO) system identifier
(system ID).
Default If you do not statically map the hostname, the mapping is generated dynamically, based
on the system configuration. For instance, if you omit the static-host-mapping hostname
sysid statement, the IS-IS system ID is dynamically generated from the host portion of
the ISO address configured on the loopback interface (lo0) and is mapped to the
host-name statement configured at the [edit system] hierarchy level.
Options alias alias—Alias for the hostname.
hostname—Fully qualified hostname.
inet address—IP address. You can specify one or more IP addresses for the host.
sysid system-identifier—ISO system identifier (system ID). This is the 6-byte portion of
the Intermediate System-to-Intermediate System (IS-IS) network service access
point (NSAP). We recommend that you use the host’s IP address represented in
binary-coded decimal (BCD) format. For example, the IP address 208.197.169.18 is
2081.9716.9018 in BCD.
Required Privilege system—To view this statement in the configuration.

Level system-control—To add this statement to the configuration.
Related • Configuring the Hostname of a Router or Switch by Using a Configuration Group

Documentation

source-packet-routing-disable (Protocols IS-IS)
Syntax source-packet-routing {
disable;
}

Statement introduced in Junos OS Release 17.2R1 for QFX5100, QFX5110, and QFX10000
switches.
Statement introduced in Junos OS Release 18.4R1 for ACX5448 routers.
Description Disable source packet routing in networking (SPRING) feature at a specific level.
Default Enabled, if source-packet-routing is configured globally at:
[edit logical-systems logical-system-name protocols isis],

protocols isis],


Documentation

IS-IS Feature Guide
source-packet-routing (Protocols IS-IS and OSPF)
Syntax source-packet-routing {
adjacency-segment {
hold-time hold-time;
}
disable;
explicit-null;
node-segment {
ipv4-index index;
ipv6-index index;
}
srgb {
start-label start-label;
}
}

isis],
[edit logical-systems logical-system-name protocols isis level level-number],
[edit logical-systems logical-system-name protocols ospf],
ospf],
[edit protocols ospf],
[edit routing-instances routing-instance-name protocols ospf]
[edit logical-systems logical-system-name protocols ospf area-number],
ospf area-number],
[edit protocols ospf area-number],
[edit routing-instances routing-instance-name protocols ospf area-number]
Statement introduced in Junos OS Release 17.2R1 for QFX5100 switches and QFX10000
switches.
Support for explicit-null and adjacency-segment statements introduced in Junos OS
Release 17.2R1 for MX Series routers, PTX Series routers, QFX5100 switches and QFX10000
switches.

Description Enable source packet routing in networking (SPRING) feature on IS-IS levels or OSPF
areas.
NOTE: Source packet routing for IPv6 is supported only for IS-IS. The
adjacency-segment, explicit-null, and srgb statements are supported only for
IS-IS.
Default Disabled.
Options disable—Disable source packet routing from a specific level.
explicit-null—Configure E and P bits in all prefix segment identifier (SID) advertisements.
Required Privilege routing— To view this statement in the configuration.

Level routing-control— To add this statement to the configuration.

Documentation
SPRING on page 293

IS-IS Feature Guide
srgb
Syntax srgb {
start-label start-label-value;
index-range index range-value;
}

[edit routing-instances name protocols isis source-packet-routing]
Release Information Statement introduced in Junos OS Release 17.2 for the MX Series routers in Enhanced-IP
mode, PTX Series routers, QFX5100 switches, and QFX10000 switches.
Statement introduced in Junos OS Release 17.3 for QFX5110 and QFX5200 switches.
Description Configure the segment routing global block (SRGB) in source packet routing in networking
(SPRING) or segment routing (SR). The SRGB label range is based on the start label and
the index range. The value of the start label indicates the start of the label range, and
the value of the index range along with the value of the start label indicate the end of
the label range.
Options index-range index-range-value—Index range of the SRGB label block.

start-label start-label-value—Start of the SRGB label block.



on page 325

te-metric (Protocols IS-IS)
Syntax te-metric metric;
level-number],
level-number]
Description Set the metric value used by traffic engineering for information injected into the traffic
engineering database. The value of the traffic engineering metric does not affect normal
IS-IS forwarding.
When traffic engineering is enabled on the routing device, you can use this statement to
configure an IS-IS metric that is used exclusively for traffic engineering.

Default: Value of the IGP metric


Documentation
• metric on page 527

IS-IS Feature Guide
topologies (Protocols IS-IS)
Syntax topologies {
ipv4-multicast;
ipv6-multicast;
ipv6-unicast;
}

isis],

Description Configure alternate IS-IS topologies.

Documentation
• Example: Configuring IS-IS Multicast Topology on page 155

traceoptions (Protocols IS-IS)
Syntax traceoptions {
file name <size size> <files number> <world-readable | no-world-readable>;
flag flag <flag-modifier> <disable>;
}

isis],

Description Configure IS-IS protocol-level tracing options. To specify more than one tracing operation,
include multiple flag statements.
NOTE: The traceoptions statement is not supported on QFabric systems.
Default The default IS-IS protocol-level tracing options are those inherited from the routing
protocols traceoptions statement included at the [edit routing-options] hierarchy level.
Options disable—(Optional) Disable the tracing operation. You can use this option to disable a
single operation when you have defined a broad group of tracing operations, such
as all.
file name—Name of the file to receive the output of the tracing operation. Enclose the
name within quotation marks (“ ”). All files are placed in the directory /var/log. We
recommend that you place IS-IS tracing output in the file isis-log.
files number—(Optional) Maximum number of trace files. When a trace file named
trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1, and
so on, until the maximum number of trace files is reached. Then, the oldest trace file
is overwritten.
If you specify a maximum number of files, you also must specify a maximum file size with
the size option.
Range: 2 through 1000 files
Default: 10 files

IS-IS Feature Guide
flag flag—Tracing operation to perform. To specify more than one flag, include multiple
flag statements.
IS-IS Protocol-Specific Tracing Flags
• csn—Complete sequence number PDU (CSNP) packets
• error—Errored IS-IS packets
• graceful-restart—Graceful restart operation
• hello—Hello packets
• layer2-map—Mapped ARP or neighbor discovery next hops in the kernel
• ldp-synchronization—Synchronization between IS-IS and LDP
• lsp—Link-state PDUs
• lsp-generation—Link-state PDU generation packets
• packets—All IS-IS protocol packets
• psn—Partial sequence number PDU (PSNP) packets
• spf—Shortest-path-first calculations
Global Tracing Flags
• all—All tracing operations
• general—A combination of the normal and route trace operations
• normal—All normal operations, including adjacency changes
Default: If you do not specify this option, only unusual or abnormal operations are traced.
• policy—Policy operations and actions
• route—Routing table changes
• state—State transitions
• task—Routing protocol task processing
• timer—Routing protocol timer processing
flag-modifier—(Optional) Modifier for the tracing flag. You can specify one or more of
these modifiers:
• detail—Provide detailed trace information.
• receive—Trace the packets being received.
• send—Trace the packets being transmitted.
no-world-readable—(Optional) Prevent any user from reading the log file.

size size—(Optional) Maximum size of each trace file, in kilobytes (KB), megabytes (MB),
or gigabytes (GB). When a trace file named trace-file reaches this size, it is renamed
trace-file.0. When the trace-file again reaches its maximum size, trace-file.0 is renamed
trace-file.1 and trace-file is renamed trace-file.0. This renaming scheme continues
until the maximum number of trace files is reached. Then, the oldest trace file is
overwritten. Note that if you specify a maximum file size, you also must specify a
maximum number of trace files with the files option.
Syntax: xk to specify KB, xm to specify MB, or xg to specify GB
Range: 10 KB through the maximum file size supported on your system
Default: 128 KB
world-readable—(Optional) Allow any user to read the log file.
Required Privilege routing and trace—To view this statement in the configuration.
Level routing-control and trace-control—To add this statement to the configuration.
• Example: Enabling Packet Checksums on IS-IS Interfaces for Error Checking on page 42

• Understanding Checksums on IS-IS Interfaces for Error Checking on page 41

IS-IS Feature Guide
traffic-engineering (Protocols IS-IS)
Syntax traffic-engineering {
disable;
credibility-protocol-preference;
igp-topology;
family inet {
shortcuts {
}
}
family inet-mpls {
shortcuts;
}
family inet6 {
shortcuts;
}
family inet6-mpls {
shortcuts;
}
multipath {
lsp-equal-cost;
}
}


Support for the family statement introduced in Junos OS Release 9.3.
Support for the credibility-protocol-preference statement introduced in Junos OS Release
9.4.
Support for the multipath statement introduced in Junos OS Release 9.6.
Support for the lsp-equal-cost statement introduced in Junos OS Release 9.6.
for MX Series, PTX Series, QFX5100 switches, and QFX10000 line switches.
for QFX5110 and QFX5200 switches.
Support for igp-topology statement introduced in Junos OS Release 17.4R1 for MX Series,
and PTX Series.
Description Configure traffic engineering properties for IS-IS.
IS-IS always performs shortest-path-first (SPF) calculations to determine next hops.

For prefixes reachable through a particular next hop, IS-IS places that next hop for that
prefix in the inet.0 routing table. In addition, for routers running MPLS, IS-IS installs the
prefix for IPv4 routes in the inet.3 routing table as well. The inet.3 table, which is present

on the ingress router, contains the host address of each MPLS label-switched path (LSP)
egress router. BGP uses this routing table to resolve next-hop addresses.
If you enable IS-IS traffic engineering shortcuts and if there is a label-switched path to
a point along the path to that prefix, IS-IS installs the prefix in the inet.3 routing table
and uses the LSP as a next hop. The net result is that for BGP egress routers for which
there is no LSP, BGP automatically uses an LSP along the path to reach the egress router.
In Junos OS Release 9.3 and later, IS-IS traffic engineering shortcuts support IPv6 routes.
LSPs to be used for shortcuts continue to be signaled using IPv4. However, by default,
shortcut routes calculated through IPv6 routes are added to the inet6.3 routing table.
The default behavior is for only BGP to use LSPs in its calculations. If you configure MPLS
so that both BGP and interior gateway protocols use LSPs for forwarding traffic, shortcut
routes calculated through IPv6 are added to the inet6.0 routing table. IS-IS ensures that
the IPv6 routes running over the IPv4 MPLS LSP are correctly de-encapsulated at the
tunnel egress by pushing an extra IPv6 explicit null label between the IPv6 payload and
the IPv4 transport label.
RSVP LSPs with a higher preference than IS-IS routes are not considered during the
computation of traffic engineering shortcuts.
To configure IS-IS so that it uses LSPs as shortcuts when installing information in the
inet.3 or inet6.3 routing table, include the following statements:
family inet {
shortcuts {
}
}
family inet6 {
shortcuts;
}
For IPv4 traffic, include the inet statement. For IPv6 traffic, include the inet6 statement.
To configure IPv4 MPLS or IPv6 MPLS shortcuts explicitly for segment routing, include
the inet-mpls statement for IPv4 MPLS traffic and the inet6-mpls statement for IPv6
MPLS traffic.
To configure load balancing across multiple LSPs, include the multipath statement.
When traffic engineering shortcuts are used, RSVP first looks at the metric2 value, which
is derived from the IGP cost. After this, RSVP considers the LSP metric value. So, if a
certain path changes for an LSP and the cost changes, not all LSPs are used to load-
balance the network.
When a route with an improved metric is added to the IS-IS internal routing table, IS-IS
flushes all next-hop information (including LSP next-hop information) for a route. This
is undesirable, because certain equal-cost multipath (ECMP) combinations can be lost
during route calculation. To override this default behavior for load balancing, include the
lsp-equal-cost statement to retain the equal cost path information in the routing table.

IS-IS Feature Guide
multipath {
lsp-equal-cost;
}
Because the inet.3 routing table is present only on ingress routers, you can configure LSP
shortcuts only on these routers.
Default IS-IS traffic engineering support is enabled.
By default, IS-IS supports traffic engineering by exchanging basic information with the
traffic engineering database. To disable this support, and to disable IS-IS shortcuts if
they are configured, include the disable statement.

Options credibility-protocol-preference—Specify that IS-IS should use the configured protocol

preference for IGP routes to determine the traffic engineering database credibility
value. By default, the traffic engineering database prefers IS-IS routes even when
the routes of another IGP are configured with a lower, that is, more preferred value.
Use this statement to override this default behavior.
The traffic engineering database assigns a credibility value to each IGP and prefers
the routes of the IGP with the highest credibility value. In Junos OS Release 9.4 and
later, you can configure IS-IS to take protocol preference into account to determine
the traffic engineering database credibility value. When protocol preference is used
to determine the credibility value, IS-IS routes are not automatically preferred by
the traffic engineering database, depending on your configuration. For example,
OSPF routes have a default preference value of 10, whereas IS-IS Level 1 routes have
a default preference value of 15. When protocol preference is enabled, the credibility
value is determined by deducting the protocol preference value from a base value
of 512. Using default protocol preference values, OSPF has a credibility value of 502,
whereas IS-IS has a credibility value of 497. Because the traffic engineering database
prefers IGP routes with the highest credibility value, OSPF routes are now preferred.
NOTE: This feature is also supported for OSPFv2.
lsp-equal-cost—Configure LSPs to be retained as equal cost paths for load balancing

when a better path metric is found during the IS-IS internal routing table calculation.
When a route with an improved metric is added to the IS-IS internal routing table,
IS-IS flushes all next-hop information (including LSP next-hop information) for a
route. This is undesirable, because certain equal-cost multipath (ECMP) combinations
can be lost during route calculation. To override this default IS-IS behavior, include
the lsp-equal-cost statement for load balancing, so that the equal cost path
information is retained in the routing table.
multipath—Enable load balancing for multiple LSPs.
igp-topology—Download IGP topology information into the traffic engineering database

(TED). In Junos OS, the IGPs install topology information into a database called the
traffic engineering database. The traffic engineering database contains the
aggregated topology information. The IGP routes are installed by the traffic
engineering database on behalf of the corresponding IGP into a user-visible routing
table called lsdist.0, subject to route policies.


IS-IS Feature Guide
Related • Example: Enabling OSPF Traffic Engineering Support

Documentation
• traffic-engineering (OSPF)
traffic-statistics
Syntax traffic-statistics auto-bandwidth auto-bandwidth statistics-granularity per-interface

per-interface;

[edit routing-instances name protocols isis source-packet-routing]
Release Information Statement introduced in Junos OS Release 17.3R1 for the MX Series and PTX Series.
Description Enable traffic measuring on the SPRING link. RSVP-TE needs to measure the bandwidth
utilized by SPRING and estimate the available bandwidth at its disposal for traffic
engineering. Traffic statistics are collected at a configured interval. The average of the
measured SPRING bandwidth is reported to RSVP only when a set threshold is breached.
RSVP then passes on this information to the IGP for reallocation of bandwidth.
Options auto-bandwidth auto-bandwidth— Specify the name of auto bandwidth.
statistics-granularity per-interface— Specify the interface where you need to measure

traffic statistics of SPRING traffic.

Related • auto-bandwidth on page 457

Documentation

update-threshold-max-reservable
Syntax update-threshold-max-reservable update-threshold-max-reservable;
Hierarchy Level [edit logical-systems name protocols rsvp interface],

[edit logical-systems name routing-instances name protocols rsvp interface],
[edit protocols rsvp interface],
[edit routing-instances name protocols rsvp interface]
Release Information Statement introduced in Junos OS Release 17.3R1 for MX Series and PTX Series.
percent option introduced in Junos OS Release 17.4R1 for MX Series and PTX Series.
Description Configure a threshold in bits per second. When SPRING bandwidth utilization exceeds
this threshold, Resource Reservation Protocol (RSVP) reports this event to IGP and
preempts the labeled switched paths (LSPs). However, if this threshold is not exceeded,
RSVP does not make any changes to the bandwidth allocation.
Note that the changes are not applied by modifying the subscription percentage at the
[edit protocols rsvp interface interface-name] hierarchy level.
Default The default value is 0.
Options update-threshold-max-reservable—Specify a threshold value for maximum SPRING

bandwidth utilization in bits per second.
percent percent—Specify a bandwidth utilization change threshold in percentage beyond

which RSVP triggers IGP updates. When the change in bandwidth utilization from
previously advertised value is more than the percentage configured, RSVP informs
IGP about the max reservable bandwidth change.


Documentation

IS-IS Feature Guide
use-source-packet-routing (Protocols IS-IS)
Syntax use-source-packet-routing;
Hierarchy Level [edit logical-systems logical-system-name protocols isis backup-spf-options],

isis backup-spf-options],
[edit protocols isis backup-spf-options],
[edit routing-instances routing-instance-name protocols isis backup-spf-options]
Release Information Statement introduced in Junos OS Release 16.2 for the M, MX, and PTX Series.
Description Enable use of source packet routing node segment labels for computing backup paths
for normal IPv4 or IPv6 IS-IS prefixes and primary IS-IS source packet routing node
segments.


Documentation

use-post-convergence-lfa
Syntax use-post-convergence-lfa <maximum-backup-paths maximum-backup-paths>

<maximum-labels maximum-labels> ;
Hierarchy Level [edit logical-systems name protocols isis backup-spf-options],

[edit logical-systems name routing-instances name protocols isis backup-spf-options],
[edit protocols isis backup-spf-options],
[edit routing-instances name protocols isis backup-spf-options]
Series.
Description Calculate post-convergence MPLS fast reroute (FRR) backup next hops for the IS-IS
protocol using segment routing (SR). Topology-independent loop-free alternate (TI-LFA)
provides protection against link failure, node failure, and fate-sharing failures. By default,
Junos OS provides link protection. Junos OS allows you to control the maximum number
of equal-cost multipath (ECMP) backup paths installed for a given destination. Junos
OS also allows you to control the maximum number of labels in the installed backup
paths. Configure the use-source-packet-routing statement at [edit protocols isis
backup-spf-options] hierarchy level to allow the backup paths to be available for inet.0
routing table along with inet.3 routing table.
Options maximum-backup-paths—Set the maximum number of equal-cost post-convergence

backup paths to be installed. For remote LFA, the IS-IS protocol installs only one
backup path. The maximum backup path range allows you to install multiple backup
paths
Default: 1
Range: 1-8
maximum-labels—Set the maximum number of labels used to construct a

post-convergence backup path. If the backup path for a particular prefix requires
more number of labels than the configured maximum labels then the backup path
for that particular prefix is not installed.
NOTE: If the maximum-labels option is not configured, then the number

of labels that gets pushed stops at 3.
Default: 3
Range: 2-5

Level

IS-IS Feature Guide


IS-IS on page 335
use-for-post-convergence-lfa
Syntax use-for-post-convergence-lfa;
Hierarchy Level [edit logical-systems name routing-instances name routing-options fate-sharing group
group-name],
[edit logical-systems name routing-options fate-sharing group group-name],
[edit routing-instances name routing-options fate-sharing group group-name],
[edit routing-options fate-sharing group group-name]
Series.
Description Use this fate-sharing group as a constraint for the backup path computed by
topology-independent loop-free alternate (TI-LFA).
Required Privilege system

Level


IS-IS on page 335

wide-metrics-only
Syntax wide-metrics-only;


Description Configure IS-IS to generate metric values greater than 63 on a per IS-IS level basis.
Normally, IS-IS metrics can have values up to 63, and IS-IS generates two type, length,
and value (TLV) tuples, one for an IS-IS adjacency and the second for an IP prefix. To
allow IS-IS to support traffic engineering, a second pair of TLVs has been added to IS-IS,
one for IP prefixes and the second for IS-IS adjacency and traffic engineering information.
24
With these TLVs, IS-IS metrics can have values up to 16,777,215 (2 – 1).
To configure IS-IS to generate only the new pair of TLVs and thus to allow the wider
range of metric values, include the wide-metrics-only statement.
Default By default, Junos OS supports the sending and receiving of wide metrics. Junos OS allows
a maximum metric value of 63 and generates both pairs of TLVs.

Related • te-metric on page 583

Documentation

IS-IS Feature Guide

CHAPTER 17
Operational Commands
• clear bfd adaptation

• clear bfd session
• clear isis adjacency
• clear isis database
• clear isis overload
• clear isis statistics
• clear isis spring traffic-statistics
• ping clns
• restart
• show auto-bandwidth
• show bfd session
• show isis adjacency
• show isis adjacency holddown
• show isis authentication
• show isis backup coverage
• show isis backup label-switched-path
• show backup-selection
• show isis backup spf results
• show isis context-identifier
• show isis database
• show isis hostname
• show isis interface
• show isis interface-group
• show isis layer2-map
• show isis overview
• show isis purge log
• show isis route
• show isis route download priority

IS-IS Feature Guide
• show isis spf

• show isis spring interface traffic-statistics
• show isis spring sensor info
• show isis statistics
• show policy
• show policy conditions
• show route
• show route active-path
• show route advertising-protocol
• show route all
• show route best
• show route brief
• show route detail
• show route exact
• show route export
• show route extensive
• show route forwarding-table
• show route hidden
• show route inactive-path
• show route instance
• show route next-hop
• show route output
• show route protocol
• show route receive-protocol
• show route table
• show route terse
• show security keychain
• test policy
• traceroute clns

Chapter 17: Operational Commands
clear bfd adaptation
Syntax clear bfd adaptation

<all>
<address session-address>
<discriminator discr-number>
Release Information Command introduced before Junos OS Release 7.4.
Description Clear adaptation for Bidirectional Forwarding Detection (BFD) sessions. BFD is a simple
hello mechanism that detects failures in a network. Configured BFD interval timers can
change, adapting to network situations. Use this command to return BFD interval timers
to their configured values.
The clear bfd adaptation command is hitless, meaning that the command does not affect
traffic flow on the routing device.
Options all—Clear adaptation for all BFD sessions.
address session-address—(Optional) Clear adaptation for all BFD sessions matching

the specified address.
discriminator discr-number—(Optional) Clear adaptation for the local BFD session

matching the specified discriminator.
Additional Information For more information, see the description of the bfd-liveness-detection configuration
statement in the Junos Routing Protocols Configuration Guide.
Required Privilege clear

Level
Related • show bfd session on page 629

Documentation
List of Sample Output clear bfd adaptation on page 601
Output Fields When you enter this command, you are provided feedback on the status of your request.
Sample Output
clear bfd adaptation

user@host> clear bfd adaptation

IS-IS Feature Guide
clear bfd session
List of Syntax Syntax on page 602

Syntax (EX Series Switch and QFX Series) on page 602
Syntax clear bfd session

<all>
<address session-address>
<logical-system (all | logical-system-name)>
Syntax (EX Series clear bfd session

Switch and QFX <all>
Series) <address session-address>

Command introduced in Junos OS Release 12.1 for the QFX Series.
Description Drop one or more Bidirectional Forwarding Detection (BFD) sessions.
Options all—Drop all BFD sessions.
address session-address—(Optional) Drop all BFD sessions matching the specified

address.
discriminator discr-number—(Optional) Drop the local BFD session matching the specified
discriminator.
logical-system (all | logical-system-name)—(Optional) Perform this operation on all

logical systems or on a particular logical system.

Level
Related • show bfd session on page 629

Documentation
List of Sample Output clear bfd session all on page 602
Sample Output
clear bfd session all

user@host> clear bfd session all


IS-IS Feature Guide
clear isis adjacency

Syntax (EX Series Switches and QFX Series) on page 604
Syntax clear isis adjacency

<all>
<instance instance-name>
<interface interface-name>
<neighbor>
Syntax (EX Series clear isis adjacency

Switches and QFX <all>
Series) <instance instance-name>
<neighbor>

Command introduced in Junos OS Release 9.0 for EX Series switches.
all option introduced in Junos OS Release 14.2.
Description Remove entries from the IS-IS adjacency database.
Options all—Remove all entries from the adjacency database.
instance instance-name—(Optional) Clear all adjacencies for the specified routing

instance only.
interface interface-name—(Optional) Clear all adjacencies for the specified interface

only.

neighbor—(Optional) Clear adjacencies for the specified neighbor only.

Level
Related • show isis adjacency on page 640

Documentation
List of Sample Output clear isis adjacency on page 605

clear isis adjacency all on page 605

Output Fields See show isis adjacency for an explanation of output fields.
Sample Output
clear isis adjacency
The following sample output displays IS-IS adjacency database information before and
after the clear isis adjacency command is entered:
IS-IS adjacency database:

so-1/0/0.0 karakul 3 Up 26
so-1/1/3.0 1921.6800.5080 3 Up 23
so-5/0/0.0 1921.6800.5080 3 Up 19
user@host> clear isis adjacency karakul

so-1/0/0.0 karakul 3 Initializing 26
so-1/1/3.0 1921.6800.5080 3 Up 24
so-5/0/0.0 1921.6800.5080 3 Up 21
clear isis adjacency all

user@host> clear isis adjacency all

so-1/0/0.0 karakul 3 Initializing 26
so-1/1/3.0 1921.6800.5080 3 Initializing 24
so-5/0/0.0 1921.6800.5080 3 Initializing 21

IS-IS Feature Guide
clear isis database

Syntax clear isis database

<all>
<entries>
Syntax (EX Series clear isis database

Switches and QFX <all>
Series) <entries>

Command introduced in Junos OS Release 14.1X53-D20 for the OCX Series.
Command introduced in 15.1X53-D30 for QFX10002 switch.
Description Remove the entries from the IS-IS link-state database, which contains prefixes and
topology information.
Options all—Remove all entries from the IS-IS link-state database for all routing instances.
entries—(Optional) Name of the database entry.
instance instance-name—(Optional) Clear all entries for the specified routing instance.


Level
Related • show isis database on page 667

Documentation
List of Sample Output clear isis database on page 607
Output Fields See show isis database for an explanation of output fields.

Sample Output
clear isis database
The following sample output displays IS-IS link-state database information before and
after the clear isis database all command is entered:
user@host> show isis database

LSP ID Sequence Checksum Lifetime (secs)
crater.00-00 0x12 0x84dd 1139
1 LSPs
crater.00-00 0x19 0xe92c 1134
badlands.00-00 0x16 0x1454 985
carlsbad.00-00 0x33 0x220b 1015
ranier.00-00 0x2e 0xfc31 1007
1921.6800.5066.00-00 0x11 0x7313 566
1921.6800.5067.00-00 0x14 0xd9d4 939
6 LSPs
user@host> clear isis database all



IS-IS Feature Guide
clear isis overload

Syntax clear isis overload

Syntax (EX Series clear isis overload

Switches and QFX <instance instance-name>
Series)

Description Reset the IS-IS dynamic overload bit. This command can appear to not work, continuing
to display overload after execution. The bit is reset only if the root cause is corrected by
configuration remotely or locally.
When other routers detect that the overload bit is set, they do not use this routing device
for transit traffic, but they do use it for packets destined to the overloaded routing device’s
directly connected networks and IP prefixes.
Options none—Reset the IS-IS dynamic overload bit.
instance instance-name—(Optional) Reset the IS-IS dynamic overload bit for the specified
routing instance.


Level
Related • show isis database on page 667

Documentation
List of Sample Output clear isis overload on page 609
Output Fields See show isis database for an explanation of output fields.

Sample Output
clear isis overload
The following sample output displays IS-IS database information before and after the
clear isis overload command is entered:

pro3-c.00-00 0x4 0x10db 1185 L1 L2 Overload
1 LSPs
pro3-c.00-00 0x5 0x429f 1185 L1 L2 Overload
pro2-a.00-00 0x91e 0x2589 874 L1 L2

pro2-a.02-00 0x1 0xcbc 874 L1 L2
3 LSPs
user@host> clear isis overload

pro3-c.00-00 0xa 0x429e 1183 L1 L2
1 LSPs

pro3-c.00-00 0xc 0x9c39 1183 L1 L2
pro2-a.00-00 0x91e 0x2589 783 L1 L2
pro2-a.02-00 0x1 0xcbc 783 L1 L2
3 LSPs

IS-IS Feature Guide
clear isis statistics

Syntax clear isis statistics

Syntax (EX Series clear isis statistics

Series)

Description Set statistics about IS-IS traffic to zero.
Options none—Set IS-IS traffic statistics to zero for all routing instances.
instance instance-name—(Optional) Set IS-IS traffic statistics to zero for the specified
routing instance only.

Required Privilege view

Level
Related • show isis statistics on page 715

Documentation
List of Sample Output clear isis statistics on page 610
Output Fields See show isis statistics for an explanation of output fields.
Sample Output
clear isis statistics
The following sample output displays IS-IS statistics before and after the
clear isis statistics command is entered:
user@host> show isis statistics

IS-IS statistics for merino:

LSP 12793 12793 0 8666 719
IIH 116751 116751 0 118834 0
CSNP 203956 203956 0 204080 0
PSNP 7356 7350 6 8635 0
Unknown 0 0 0 0 0
Totals 340856 340850 6 340215 719

SPF runs: 1064

Purges initiated: 0
user@host> clear isis statistics

LSP 0 0 0 0 0
IIH 3 3 0 3 0
CSNP 2 2 0 4 0
PSNP 0 0 0 0 0
Unknown 0 0 0 0 0
Totals 5 5 0 7 0

SPF runs: 0
Purges initiated: 0

IS-IS Feature Guide
clear isis spring traffic-statistics
Syntax clear isis spring traffic-statistics

<all>
<interface interface>
<logical-system (all | logical-system-name>
Release Information Command introduced in Junos OS Release 17.3R1 on the MX Series and PTX Series.
Description Clear all IS-IS SPRING traffic statistics. The Packet Forwarding Engine (PFE) does not
support clearing the counters. The IS-IS routing protocol must maintain the traffic counters
corresponding to the time when clear was issued and subtract it from the next sample.
Use this command when the routing protocol process (rpd) restarts and the IS-IS time
stamps are lost. The existing clear statistics command might not clear all SPRING traffic
statistics.
Options none— Clear IS-IS SPRING traffic statistics.
all— (Optional) Clear IS-IS SPRING traffic statistics for all interfaces.
interface interface— (Optional) Clear all IS-IS SPRING traffic statistics for an interface


Level

Documentation
• show auto-bandwidth on page 626
• show isis spring interface traffic-statistics on page 712
Output Fields This command produces no output.

ping clns
Syntax ping clns host

<brief>
<count requests>
<detail>
<do-not-fragment>
<interval seconds>
<logical-system logical-system-name>
<no-resolve>
<pattern string>
<rapid>
<routing-instance routing-instance-name>
<size bytes>
<source source-address>
<ttl value>
<verbose>
<wait seconds>
Description Check the reachability of a remote Connectionless Network Service (CLNS) node. Type
Ctrl+c to interrupt a ping clns command.
Options host—IP address or hostname of the remote system to ping.
brief—(Optional) Display brief information.
count requests—(Optional) Number of ping requests to send. The range of values is 1

through 2,000,000,000. The default is an unlimited number of requests.
detail—(Optional) Include in the output the interface on which the ping reply was received.
do-not-fragment—(Optional) Set the do-not-fragment (DF) bit in the IP header of the

ping packets.
interval seconds—(Optional) How often to send ping requests. The range of values, in
seconds, is 1 through infinity. The default value is 1.
logical-system logical-system-name—(Optional) Run the command from the specified

logical system.
no-resolve—(Optional) Do not attempt to determine the hostname that corresponds

to the IP address.
pattern string—(Optional) Specify a hexadecimal fill pattern to include in the ping packet.
rapid—(Optional) Send ping requests rapidly. The results are reported in a single message,
not in individual messages for each ping request. By default, five ping requests are
sent before the results are reported. To change the number of request, include the
count option.

IS-IS Feature Guide
routing-instance routing-instance-name —(Optional) Name of the routing instance for

the ping attempt.
size bytes—(Optional) Size of ping request packets. The range of values, in bytes, is 0
through 65,468. The default value is 56, which is effectively 64 bytes because 8
bytes of ICMP header data are added to the packet.
source source-address—(Optional) IP address of the outgoing interface. This address is

sent in the IP source address field of the ping request. If this option is not specified,
the default address is usually the loopback interface.
ttl value—(Optional) Time-to-live (TTL) value to include in the ping request (IPv6). The
range of values is 0 through 255.
verbose—(Optional) Display detailed output.
wait seconds—(Optional) Maximum wait time, in seconds, after the final packet is sent.
If this option is not specified, the default delay is 10 seconds. If this option is used
without the count option, a default count of 5 packets is used.
Required Privilege network

Level
List of Sample Output ping clns on page 614
An exclamation point (!) indicates that an echo reply was received. A period (.) indicates
that an echo reply was not received within the timeout period. An x indicates that an
echo reply was received with an error code. Packets with an error code are not counted
in the received packets count. They are accounted for separately.
Sample Output
ping clns
user@host> ping clns 47.0005.9000.f800.0000.0108.0001.1921.6812.4058.00
PING 47.0005.9000.f800.0000.0108.0001.1921.6812.4058.00
(47.0005.9000.f800.0000.0108.0001.1921.6812.4058.00): 55 data bytes
64 bytes from 47.0005.9000.f800.0000.0108.0001.1921.6812.4058.00: seq=0 ttl=30
time=15.051 ms
time=10.370 ms
time=10.367 ms
--- ping statistics ---

restart

Syntax (ACX Series Routers) on page 615
Syntax (EX Series Switches) on page 615
Syntax (MX Series Routers) on page 616
Syntax (QFX Series) on page 616
Syntax (Routing Matrix) on page 616
Syntax (TX Matrix Routers) on page 617
Syntax (TX Matrix Plus Routers) on page 617
Syntax (QFX Series) on page 617
Syntax restart
<adaptive-services |ancpd-service | application-identification |audit-process |
auto-configuration |captive-portal-content-delivery |ce-l2tp-service |chassis-control |
class-of-service |clksyncd-service |database-replication|datapath-trace-service
|dhcp-service | diameter-service | disk-monitoring | dynamic-flow-capture |
ecc-error-logging | ethernet-connectivity-fault-management
|ethernet-link-fault-management |event-processing | firewall |
general-authentication-service | gracefully | iccp-service |idp-policy | immediately
|interface-control | ipsec-key-management | kernel-health-monitoring | kernel-replication
| l2-learning | l2cpd-service | l2tp-service | l2tp-universal-edge | lacp | license-service
|link-management |local-policy-decision-function |mac-validation |mib-process |
mountd-service |mpls-traceroute |mspd | multicast-snooping |named-service | nfsd-service
| packet-triggered-subscribers |peer-selection-service |pgm | pic-services-logging |
pki-service |ppp | ppp-service | pppoe | protected-system-domain-service |
redundancy-interface-process | remote-operations | root-system-domain-service | routing
<logical-system logical-system-name> | sampling | sbc-configuration-process | sdk-service
|service-deployment | services | snmp |soft |static-subscribers |statistics-service|
subscriber-management | subscriber-management-helper | tunnel-oamd |usb-control|
vrrp |web-management>
<gracefully | immediately | soft>
Syntax (ACX Series restart

Routers) <adaptive-services |audit-process | auto-configuration | autoinstallation |chassis-control |
class-of-service |clksyncd-service |database-replication| dhcp-service | diameter-service
| disk-monitoring | dynamic-flow-capture | ethernet-connectivity-fault-management |
ethernet-link-fault-management |event-processing | firewall |
general-authentication-service | gracefully | immediately |interface-control |
ipsec-key-management | l2-learning | lacp |link-management |mib-process | mountd-service
|mpls-traceroute |mspd | named-service | nfsd-service | pgm | pki-service | ppp | pppoe |
redundancy-interface-process | remote-operations | routing | sampling | sdk-service
|secure-neighbor-discovery | service-deployment | services | snmp |soft | statistics-service|
subscriber-management | subscriber-management-helper | tunnel-oamd | vrrp>
Syntax (EX Series restart

Switches) <autoinstallation | chassis-control | class-of-service | database-replication | dhcp |
dhcp-service | diameter-service | dot1x-protocol | ethernet-link-fault-management |
ethernet-switching | event-processing | firewall | general-authentication-service |

IS-IS Feature Guide
interface-control | kernel-health-monitoring | kernel-replication | l2-learning | lacp |

license-service | link-management | lldpd-service | mib-process | mountd-service |
multicast-snooping | pgm | redundancy-interface-process | remote-operations | routing |
secure-neighbor-discovery | service-deployment | sflow-service | snmp | vrrp |
web-management>
Syntax (MX Series restart

Routers) <adaptive-services | ancpd-service | application-identification | audit-process |
auto-configuration | bbe-stats-service | captive-portal-content-delivery | ce-l2tp-service
| chassis-control | class-of-service | clksyncd-service | database-replication |
datapath-trace-service | dhcp-service | diameter-service | disk-monitoring |
dynamic-flow-capture | ecc-error-logging | ethernet-connectivity-fault-management |
ethernet-link-fault-management | event-processing | firewall |
general-authentication-service | gracefully | iccp-service | idp-policy | immediately
|interface-control | ipsec-key-management |kernel-health-monitoring | kernel-replication
| l2-learning | l2cpd-service | l2tp-service | l2tp-universal-edge | lacp | license-service |
link-management | local-policy-decision-function | mac-validation | mib-process |
mountd-service | mpls-traceroute | mspd | multicast-snooping |named-service | nfsd-service
| packet-triggered-subscribers |peer-selection-service | pgm | pic-services-logging |
pki-service | ppp | ppp-service | pppoe | protected-system-domain-service |
redundancy-interface-process | remote-operations | root-system-domain-service | routing
| routing <logical-system logical-system-name> | sampling | sbc-configuration-process |
sdk-service | service-deployment | services | snmp |soft |static-subscribers
|statistics-service| subscriber-management | subscriber-management-helper | tunnel-oamd
| usb-control | vrrp | web-management>
<all-members>
<local>
<member member-id>
Syntax (QFX Series) restart

<adaptive-services | audit-process | chassis-control | class-of-service | dialer-services |
diameter-service | dlsw | ethernet-connectivity | event-processing | fibre-channel | firewall
| general-authentication-service | igmp-host-services | interface-control |
ipsec-key-management | isdn-signaling | l2ald | l2-learning | l2tp-service | mib-process |
named-service | network-access-service | nstrace-process | pgm | ppp | pppoe |
redundancy-interface-process | remote-operations |logical-system-name> | routing |
sampling |secure-neighbor-discovery | service-deployment | snmp | usb-control |
web-management>
Syntax (Routing restart

Matrix) <adaptive-services | audit-process | chassis-control | class-of-service | disk-monitoring |
dynamic-flow-capture | ecc-error-logging | event-processing | firewall | interface-control
| ipsec-key-management | kernel-replication | l2-learning | l2tp-service | lacp |
link-management | mib-process | pgm | pic-services-logging | ppp | pppoe |
redundancy-interface-process | remote-operations | routing <logical-system
logical-system-name> | sampling | service-deployment | snmp>
<all | all-lcc | lcc number>

Syntax (TX Matrix restart

Routers) <adaptive-services | audit-process | chassis-control | class-of-service | dhcp-service |
diameter-service | disk-monitoring | dynamic-flow-capture | ecc-error-logging |
event-processing | firewall | interface-control | ipsec-key-management | kernel-replication
| l2-learning | l2tp-service | lacp | link-management | mib-process |pgm | pic-services-logging
| ppp | pppoe | redundancy-interface-process | remote-operations | routing <logical-system
logical-system-name> | sampling | service-deployment | snmp| statistics-service>
<all-chassis | all-lcc | lcc number | scc>
Syntax (TX Matrix Plus restart

Routers) <adaptive-services | audit-process | chassis-control | class-of-service | dhcp-service |
diameter-service | disk-monitoring | dynamic-flow-capture | ecc-error-logging |
event-processing | firewall | interface-control | ipsec-key-management | kernel-replication
| l2-learning | l2tp-service | lacp | link-management | mib-process | pgm |
pic-services-logging | ppp | pppoe | redundancy-interface-process | remote-operations |
routing <logical-system logical-system-name> | sampling | service-deployment | snmp|
statistics-service>
<all-chassis | all-lcc | all-sfc | lcc number | sfc number>
Syntax (QFX Series) restart

<adaptive-services | audit-process | chassis-control | class-of-service | dialer-services |
diameter-service | dlsw | ethernet-connectivity | event-processing | fibre-channel | firewall
| general-authentication-service | igmp-host-services | interface-control |
ipsec-key-management | isdn-signaling | l2ald | l2-learning | l2tp-service | mib-process |
named-service | network-access-service | nstrace-process | pgm | ppp | pppoe |
redundancy-interface-process | remote-operations |logical-system-name> | routing |
sampling |secure-neighbor-discovery | service-deployment | snmp | usb-control |
web-management>

Command introduced in Junos OS Release 12.2 for ACX Series routers.
Options added:
• dynamic-flow-capture in Junos OS Release 7.4.
• dlsw in Junos OS Release 7.5.
• event-processing in Junos OS Release 7.5.
• ppp in Junos OS Release 7.5.
• l2ald in Junos OS Release 8.0.
• link-management in Junos Release 8.0.
• pgcp-service in Junos OS Release 8.4.

IS-IS Feature Guide
• sbc-configuration-process in Junos OS Release 9.5.
• services pgcp gateway in Junos OS Release 9.6.
• sfc and all-sfc for the TX Matrix Router in Junos OS Release 9.6.
• bbe-stats-service in Junos OS Release 18.4R1 on MX Series routers.
• kernel-health-monitoring in Junos OS Release 19.1R1.
Description Restart a Junos OS process.
CAUTION: Never restart a software process unless instructed to do so by a

customer support engineer. A restart might cause the router or switch to drop
calls and interrupt transmission, resulting in possible loss of data.
Options none—Same as gracefully.
adaptive-services—(Optional) Restart the configuration management process that

manages the configuration for stateful firewall, Network Address Translation (NAT),
intrusion detection services (IDS), and IP Security (IPsec) services on the Adaptive
Services PIC.
all-chassis—(TX Matrix and TX Matrix Plus routers only) (Optional) Restart the software
process on all chassis.
all-lcc—(TX Matrix and TX Matrix Plus routers only) (Optional) For a TX Matrix router,
restart the software process on all T640 routers connected to the TX Matrix router.
For a TX Matrix Plus router, restart the software process on all T1600 routers
connected to the TX Matrix Plus router.
all-members—(MX Series routers only) (Optional) Restart the software process for all
members of the Virtual Chassis configuration.
all-sfc—(TX Matrix Plus routers only) (Optional) For a TX Matrix Plus router, restart the
software processes for the TX Matrix Plus router (or switch-fabric chassis).
ancpd-service—(Optional) Restart the Access Node Control Protocol (ANCP) process,

which works with a special Internet Group Management Protocol (IGMP) session to
collect outgoing interface mapping events in a scalable manner.
application-identification—(Optional) Restart the process that identifies an application

using intrusion detection and prevention (IDP) to allow or deny traffic based on
applications running on standard or nonstandard ports.
audit-process—(Optional) Restart the RADIUS accounting process that gathers statistical

data that can be used for general network monitoring, analyzing, and tracking usage
patterns, for billing a user based on the amount of time or type of services accessed.
auto-configuration—(Optional) Restart the Interface Auto-Configuration process.

autoinstallation—(EX Series switches only) (Optional) Restart the autoinstallation

process.
bbe-stats-service—(MX Series routers only) (Optional) Restart bbe-statsd, the BBE

statistics collection and management process.
captive-portal-content-delivery—(Optional) Restart the HTTP redirect service by

specifying the location to which a subscriber's initial Web browser session is
redirected, enabling initial provisioning and service selection for the subscriber.
ce-l2tp-service—(M10, M10i, M7i, and MX Series routers only) (Optional) Restart the
Universal Edge Layer 2 Tunneling Protocol (L2TP) process, which establishes L2TP
tunnels and Point-to-Point Protocol (PPP) sessions through L2TP tunnels.
chassis-control—(Optional) Restart the chassis management process.
class-of-service—(Optional) Restart the class-of-service (CoS) process, which controls

the router's or switch’s CoS configuration.
clksyncd-service—(Optional) Restart the external clock synchronization process, which

uses synchronous Ethernet (SyncE).
database-replication—(EX Series switches and MX Series routers only) (Optional)

Restart the database replication process.
datapath-trace-service—(Optional) Restart the packet path tracing process.
dhcp—(EX Series switches only) (Optional) Restart the software process for a Dynamic
Host Configuration Protocol (DHCP) server. A DHCP server allocates network IP
addresses and delivers configuration settings to client hosts without user intervention.
dhcp-service—(Optional) Restart the Dynamic Host Configuration Protocol process.
dialer-services—(EX Series switches only) (Optional) Restart the ISDN dial-out process.
diameter-service—(Optional) Restart the diameter process.
disk-monitoring—(Optional) Restart disk monitoring, which checks the health of the

hard disk drive on the Routing Engine.
dlsw—(QFX Series only) (Optional) Restart the data link switching (DLSw) service.
dot1x-protocol—(EX Series switches only) (Optional) Restart the port-based network

access control process.
dynamic-flow-capture—(Optional) Restart the dynamic flow capture (DFC) process,

which controls DFC configurations on Monitoring Services III PICs.
ecc-error-logging—(Optional) Restart the error checking and correction (ECC) process,

which logs ECC parity errors in memory on the Routing Engine.
ethernet-connectivity-fault-management—(Optional) Restart the process that provides

IEEE 802.1ag Operation, Administration, and Management (OAM) connectivity fault

IS-IS Feature Guide
management (CFM) database information for CFM maintenance association end

points (MEPs) in a CFM session.
ethernet-link-fault-management—(EX Series switches and MX Series routers only)

(Optional) Restart the process that provides the OAM link fault management (LFM)
information for Ethernet interfaces.
ethernet-switching—(EX Series switches only) (Optional) Restart the Ethernet switching

process.
event-processing—(Optional) Restart the event process (eventd).
fibre-channel—(QFX Series only) (Optional) Restart the Fibre Channel process.
firewall—(Optional) Restart the firewall management process, which manages the

firewall configuration and enables accepting or rejecting packets that are transiting
an interface on a router or switch.
general-authentication-service—(EX Series switches and MX Series routers only)

(Optional) Restart the general authentication process.
gracefully—(Optional) Restart the software process.
iccp-service—(Optional) Restart the Inter-Chassis Communication Protocol (ICCP)

process.
idp-policy—(Optional) Restart the intrusion detection and prevention (IDP) protocol

process.
immediately—(Optional) Immediately restart the software process.
interface-control—(Optional) Restart the interface process, which controls the router's

or switch’s physical interface devices and logical interfaces.
ipsec-key-management—(Optional) Restart the IPsec key management process.
isdn-signaling—(QFX Series only) (Optional) Restart the ISDN signaling process, which
initiates ISDN connections.
kernel-health-monitoring—(Optional) Restart the Routing Engine kernel health

monitoring process, which enables health parameter data to be sent from kernel
components to data collection applications. When you change the polling interval
through sysctl kern.jkhmd_polling_time_secs, you must restart the kernel health
monitoring process for the new polling interval to take effect.
kernel-replication—(Optional) Restart the kernel replication process, which replicates

the state of the backup Routing Engine when graceful Routing Engine switchover
(GRES) is configured.
l2-learning—(Optional) Restart the Layer 2 address flooding and learning process.
l2cpd-service—(Optional) Restart the Layer 2 Control Protocol process, which enables

features such as Layer 2 protocol tunneling and nonstop bridging.

l2tp-service— (M10, M10i, M7i, and MX Series routers only) (Optional) Restart the Layer 2
Tunneling Protocol (L2TP) process, which sets up client services for establishing
Point-to-Point Protocol (PPP) tunnels across a network and negotiating Multilink
PPP if it is implemented.
l2tp-universal-edge—(MX Series routers only) (Optional) Restart the L2TP process,

which establishes L2TP tunnels and PPP sessions through L2TP tunnels.
lacp—(Optional) Restart the Link Aggregation Control Protocol (LACP) process. LACP
provides a standardized means for exchanging information between partner systems
on a link to allow their link aggregation control instances to reach agreement on the
identity of the LAG to which the link belongs, and then to move the link to that LAG,
and to enable the transmission and reception processes for the link to function in
an orderly manner.
lcc number—(TX Matrix and TX Matrix Plus routers only) (Optional) For a TX Matrix
router, restart the software process for a specific T640 router that is connected to
the TX Matrix router. For a TX Matrix Plus router, restart the software process for a
specific router that is connected to the TX Matrix Plus router.
Replace number with the following values depending on the LCC configuration:
• 0 through 3, when T640 routers are connected to a TX Matrix router in a routing

matrix.
• 0 through 3, when T1600 routers are connected to a TX Matrix Plus router in a

routing matrix.
• 0 through 7, when T1600 routers are connected to a TX Matrix Plus router with 3D
SIBs in a routing matrix.
• 0, 2, 4, or 6, when T4000 routers are connected to a TX Matrix Plus router with

3D SIBs in a routing matrix.
license-service—(EX Series switches only) (Optional) Restart the feature license

management process.
link-management— (TX Matrix and TX Matrix Plus routers and EX Series switches only)
(Optional) Restart the Link Management Protocol (LMP) process, which establishes
and maintains LMP control channels.
lldpd-service—(EX Series switches only) (Optional) Restart the Link Layer Discovery
Protocol (LLDP) process.
local—(MX Series routers only) (Optional) Restart the software process for the local
Virtual Chassis member.
local-policy-decision-function— (Optional) Restart the process for the Local Policy

Decision Function, which regulates collection of statistics related to applications
and application groups and tracking of information about dynamic subscribers and
static interfaces.

IS-IS Feature Guide
mac-validation— (Optional) Restart the Media Access Control (MAC) validation process,
which configures MAC address validation for subscriber interfaces created on demux
interfaces in dynamic profiles on MX Series routers.
member member-id—(MX Series routers only) (Optional) Restart the software process
for a specific member of the Virtual Chassis configuration. Replace member-id with
a value of 0 or 1.
mib-process—(Optional) Restart the Management Information Base (MIB) version II

process, which provides the router's MIB II agent.
mobile-ip—(Optional) Restart the Mobile IP process, which configures Junos OS Mobile

IP features.
mountd-service—(EX Series switches and MX Series routers only) (Optional) Restart

the service for NFS mount requests.
mpls-traceroute—(Optional) Restart the MPLS Periodic Traceroute process.
mspd—(Optional) Restart the Multiservice process.
multicast-snooping—(EX Series switches and MX Series routers only) (Optional) Restart

the multicast snooping process, which makes Layer 2 devices, such as VLAN switches,
aware of Layer 3 information, such as the media access control (MAC) addresses
of members of a multicast group.
named-service—(Optional) Restart the DNS Server process, which is used by a router

or a switch to resolve hostnames into addresses.
network-access-service—( QFX Series only) (Optional) Restart the network access

process, which provides the router's Challenge Handshake Authentication Protocol
(CHAP) authentication service.
nfsd-service—(Optional) Restart the Remote NFS Server process, which provides remote
file access for applications that need NFS-based transport.
packet-triggered-subscribers—(Optional) Restart the packet-triggered subscribers and

policy control (PTSP) process, which allows the application of policies to dynamic
subscribers that are controlled by a subscriber termination device.
peer-selection-service—(Optional) Restart the Peer Selection Service process.
pgcp-service—(Optional) Restart the pgcpd service process running on the Routing

Engine. This option does not restart pgcpd processes running on mobile station PICs.
To restart pgcpd processes running on mobile station PICs, use the services pgcp
gateway option.
pgm—(Optional) Restart the process that implements the Pragmatic General Multicast
(PGM) protocol for assisting in the reliable delivery of multicast packets.
pic-services-logging—(Optional) Restart the logging process for some PICs. With this
process, also known as fsad (the file system access daemon), PICs send special
logging information to the Routing Engine for archiving on the hard disk.

pki-service—(Optional) Restart the PKI Service process.
ppp—(Optional) Restart the Point-to-Point Protocol (PPP) process, which is the

encapsulation protocol process for transporting IP traffic across point-to-point links.
ppp-service—(Optional) Restart the Universal edge PPP process, which is the

encapsulation protocol process for transporting IP traffic across universal edge
routers.
pppoe—(Optional) Restart the Point-to-Point Protocol over Ethernet (PPPoE) process,

which combines PPP that typically runs over broadband connections with the
Ethernet link-layer protocol that allows users to connect to a network of hosts over
a bridge or access concentrator.
protected-system-domain-service—(Optional) Restart the Protected System Domain

(PSD) process.
redundancy-interface-process—(Optional) Restart the ASP redundancy process.
remote-operations—(Optional) Restart the remote operations process, which provides

the ping and traceroute MIBs.
root-system-domain-service—(Optional) Restart the Root System Domain (RSD)

service.
routing—(ACX Series routers, QFX Series, EX Series switches, and MX Series routers only)
(Optional) Restart the routing protocol process.
routing <logical-system logical-system-name>—(Optional) Restart the routing protocol

process, which controls the routing protocols that run on the router or switch and
maintains the routing tables. Optionally, restart the routing protocol process for the
specified logical system only.
sampling—(Optional) Restart the sampling process, which performs packet sampling

based on particular input interfaces and various fields in the packet header.
sbc-configuration-process—(Optional) Restart the session border controller (SBC)

process of the border signaling gateway (BSG).
scc—(TX Matrix routers only) (Optional) Restart the software process on the TX Matrix
router (or switch-card chassis).
sdk-service—(Optional) Restart the SDK Service process, which runs on the Routing
Engine and is responsible for communications between the SDK application and
Junos OS. Although the SDK Service process is present on the router, it is turned off
by default.
secure-neighbor-discovery—(QFX Series, EX Series switches, and MX Series routers

only) (Optional) Restart the secure Neighbor Discovery Protocol (NDP) process,
which provides support for protecting NDP messages.
sfc number—(TX Matrix Plus routers only) (Optional) Restart the software process on
the TX Matrix Plus router (or switch-fabric chassis). Replace number with 0.

IS-IS Feature Guide
service-deployment—(Optional) Restart the service deployment process, which enables

Junos OS to work with the Session and Resource Control (SRC) software.
services—(Optional) Restart a service.
services pgcp gateway gateway-name—(Optional) Restart the pgcpd process for a

specific border gateway function (BGF) running on an MS-PIC. This option does not
restart the pgcpd process running on the Routing Engine. To restart the pgcpd process
on the Routing Engine, use the pgcp-service option.
sflow-service—(EX Series switches only) (Optional) Restart the flow sampling (sFlow
technology) process.
snmp—(Optional) Restart the SNMP process, which enables the monitoring of network
devices from a central location and provides the router's or switch’s SNMP master
agent.
soft—(Optional) Reread and reactivate the configuration without completely restarting

the software processes. For example, BGP peers stay up and the routing table stays
constant. Omitting this option results in a graceful restart of the software process.
static-subscribers—(Optional) Restart the static subscribers process, which associates

subscribers with statically configured interfaces and provides dynamic service
activation and activation for these subscribers.
statistics-service—(Optional) Restart the process that manages the Packet Forwarding

Engine statistics.
subscriber-management—(Optional) Restart the Subscriber Management process.
subscriber-management-helper—(Optional) Restart the Subscriber Management Helper

process.
tunnel-oamd—(Optional) Restart the Tunnel OAM process, which enables the Operations,
Administration, and Maintenance of Layer 2 tunneled networks. Layer 2 protocol
tunneling (L2PT) allows service providers to send Layer 2 protocol data units (PDUs)
across the provider’s cloud and deliver them to Juniper Networks EX Series Ethernet
Switches that are not part of the local broadcast domain.
usb-control—( MX Series routers) (Optional) Restart the USB control process.
vrrp—(ACX Series routers, EX Series switches, and MX Series routers only) (Optional)
Restart the Virtual Router Redundancy Protocol (VRRP) process, which enables
hosts on a LAN to make use of redundant routing platforms on that LAN without
requiring more than the static configuration of a single default route on the hosts.
web-management—(QFX Series, EX Series switches, and MX Series routers only)

(Optional) Restart the Web management process.
Required Privilege reset

Level

Related • Overview of Junos OS CLI Operational Mode Commands

Documentation
List of Sample Output restart interface-control gracefully on page 625
Sample Output
restart interface-control gracefully

user@host> restart interface-control gracefully
Interface control process started, pid 41129

IS-IS Feature Guide
show auto-bandwidth
Syntax show auto-bandwidth

history-log
traffic (sensor-name brief|detail)
Release Information Command introduced in Junos OS Release 17.3R1 for MX Series and PTX Series.
Description Display the auto-bandwidth information. You can view the traffic or the history log
information in the output.
Options history-log— Display the log of the sensor in the threshold activation period.
traffic (sensor-name brief | detail)—Display the traffic details and the configured
auto-bandwidth parameters.

Level

Documentation
• clear isis spring traffic-statistics on page 612
• show isis spring interface traffic-statistics on page 712
List of Sample Output show auto-bandwidth (traffic) on page 627

show auto-bandwidth (history-log) on page 628

Field Name Field Description
Output
Collection IntervalFields Time in seconds between two traffic sample collections.
Adjust Interval Time interval after which the average bandwidth utilization is measured.
Adjust threshold Percentage change threshold after which an action is triggered.
Adjust Subscription Threshold for RSVP subscription in percentage.
Pkt Recv Number of packets received.
Byte Recv Number of bytes received.
Poll Count Number of times the data was collected.
Average Average bandwidth utilization across the SPRING traffic samples collected.
Last Report Traffic statistics that was last reported indicating the number of packets received in the
last report.
Last Report time Time stamp of the last reporting time.
Last Query Time Time stamp of the last query.
Last Resp Time Time stamp of the last response time.
Byte Bucket Count of bytes sent on the link measured periodically as per the configured collection
interval.
Packet Bucket Count of packets sent on the link measured periodically as per the configured collection
interval.
Sample Output
show auto-bandwidth (traffic)

user@host> show auto-bandwidth traffic
Name Stats-Id packets bytes

ge-0/0/2.0 0xc0000002 0 0
ge-0/0/0.0 0xc0000003 0 0
lo0.0 0xc0000004 0 0
user@host> show auto-bandwidth traffic detail
ge-0/0/0.0:
Collection Interval: 10, Adjust Interval : 200, Adjust threshold : 10
Adjust Subscription : 100
Pkt Recv: 1536 Byte Recv: 135168 Poll Count:29 Average:0
Last Report: 2829 Last Report time:Mon Jan 2 11:07:59 2017
Byte Bucket:
0 0 0 0 0

IS-IS Feature Guide
0 0 0 0 0
0 0 0 0 0
0 0 0 0 0
Packet Bucket:
0 0 0 0 0
0 0 0 0 0
0 0 0 0 0
0 0 0 0 0
show auto-bandwidth (history-log)

user@host> show auto-bandwidth history-log
Tue Jan 3 18:39:36

ge-0/0/0.0:
Threshold crossed firsttime, waiting for 5sec (adjust-interval – collection
period)
Byte Recv:4M Poll Count:1 Average:5Mbps
Last Report:0
Last Report time:Tue Jan 3 18:39:26 2017
Chronological order: First bucket is the most recent
2000000 0 0 0
Tue Jan 3 18:39:46
ge-0/0/0.0:
Threshold crossed early, waiting for 5sec
Byte Recv:6M Poll Count:2 Average:1Mbps
Last Report:0
2000000 2000000 0 0
Tue Jan 3 18:39:56
ge-0/0/0.0:
Threshold crossed early, waiting for 5sec
Byte Recv:8M Poll Count:3 Average:1.5Mbps
Last Report:0
2000000 2000000 2000000 0

Tue Jan 3 18:40:06
ge-0/0/0.0:
Threshold crossed, reporting 0 MBps to RSVP
Byte Recv:10M Poll Count:4 Average:2 Mbps
Last Report:0
2000000 2000000 2000000 2000000

show bfd session

Syntax (EX Series Switch and QFX Series) on page 629
Syntax show bfd session

<brief | detail | extensive | summary>
<address address>
<client rsvp-oam (brief | detail | extensive | summary) | vpls-oam (brief | detail | extensive |
instance instance-name | summary)>
<discriminator discriminator>
<prefix address>
<subscriber (address destination-address | discriminator discriminator | extensive)>
Syntax (EX Series show bfd session

Switch and QFX <brief | detail | extensive | summary>
Series) <address address>
<client rsvp-oam (brief | detail | extensive | summary) | vpls-oam (brief | detail | extensive |
instance instance-name | summary)>
<discriminator discriminator>
<prefix address>

Options discriminator and address introduced in Junos OS Release 8.2.
Option prefix introduced in Junos OS Release 9.0.
Option client introduced in Junos OS Release 12.3R3.
Option subscriber introduced in Junos OS Release 15.1 for the MX Series.
Description Display information about active Bidirectional Forwarding Detection (BFD) sessions.
Options none—(Same as brief) Display information about active BFD sessions.
brief | detail | extensive | summary—(Optional) Display the specified level of output.
address address—(Optional) Display information about the BFD session for the specified
neighbor address.
client rsvp-oam
(brief | detail | extensive | summary)
| vpls-oam
(brief | detail | extensive | instance instance-name | summary)—(Optional) Display
information about RSVP-OAM or VPLS-OAM BFD sessions in the specified level of
output. For VPLS-OAM, display the specified level of output or display information
about all of the BFD sessions for the specified VPLS routing instance.

IS-IS Feature Guide
discriminator discriminator—(Optional) Display information about the BFD session using

the specified local discriminator.

<subscriber (address destination-address | discriminator discriminator |

extensive)>—(Optional) Display information about all BFD sessions for subscribers,
or for a single BFD subscriber session with a particular destination address, or with
a particular denominator.

Level
Related • clear bfd session on page 602

Documentation
• Understanding BFD for Static Routes for Faster Network Failure Detection
• Example: Configuring BFD for Static Routes for Faster Network Failure Detection
• Understanding BFD for OSPF
• Example: Configuring BFD for OSPF
• Understanding BFD for BGP
• Example: Configuring BFD on Internal BGP Peer Sessions
• Understanding Bidirectional Forwarding Detection Authentication for PIM
• Configuring BFD for PIM
List of Sample Output show bfd session on page 634

show bfd session brief on page 635
show bfd session detail on page 635
show bfd session detail (with Authentication) on page 635
show bfd session address extensive on page 635
show bfd session client rsvp-oam on page 636
show bfd session client vpls-oam summary on page 636
show bfd session client vpls-oam instance instance-name on page 636
show bfd session extensive on page 636
show bfd session extensive (with Authentication) on page 637
show bfd session summary on page 638
show bfd session subscriber on page 638
show bfd session subscriber address on page 638
show bfd session subscriber extensive on page 638
show bfd session subscriber discriminator extensive on page 639
Output Fields Table 10 on page 631 describes the output fields for the show bfd session command.
Output fields are listed in the approximate order in which they appear.

Table 10: show bfd session Output Fields
Field Name Field Description Level of Output
Address Address on which the BFD session is active. brief detail extensive
none
State State of the BFD session: Up, Down, Init (initializing), or Failing. brief detail extensive
none
Interface Interface on which the BFD session is active. brief detail extensive
none
Detect Time Negotiated time interval, in seconds, used to detect BFD control packets. brief detail extensive
none
Transmit Interval Time interval, in seconds, used by the transmitting system to send BFD control brief detail extensive
packets. none
Multiplier Negotiated multiplier by which the time interval is multiplied to determine the detail extensive
detection time for the transmitting system.
Session up time How long a BFD session has been established. detail extensive
Client Protocol or process for which the BFD session is active: ISIS, OSPF, DHCP, Static, detail extensive
or VGD.
TX interval Time interval, in seconds, used by the host system to transmit BFD control brief detail extensive
packets. none
RX interval Time interval, in seconds, used by the host system to receive BFD brief detail extensive
control packets. none
Authenticate Indicates that BFD authentication is configured. detail extensive
keychain Name of the security authentication keychain being used by a specific client. extensive
BFD authentication information for a client is provided in a single line and

includes the keychain, algo, and mode parameters. Multiple clients can be
configured on a BFD session.
algo BFD authentication algorithm being used for a specific client: keyed-md5, extensive
keyed-sha-1, meticulous-keyed-md5, meticulous-keyed-sha-1, or simple-password.


IS-IS Feature Guide
Table 10: show bfd session Output Fields (continued)
mode Level of BFD authentication enforcement being used by a specific client: strict extensive
or loose. Strict enforcement indicates that authentication is configured at both
ends of the session (the default). Loose enforcement indicates that one end of
the session might not be authenticated.

Local diagnostic Local diagnostic information about failing BFD sessions. detail extensive
Following are the expected values for Local Diagnostic output field:
• None—No diagnostic
• CtlExpire—Control detection time expired
• EchoExpire—Echo detection time expired
• NbrSignal—Neighbor signalled session down
• FwdPlaneReset—Forwarding plane reset
• PathDown—Path down
• ConcatPathDown—Concatenated path down
• AdminDown—Administratively down
Remote diagnostic Remote diagnostic information about failing BFD sessions. detail extensive
Following are the expected values for Remote Diagnostic output field:
• None—No diagnostic
• CtlExpire—Control detection time expired
• EchoExpire—Echo detection time expired
• NbrSignal—Neighbor signalled session down
• FwdPlaneReset—Forwarding plane reset
• PathDown—Path down
• ConcatPathDown—Concatenated path down
• AdminDown—Administratively down
Remote state Reports whether the remote system's BFD packets have been received and detail extensive
whether the remote system is receiving transmitted control packets.
Version BFD version: 0 or 1. extensive
Replicated The replicated flag appears when nonstop routing or graceful Routing Engine detail extensive
switchover is configured and the BFD session has been replicated to the backup
Routing Engine.
Min async interval Minimum amount of time, in seconds, between asynchronous control packet extensive
transmissions across the BFD session.
Min slow interval Minimum amount of time, in seconds, between synchronous control packet extensive
transmissions across the BFD session.

Adaptive async TX Transmission interval being used because of adaptation. extensive

interval
RX interval Minimum required receive interval. extensive
Local min TX Minimum amount of time, in seconds, between control packet transmissions extensive
interval on the local system.
Local min RX Minimum amount of time, in seconds, between control packet detections on extensive
interval the local system.
Remote min TX Minimum amount of time, in seconds, between control packet transmissions extensive
interval on the remote system.
Remote min TX Minimum amount of time, in seconds, between control packet detections on extensive
interval the remote system.
Threshold Threshold for notification if the transmission interval increases. extensive

transmission
interval
Threshold for Threshold for notification if the detection time increases. extensive
detection time
Local discriminator Authentication code used by the local system to identify that BFD session. extensive
Remote Authentication code used by the remote system to identify that BFD session. extensive
discriminator
Echo mode Information about the state of echo transmissions on the BFD session. extensive
Prefix LDP FEC address associated with the BFD session. All levels
Egress, Destination Displays the LDP FEC destination address. This field is displayed only on a router All levels
at the egress of an LDP FEC, where the BFD session has an LDP Operation,
Administration, and Maintenance (OAM) client.
Remote is The BFD session on the remote peer is running on its Packet Forwarding Engine. extensive
control-plane In this case, when the remote node undergoes a graceful restart, the local peer
independent can help the remote peer with the graceful restart.
The following BFD sessions are not distributed to the Packet Forwarding Engine:
tunnel-encapsulated sessions, and sessions over integrated routing and bridging
(IRB) interfaces.

IS-IS Feature Guide
Authentication Summary status of BFD authentication: extensive
• status—enabled/active indicates authentication is configured and active.

enabled/inactive indicates authentication is configured but not active. This
only occurs when the remote end of the session does not support
authentication and loose checking is configured.
• keychain—Name of the security authentication keychain associated with the
specified BFD session.
• algo—BFD authentication algorithm being used: keyed-md5, keyed-sha-1,
meticulous-keyed-md5, meticulous-keyed-sha-1, or simple-password.
• mode—Level of BFD authentication enforcement: strict or loose. Strict
enforcement indicates authentication is configured at both ends of the session
(the default). Loose enforcement indicates that one end of the session might
not be authenticated.
This information is only shown if BFD authentication is configured.
Session ID The BFD session ID number that represents the protection using MPLS fast detail extensive
reroute (FRR) and loop-free alternate (LFA).
sessions Total number of active BFD sessions. All levels
clients Total number of clients that are hosting active BFD sessions. All levels
Cumulative Total number of BFD control packets transmitted per second on all All levels
transmit rate active sessions.
Cumulative receive Total number of BFD control packets received per second on all active sessions. All levels
rate
Multi-hop, Minimum time to live (TTL) accepted if the session is configured for multihop. extensive
min-recv-TTL
route table Route table used if the session is configured for multihop. extensive
local address Local address of the source used if the session is configured for multihop. extensive
The source IP address for outgoing BFD packets from the egress side of an
MPLS BFD session is based on the outgoing interface IP address.
Sample Output
show bfd session

user@host> show bfd session
Transmit
Address State Interface Detect Time Interval Multiplier
10.9.1.33 Up so-7/1/0.0 0.600 0.200 3
10.9.1.29 Up ge-4/0/0.0 0.600 0.200 3

show bfd session brief
The output for the show bfd session brief command is identical to that for the show bfd
session command.
show bfd session detail

user@host> show bfd session detail
Transmit
10.9.1.33 Up so-7/1/0.0 0.600 0.200 3
Client OSPF, TX interval 0.200, RX interval 0.200, multiplier 3
Session up time 3d 00:34:02
Replicated
10.9.1.29 Up ge-4/0/0.0 0.600 0.200 3
Client ISIS L2, TX interval 0.200, RX interval 0.200, multiplier 3
Session up time 3d 00:29:04, previous down time 00:00:01
show bfd session detail (with Authentication)

user@host> show bfd session detail
Transmit
10.9.1.33 Up so-7/1/0.0 0.600 0.200 3
Client OSPF, TX interval 0.200, RX interval 0.200, multiplier 3, Authenticate
Session up time 3d 00:34:18
Replicated
10.9.1.29 Up ge-4/0/0.0 0.600 0.200 3
Client ISIS L2, TX interval 0.200, RX interval 0.200, multiplier 3
Session up time 3d 00:29:12, previous down time 00:00:01
show bfd session address extensive

user@host> show bfd session 10.255.245.212 extensive
Transmit
10.255.245.212 Up 1.200 0.400 3
Client Static, TX interval 0.400, RX interval 0.400, multiplier 3

IS-IS Feature Guide
Session up time 00:17:03, previous down time 00:00:14

Local diagnostic CtlExpire, remote diagnostic NbrSignal
Replicated
Adaptive async tx interval 0.400, rx interval 0.400
Local min tx interval 0.400, min rx interval 0.400, multiplier 3
Remote min tx interval 0.400, min rx interval 0.400, multiplier 3
Threshold transmission interval 0.000, Threshold for detection time 0.000
Multi-hop, min-recv-TTL 255, route-table 0, local-address 10.255.245.205
show bfd session client rsvp-oam

user@host> show bfd session client rsvp-oam
Detect Transmit
192.168.0.223 Up 540.000 180.000 3
1 Up sessions, 0 Down sessions

show bfd session client vpls-oam summary

user@host> show bfd session client vpls-oam summary
1 Up sessions, 1 Down sessions

show bfd session client vpls-oam instance instance-name

user@host> show bfd session client vpls-oam instance vpls
Detect Transmit
127.0.0.1 Up ae9.0 3.000 1.000 3
1 Up Sessions, 0 Down Sessions

show bfd session extensive

user@host> show bfd session extensive
Detect Transmit
10.31.1.2 Up ge-2/1/8.0 0.030 0.010 3
Client OSPF realm ospf-v2 Area 0.0.0.0, TX interval 0.010, RX interval 0.010


Replicated
Remote is control-plane independent
Session ID: 0x201
Micro-BFD Session
Detect Transmit
10.31.2.2 Up ge-2/1/4.0 0.030 0.010 3
Client OSPF realm ospf-v2 Area 0.0.0.0, TX interval 0.010, RX interval 0.010
Replicated
Session ID: 0x202
show bfd session extensive (with Authentication)

user@host> show bfd session extensive
Detect Transmit
192.168.208.26 Up so-1/0/0.0 2.400 0.800 10
Client Static, TX interval 0.600, RX interval 0.600, Authenticate
keychain bfd, algo keyed-md5, mode loose
Replicated
Authentication enabled/active, keychain bfd, algo keyed-md5, mode loose

IS-IS Feature Guide
show bfd session summary

user@host> show bfd session summary
show bfd session subscriber

user@host> show bfd session subscriber
Detect Transmit
1.0.0.2 Up ae0.0 90.000 30.000 3
1.0.0.6 Up ae0.1 90.000 30.000 3
1.0.0.10 Up ae0.2 90.000 30.000 3
1.0.0.14 Up ae0.3 90.000 30.000 3
1.0.0.18 Up ae0.4 90.000 30.000 3
show bfd session subscriber address

user@host> show bfd session subscriber address 1.0.0.2
Detect Transmit
1.0.0.2 Up ae0.0 90.000 30.000 3
show bfd session subscriber extensive

user@host> show bfd session subscriber extensive
Detect Transmit
1.0.0.2 Up ae0.0 90.000 30.000 3
Client DHCP, TX interval 30.000, RX interval 30.000

Replicated
Session ID: 0x1
Detect Transmit
1.0.0.6 Up ae0.1 90.000 30.000 3



Replicated
Session ID: 0x2
show bfd session subscriber discriminator extensive

user@host> show bfd session subscriber discriminator 20 extensive
Detect Transmit
1.0.0.2 Up ae0.0 90.000 30.000 3

Replicated
Session ID: 0x1

IS-IS Feature Guide
show isis adjacency

Syntax show isis adjacency

<system-id>
<brief | detail | extensive>
Syntax (EX Series show isis adjacency

Switches and QFX <system-id>
Series) <brief | detail | extensive>

Description Display information about IS-IS neighbors.
Options none—Display standard information about IS-IS neighbors for all routing instances.
system id—(Optional) Display information about IS-IS neighbors for the specified
intermediate system.
brief | detail | extensive—(Optional) Display standard information about IS-IS neighbors

with the specified level of output.
instance instance-name—(Optional) Display information about IS-IS neighbors for the

specified routing instance.
logical-system (all | logical-system-name)—(Optional) Display information about IS-IS

neighbors for all logical systems or for a particular logical system.

Level
Related • clear isis adjacency on page 604

Documentation
List of Sample Output show isis adjacency on page 643

show isis adjacency brief on page 643
show isis adjacency detail on page 644
show isis adjacency extensive on page 644

Output Fields Table 11 on page 641 describes the output fields for the show isis adjacency command.
Table 11: show isis adjacency Output Fields
Interface Interface through which the neighbor is reachable. All levels
System System identifier (sysid), displayed as a name, if possible. brief
L or Level Level: All levels
An exclamation point (!) preceding the level number indicates that the adjacency
is missing an IP address.
State State of the adjacency: Up, Down, New, One-way, Initializing, or Rejected. All levels
Hold (secs) Remaining hold time of the adjacency. brief
SNPA Subnetwork point of attachment (MAC address of the next hop). brief
Expires in How long until the adjacency expires, in seconds. detail
Priority Priority to become the designated intermediate system. detail extensive
Up/Down Count of adjacency status changes from Up to Down or from Down to Up. detail
transitions
Last transition Time of the last Up/Down transition. detail
Circuit type Bit mask of levels on this interface: 1=Level 1 router; 2=Level 2 router; 3=both detail
Level 1 and Level 2 router.
Speaks Protocols supported by this neighbor. detail extensive
MAC address MAC address of the interface. detail extensive
Topologies Supported topologies. detail extensive
Restart capable Whether a neighbor is capable of graceful restart: Yes or No. detail extensive
Adjacency This routing device has signaled to advertise this interface to its neighbors in detail extensive
advertisement: their link-state PDUs.
Advertise
Adjacency This neighbor has signaled not to advertise the interface in the routing device's detail extensive
advertisement: outbound link-state PDUs.
Suppress

IS-IS Feature Guide
Table 11: show isis adjacency Output Fields (continued)
IP addresses IP address of this neighbor. detail extensive
IPV6 Address IPv6 address of the neighbor. detail extensive
Level 1 IPv4 Level 1 IPv4 node-SID of the adjacent neighbor. detail extensive
Adj-SID
Level 1 IPv6 Level 1 IPv6 node-SID of the adjacent neighbor.

Adj-SID
Adj-SID
Adj-SID

Table 11: show isis adjacency Output Fields (continued)
Transition log List of recent transitions, including: extensive
• When—Time at which an IS-IS adjacency transition occurred.

• State—Current state of the IS-IS adjacency (up, down, or rejected).
• Up—Adjacency is up and operational.
• Down—Adjacency is down and not available.
• Rejected—Adjacency has been rejected.
• Event—Type of transition that occurred.

• Seenself—Possible routing loop has been detected.
• Interface down—IS-IS interface has gone down and is no longer available.
• Error—Adjacency error.
• Down reason—Reason that an IS-IS adjacency is down:

• 3-Way Handshake Failed—Connection establishment failed.
• Address Mismatch—Address mismatch caused link failure.
• Aged Out—Link expired.
• ISO Area Mismatch—IS-IS area mismatch caused link failure.
• Bad Hello—Unacceptable hello message caused link failure.
• BFD Session Down—Bidirectional failure detection caused link failure.
• Interface Disabled—IS-IS interface is disabled.
• Interface Down—IS-IS interface is unavailable.
• Interface Level Disabled—IS-IS level is disabled.
• Level Changed—IS-IS level has changed on the adjacency.
• Level Mismatch—Levels on adjacency are not compatible.
• MPLS LSP Down—Label-switched path (LSP) is unavailable.
• MT Topology Changed—IS-IS topology has changed.
• MT Topology Mismatch—IS-IS topology is mismatched.
• Remote System ID Changed—Adjacency peer system ID changed.
• Protocol Shutdown—IS-IS protocol is disabled.
• CLI Command—Adjacency brought down by user.
• Unknown—Unknown.
Sample Output
show isis adjacency


at-2/3/0.0 ranier 3 Up 23
show isis adjacency brief
The output for the show isis adjacency brief command is identical to that for the show
isis adjacency command. For sample output, see show isis adjacency on page 643.

IS-IS Feature Guide
show isis adjacency detail

user@host> show isis adjacency detail
ranier
Interface: at-2/3/0.0, Level: 3, State: Up, Expires in 21 secs
Topologies: Unicast, IPV6-Unicast Restart capable: Yes, Adjacency advertisement:
Advertise
LAN id: pro-bng3-c-F.02, IP addresses: 11.1.1.2
IPv6 addresses: fe80::2a0:a514:0:4745
Level 1 IPv4 Adj-SID: 299808, IPv6 Adj-SID: 299824
show isis adjacency extensive

user@host> show isis adjacency extensive
ranier
Interface: at-2/3/0.0, Level: 3, State: Up, Expires in 22 secs

IPv6 addresses: fe80::2a0:a514:0:3e45
Transition log:
Thu Mar 26 06:13:18 Up Seenself

show isis adjacency holddown
Syntax show isis adjacency holddown

<level>
Release Information Command introduced in Junos OS Release 16.1 for the MX Series and PTX Series.
Description Display holddown status and time when IS-IS adjacencies are being formed. Adjacency
holddown process takes place on an IS-IS level basis. When adjacency holdown is
enabled, IS-IS adjacencies are formed sequentially. There is a holddown time between
each adjacency and the process is completed when all IS-IS adjacencies are formed.
This holddown time might cause network instability.
This command is useful to verify whether the adjacency holddown is enabled and
facilitates troubleshooting when there are adjacency issues due to IS-IS adjacency
holddown .
Options none—Display standard overview information about IS-IS adjacency holddown for all
routing instances.
brief | detail | extensive—(Optional) Display standard information about IS-IS adjacency

holddown with the specified level of output.
instance instance-name—(Optional) Display IS-IS adjacency holddown information for

the specified routing instance.
level—(Optional) Display information about IS-IS neighbors for the specified IS-IS level.


Level
Related • show isis adjacency on page 640

Documentation
List of Sample Output show isis adjacency holddown on page 646

show isis adjacency holddown extensive on page 646
show isis adjacency holddown detail on page 647

IS-IS Feature Guide
Field Field Description
Level Output Fields IS-IS level:
• 1—Level 1 information
status IS-IS Adjacency holddown status:
• active—IS-IS adjacency holddown is in process.

• inactive—IS-IS adjacency holddown process is completed.
• disabled—IS-IS adjacency holddown is disabled.
when The time stamp for the IS-IS adjacency holddown.
Event • seenself—IS-IS has changed the IS-IS adjacency holddown status.

• status change—IS-IS adjacency holddown status has changed.
reason The reason for change in the IS-IS adjacency holddown state.
Sample Output
show isis adjacency holddown

user@host> show isis adjacency holddown
Level status
1 active
2 active
show isis adjacency holddown extensive

user@host> show isis adjacency holddown extensive
Level: 1
Adjacency holddown is active, Adjacency holddown reset is not completed
Holddown process has not started, Network might not be stable
Holddown Started 0 secs ago
First adjacency up since 0 secs
Total adjacency up count: 0
Transition log:
When State Event reason
Mon Jun 22 05:35:03 Active Seenself
Tue Jun 23 02:13:30 Active Seenself
Tue Jun 23 02:14:40 Inactive Status change holddown complete
Level: 2
Transition log:
When State Event reason
Mon Jun 22 05:35:03 Active Seenself


Tue Jun 23 02:14:40 Inactive Status change holddown complete
show isis adjacency holddown detail

user@host> show isis adjacency holddown detail
Level: 1
Level: 2

IS-IS Feature Guide
show isis authentication

Syntax show isis authentication

Syntax (EX Series show isis authentication

Series)
Release Information Command introduced in Junos OS Release 7.5.

Support for hitless authentication key rollover introduced in Junos OS Release 11.2.
Description Display information about Intermediate System-to-Intermediate System (IS-IS)

authentication.
Options none—Display information about IS-IS authentication.
instance instance-name—(Optional) Display IS-IS authentication for the specified routing

instance.


Level
Related • show security keychain on page 922

Documentation
List of Sample Output show isis authentication on page 649

show isis authentication (With Hitless Authentication Key Rollover
Configured) on page 649
Output Fields Table 12 on page 649 describes the output fields for the show isis authentication command.

Table 12: show isis authentication Output Fields
Interface Interface name.
Level IS-IS level.
IIH Auth IS-IS Hello (IIH) packet authentication type.
Displays the name of the active keychain if hitless authentication key rollover
is configured.
CSN Auth Complete sequence number authentication type.
PSN Auth Partial sequence number authentication type.
L1 LSP Layer 1 link-state PDU authentication type.

Authentication
L2 LSP Layer 2 link-state PDU authentication type.

Authentication
Sample Output
show isis authentication

user@host> show isis authentication
Interface Level IIH Auth CSN Auth PSN Auth

at-2/3/0.0 1 Simple Simple Simple
2 MD5 MD5 MD5
L1 LSP Authentication: Simple

L2 LSP Authentication: MD5
show isis authentication (With Hitless Authentication Key Rollover Configured)

user@host> show isis authentication
Interface Level IIH Auth CSN Auth PSN Auth

so-0/1/3.0 2 hakrhello MD5 MD5
L2 LSP Authentication: MD5

IS-IS Feature Guide
show isis backup coverage
Syntax show isis backup coverage

Syntax (EX Series show isis backup coverage

Series)

Description Display information about the level of backup coverage available.
Options none—Display information about the level of backup coverage available for all the nodes
and prefixes in the network.
instance instance-name—(Optional) Display information about the level of backup

coverage for a specific IS-IS routing instance.


Level

Documentation
• show isis backup label-switched-path on page 652
List of Sample Output show isis backup coverage on page 651
Output Fields Table 13 on page 650 lists the output fields for the show isis backup coverage command.
Table 13: show isis backup coverage Output Fields
Topology Type of topology or address family: IPV4 Unicast or IPV6 Unicast.

Table 13: show isis backup coverage Output Fields (continued)
Level IS-IS level:
• 1—Level 1
• 2—Level 2
Node By topology, the percentage of all routes configured on the node that
are protected through backup coverage.
IPv4 Percentage of IPv4 unicast routes that are protected through backup
coverage.
IPv6 Percentage of IPv6 unicast routes that are protected through backup
coverage.
CLNS Percentage of Connectionless Network Service (CLNS) routes that are

protected through backup coverage.
Sample Output
show isis backup coverage

user@host> show isis backup coverage
Backup Coverage:
IPV4 Unicast 2 28.57% 22.22% 0.00% 0.00%
IPV6 Unicast 2 0.00% 0.00% 0.00% 0.00%

IS-IS Feature Guide
show isis backup label-switched-path
Syntax show isis backup label-switched-path

Syntax (EX Series show isis backup label-switched-path

Switches and QFX
Series)

Description Display information about MPLS label-switched-paths (LSPs) designated as backup

routes for IS-IS routes.
Options none—Display information about MPLS LSPs designated as backup routes for IS-IS
routes.
logical-system (all | logical-system-name—(Optional) Perform this operation on all


Level

Documentation
• show isis backup coverage on page 650
List of Sample Output show isis backup label-switched-path on page 653
Output Fields Table 14 on page 652 lists the output fields for the show isis backup label-switched-path
command. Output fields are listed in the approximate order in which they appear.
Table 14: show isis backup label-switched-path Output Fields
Backup MPLS LSPs List of MPLS LSPs designated as backup paths for IS-IS routes.
Egress IP address of the egress routing device for the LSP.

Table 14: show isis backup label-switched-path Output Fields (continued)
Status State of the LSP:
• Up—The routing device can detect RSVP hello messages from the neighbor.
• Down—The routing device has received one of the following indications:
• Communication failure from the neighbor.
• Communication from IGP that the neighbor is unavailable.
• Change in the sequence numbers in the RSVP hello messages sent by the neighbor.
• Deleted—LSP is no longer available as a backup path.
Last change Time elapsed since the neighbor state changed either from up to down or from down to up. The format
is hh:mm:ss.
TE-metric Configured traffic engineering metric.
Metric Configured metric.
Sample Output
show isis backup label-switched-path

user@host> show isis backup label-switched-path
Backup MPLS LSPs:

f-to-g, Egress: 192.168.1.4, Status: up, Last change: 06:12:03
TE-metric: 9, Metric: 0

IS-IS Feature Guide
show backup-selection
Syntax show backup-selection

<logical-system logical-system-name>
<prefix prefix>
Description Display the configured policies for each destination (IPv4 and IPv6) and a primary
next-hop interface.
Options instance instance-name—(Optional) Display configured policy for the routing instance.
interface interface-name—(Optional) Display configured policy for the interface.
logical-system logical-system-name—(Optional) Display configured policy for a particular

logical system or for all logical systems.
prefix prefix—(Optional) Display configured policy for the destination.

Level
List of Sample Output show backup-selection on page 656

show backup-selection instance instance-name on page 656
show backup-selection interface interface-name on page 657
show backup-selection logical-system all on page 657
show backup-selection logical-system logical-system-name on page 659
show backup-selection prefix prefix on page 660
Output Fields Table 15 on page 654 describes the output fields for the show backup-selection command.
Table 15: show backup-selection Output Fields
Prefix Destination prefix .
Interface Primary interface to reach the destination.
• all — All the interfaces on the router which requires backup path.
• <interface-name> — Specific primary interface in the backup path.
admin-group exclude Specifies the administrative groups to be excluded. The backup path is not selected as the
loop free alternative or backup next hop if any of the links in the path have any one of the listed
administrative groups.

Table 15: show backup-selection Output Fields (continued)
admin-group include-all Requires each link in the backup path to have all the listed administrative groups in order to
accept the path.
admin-group include-any Requires each link in the backup path to have at least one of the listed administrative groups
in order to select the path.
admin-group preference Defines an ordered set of administrative groups that specifies the preference of the backup
path. The leftmost element in the set is given the highest preference.
nodes excluded Specifies the list of nodes to be excluded. The backup path that has a router from the list is
not selected as the loop free alternative or backup next hop.
nodes preference Defines an ordered set of nodes to be preferred. The backup path having the leftmost node
is selected.
node-tags excluded Specifies the backup selection to exclude the set of route tags in the backup path selection.
node-tags preference Specifies the set of route tags in descending order of preference.
protection-type Specifies the required protection type of the backup path.
• node — Selects a backup path that provides node protection.

• link — Selects the backup path that provides link protection.
• node-link — Allows either node or link protection LFA where node-protection LFA is preferred
over link-protection LFA.
downstream paths only Selects the backup path that is a downstream path to the destination.
srlg Evaluates common srlgs between the primary link and each link in the backup path.
• strict — Rejects the backup path that has common srlgs between the primary link and any
link in the backup path.
• loose — Allows the backup path that has common srlgs between the primary link and any
link in the backup path. The backup path with the fewer number of srlg collisions is preferred.
B/W >= primary Uses backup next hop only if the bandwidth is greater than or equal to the primary next hop.
root-metric Metric to one-hop node or remote router such as an RSVP backup label switched path (LSP)
tail-end router.
dest-metric Metric from one-hop node or remote router such as an RSVP backup label switched path
(LSP) tail-end router to the final destination.
metric evaluation order Defines the evaluation order of the metric (root and dest metrics) results.
policy evaluation order Defines the evaluation order of the backup policy.

IS-IS Feature Guide
Sample Output
show backup-selection
user@host> show backup-selection
Prefix: 0.0.0.0/0
Interface: all
Admin-group exclude: c6
Admin-group include-all: c1 c2
Admin-group include-any: c3 c4
Nodes excluded: 100.0.7.2
Node preference: 100.2.6.2
Node-tags excluded: 1004
Node-tag preference: 1007
Protection Type: Link, Downstream Paths Only: Enabled, SRLG: Strict, B/w >=
Metric Evaluation Order: Root-metric, Dest-metric
Policy Evaluation Order: Admin-group, SRLG, Bandwidth, Protection, Node,
Node-Tag, Metric
Interface: ge-1/2/5.0
Policy Evaluation Order: Admin-group, SRLG, Bandwidth, Protection
Prefix: 10.150.0.0/16
Interface: all
Prefix: ::/0
Interface: all
Admin-group exclude: c2
Admin-group include-all: c1 c3
Admin-group include-any: c4 c5
show backup-selection instance instance-name

user@host> show backup-selection instance r

Prefix: 0.0.0.0/0
Interface: all
Admin-group preference: c6 c0
show backup-selection interface interface-name

user@host> show backup-selection interface ge-1/2/5.0
Prefix: 0.0.0.0/0
Interface: ge-1/2/5.0
Policy Evaluation Order: Admin-group, SRLG, Bandwidth, Protection
Prefix: 10.150.0.0/16
Prefix: ::/0
show backup-selection logical-system all

user@host> show backup-selection logical-system all
logical-system: R0
Prefix: 0.0.0.0/0
Interface: all
-----
logical-system: R5
Metric, Node-Tag
Prefix: 0.0.0.0/0
Interface: all
-----
logical-system: R1
Metric, Node-Tag

IS-IS Feature Guide
Prefix: 0.0.0.0/0
Interface: all
-----
logical-system: R4
Metric, Node-Tag
Prefix: 0.0.0.0/0
Interface: all
Protection Type: Link, Downstream Paths Only: Disabled, SRLG: Loose, B/w >=
-----
logical-system: R3
Prefix: 0.0.0.0/0
Interface: all
Prefix: 100.0.1.0/24
Interface: all
Metric, Node-Tag
Prefix: 100.0.7.0/24
Interface: all
-----
logical-system: R7
Metric, Node-Tag
Prefix: 0.0.0.0/0
Interface: all
-----
logical-system: R2
Metric, Node-Tag
Prefix: 0.0.0.0/0
Interface: all


-----
logical-system: R6
Metric, Node-Tag
Prefix: 0.0.0.0/0
Interface: all
-----
logical-system: default
Metric, Node-Tag
show backup-selection logical-system logical-system-name

user@host> show backup-selection logical-system R3
Prefix: 100.0.1.0/24
Interface: all
Metric, Node-Tag
Prefix: 100.0.7.0/24
Interface: all
Metric, Node-Tag
Prefix: 0.0.0.0/0
Interface: all
Prefix: 100.0.1.0/24
Interface: all
Metric, Node-Tag
Prefix: 100.0.7.0/24
Interface: all

IS-IS Feature Guide

Metric, Node-Tag
show backup-selection prefix prefix

user@host> show backup-selection prefix 10.150.0.0
Prefix: 10.150.0.0/16
Interface: all

show isis backup spf results
Syntax show isis backup spf results

<level (1 | 2)>
<no-coverage>
<topology (ipv4-unicast | ipv6-multicast | ipv6-unicast | unicast)>
Syntax (EX Series show isis backup spf results

Switches) <instance instance-name>
<level (1 | 2)>
<no-coverage>
<topology (ipv4-unicast | unicast)>
Description Display information about IS-IS shortest-path-first (SPF) calculations for backup paths.
Options none—Display information about IS-IS SPF calculations for all backup paths for all
destination nodes.
instance instance-name—(Optional) Display SPF calculations for backup paths for the
level (1 | 2)—(Optional) Display SPF calculations for the backup paths for the specified
IS-IS level.
logical-system logical-system-name—(Optional) Display SPF calculations for the backup

paths for all logical systems or on a particular logical system.
no-coverage—(Optional) Display SPF calculations only for destinations that do not have
backup coverage.
topology (ipv4-multicast | ipv6-multicast | ipv6-unicast | unicast)—(Optional) Display

SPF calculations for backup paths for the specified topology only.

Level
Related • Example: Configuring Link and Node Protection for IS-IS Routes
Documentation
• show isis backup coverage on page 650
• Understanding Loop-Free Alternate Routes for IS-IS on page 189

IS-IS Feature Guide
List of Sample Output show isis backup spf results on page 662
show isis backup spf results no-coverage on page 663
Output Fields Table 16 on page 662 lists the output fields for the show isis backup spf results command.
Table 16: show isis backup spf results Output Fields
node-name Name of the destination node.
Address Address of the destination node.
Primary next-hop Interface and name of the node of the primary next hop to reach the
destination.
Root Name of the next-hop neighbor.
Metric Metric to the node.
Eligible Indicates that the next-hop neighbor has been designated as a backup
path to the destination node.
Backup next-hop Name of the interface of the backup next hop.
SNPA Subnetwork point of attachment (MAC address of the next hop).
LSP Name of the MPLS label-switched path (LSP) designated as a backup

path.
Not eligible Indicates that the next-hop neighbor cannot function as a backup path
to the destination.
Reason Describes why the next-hop neighbor is designated as Not eligible as

a backup path.
Sample Output
show isis backup spf results

user@host> show isis backup spf results

0 nodes

banff.00
Primary next-hop: so-6/0/0.0, IPV4, olympic
Primary next-hop: ae0.0, IPV4, camaro, SNPA: 0:90:69:f:67:f0
Root: camaro, Root Metric: 10, Metric: 10

Not eligible, Reason: Primary next-hop multipath

Root: olympic, Root Metric: 10, Metric: 10
Root: glacier, Root Metric: 10, Metric: 25
crater.00
Eligible, Backup next-hop: as0.0, IPV4, glacier
Eligible, Backup next-hop: as0.0, IPV6, glacier
olympic.00
track-item: olympic.00-00
track-item: kobuk.00-00
Not eligible, Reason: Path loops
camaro.00
track-item: camaro.00-00
glacier.00
Primary next-hop: as0.0, IPV4, glacier
track-item: glacier.00-00
5 nodes
show isis backup spf results no-coverage

user@host> show isis backup spf results no-coverage

IS-IS Feature Guide

pro-bng3-k.00
Primary next-hop: fe-1/3/3.0, IPV4, pro-bng3-k, SNPA: b0:c6:9a:2c:f0:de
Primary next-hop: fe-1/3/3.0, IPV6, pro-bng3-k, SNPA: b0:c6:9a:2c:f0:de
Root: pro-bng3-k, Root Metric: 10, Metric: 0, Root Preference: 0x0
Root: pro-bng3-i, Root Metric: 10, Metric: 20, Root Preference: 0x0
track-item: pro-bng3-k.00-00
track-item: pro-bng3-j.00-00
pro-bng3-i.00
Primary next-hop: fe-0/1/2.0, IPV4, pro-bng3-i, SNPA: b0:c6:9a:2a:f4:21
Primary next-hop: fe-0/1/2.0, IPV6, pro-bng3-i, SNPA: b0:c6:9a:2a:f4:21
Root: pro-bng3-i, Root Metric: 10, Metric: 0, Root Preference: 0x0
Root: pro-bng3-k, Root Metric: 10, Metric: 20, Root Preference: 0x0
track-item: pro-bng3-j.00-00
track-item: pro-bng3-i.00-00
2 nodes

olympic.00
camaro.00
glacier.00
3 nodes

show isis context-identifier
Syntax show isis context-identifier

<identifier name>
Description Display IS-IS context identifier information.
Options brief | detail | extensive—(Optional) Display the specified level of output.
identifier name—(Optional) Display information about the specified context identifier.
instance instance-name—(Optional) Display entries for the specified routing instance.
logical-system (all | logical-system-name)—(Optional) Display the context identifier

information for all logical systems or for a particular logical system.
Required Privilege View

Level
Output Fields Table 17 on page 665 lists the output fields for the show isis context-identifier command.
Table 17: show isis context-identifier Output Fields
Context IPv4 address that defines a protection pair. The context is manually detail
configured on both primary and protector PEs.
Owner Protocol that requires the context. detail
Role Role of the PE, which is either primary or protector. detail
Primary Name of the primary PE. detail
Metric Advertised interior gateway protocol (IGP) metric. detail
Sample Output
user@host> show isis context-identifier detail
IS-IS context database:

Context Owner Role Primary Metric

IS-IS Feature Guide
2.2.4.3 MPLS Primary pro3-e 1

Advertiser pro3-e, Router ID 10.255.245.198, Metric 1, Level 1
Advertiser pro3-e, Router ID 10.255.245.198, Metric 1, Level 2
Advertiser pro3-c, Router ID 10.255.245.196, Metric 11, Level 2

show isis database

Syntax show isis database

<system-id>
<level (1 | 2)>
Syntax (EX Series show isis database

Switches and QFX <system-id>
Series) <brief | detail | extensive>
<level (1 | 2)>

Command introduced in Junos OS Release 15.1X53-D30 for the QFX10002 switch.
Description Display the entries in the Intermediate System-to-Intermediate System (IS-IS) link-state
database, which contains data about PDU packets.
Options none—Display standard information about IS-IS link-state database entries for all routing
instances.
system id—(Optional) Display IS-IS link-state database entries for the specified
intermediate system.
brief | detail | extensive—(Optional) Display the specified level of output.
instance instance-name—(Optional) Display IS-IS link-state database entries for the

level (1 | 2)—(Optional) Display IS-IS link-state database entries for the specified IS-IS
level.


Level

IS-IS Feature Guide
Related • clear isis database on page 606

Documentation
List of Sample Output show isis database on page 669

show isis database brief on page 670
show isis database detail on page 670
show isis database extensive on page 671
Output Fields Table 18 on page 668 describes the output fields for the show isis database command.
Output fields are listed in the approximate order in which they appear. Fields that contain
internal IS-IS information useful only in troubleshooting obscure problems are not
described in the table. For more details about these fields, contact your customer support
representative.
Table 18: show isis database Output Fields
Interface name Name of the interface on which the link-state PDU has been received; always All levels
IS-IS for this command.
level Level of intermediate system: All levels
• 1—Intermediate system routes within an area; when the destination is outside

an area, it routes toward a Level 2 system.
• 2—Intermediate system routes between areas and toward other ASs.
LSP ID Link-state PDU identifier. All levels
Sequence Sequence number of the link-state PDU. All levels
Checksum Checksum value of the link-state PDU. All levels
Lifetime (secs) Remaining lifetime of the link-state PDU, in seconds. All levels
Attributes Attributes of the specified database: L1, L2, Overload, or Attached (L1 only). none brief
# LSPs Total number of link-state PDUs in the specified link-state database. none brief
IP prefix Prefix advertised by this link-state PDU. detail extensive
IS neighbor IS-IS neighbor of the advertising system. detail extensive
IP prefix IPv4 prefix advertised by this link-state PDU. detail extensive
V6 prefix IPv6 prefix advertised by this link-state PDU. detail extensive
Metric Metric of the prefix or neighbor. detail extensive

Table 18: show isis database Output Fields (continued)
Header • LSP ID—Link state PDU identifier of the header. extensive

• Length—Header length.
• Allocated Length—Amount of length available for the header.
• Router ID—Address of the local routing device.
• Remaining Lifetime—Remaining lifetime of the link-state PDU, in seconds.
Packet • LSP ID—The identifier for the link-state PDU. extensive

• Length—Packet length.
• Lifetime—Remaining lifetime, in seconds.
• Checksum—The checksum of the link-state PDU.
• Sequence—The sequence number of the link-state PDU. Every time the
link-state PDU is updated, this number increments.
• Attributes—Packet attributes.
• NLPID—Network layer protocol identifier.
• Fixed length—Specifies the set length for the packet.
TLVs • Area Address—Area addresses that the routing device can reach. extensive
• Speaks—Supported routing protocols.
• IP router id—ID of the routing device (usually the IP address).
• IP address—IPv4 address.
• Hostname—Assigned name of the routing device.
• IP prefix—IP prefix of the routing device.
• Metric—IS-IS metric that measures the cost of the adjacency between the
originating routing device and the advertised routing device.
• IP extended prefix—Extended IP prefix of the routing device.
• IS neighbor—Directly attached neighbor’s name and metric.
• IS extended neighbor—Directly attached neighbor’s name, metric, IP address,
local interface index, and remote interface index.
The interface indexes enable Junos OS to support unnumbered extensions
for IS-IS, as described in RFC 4205.
• Router Capability—ID of the routing device and flag.
NOTE: Router capability also specifies SPRING capability and SPRING

algorithm when segment routing is enabled on the routing device.
Sample Output
show isis database


kobuk.00-00 0x3 0x3167 1057 L1 L2
camaro.00-00 0x5 0x770e 1091 L1 L2
ranier.00-00 0x4 0xaa95 1091 L1 L2
glacier.00-00 0x4 0x206f 1089 L1 L2
glacier.02-00 0x1 0xd141 1089 L1 L2

IS-IS Feature Guide
badlands.00-00 0x3 0x87a2 1093 L1 L2

6 LSPs

kobuk.00-00 0x6 0x8d6b 1096 L1 L2
camaro.00-00 0x9 0x877b 1101 L1 L2
ranier.00-00 0x8 0x855d 1103 L1 L2
glacier.00-00 0x7 0xf892 1098 L1 L2
glacier.02-00 0x1 0xd141 1089 L1 L2
badlands.00-00 0x6 0x562 1105 L1 L2
6 LSPs
show isis database brief
The output for the show isis database brief command is identical to that for the show isis
database command. For sample output, see show isis database on page 669.
show isis database detail

user@host> show isis database logical-system CE3 sisira.00-00 detail
sisira.00-00 Sequence: 0x11, Checksum: 0x10fc, Lifetime: 975 secs

IS neighbor: hemantha-CE3.02 Metric: 10
ES neighbor: 0015.0015.0015 Metric: 10 Down
ES neighbor: sisira Metric: 0
IP prefix: 1.0.0.0/24 Metric: 10 External Down
sisira.00-00 Sequence: 0x13, Checksum: 0x69ac, Lifetime: 993 secs

ISO prefix: 60.0006.80ff.f800.0000.0108.0001.0015.0015.0015/152
Metric: 10 External Down
ISO prefix: 60.0006.80ff.f800.0000.0108.0001.0025.0025.0025/152


ISO prefix: 60.0006.80ff.f800.0000.0108.0001.0030.0030.0030/152
ISO prefix: 60.0006.80ff.f800.0000.0108.0001.0040.0040.0040/152
ISO prefix: 60.0006.80ff.f800.0000.0108.0001.0060.0060.0060/152
Metric: 0 Internal Up
show isis database extensive

user@host> show isis database extensive
sisira.00-00 Sequence: 0x11, Checksum: 0x10fc, Lifetime: 970 secs

Two-way fragment: hemantha-CE3.02-00, Two-way first fragment:
hemantha-CE3.02-00
ES neighbor: sisira Metric: 0
Header: LSP ID: sisira.00-00, Length: 336 bytes

Allocated length: 336 bytes, Router ID: 0.0.0.0
Remaining lifetime: 970 secs, Level: 1, Interface: 333
Estimated free bytes: 144, Actual free bytes: 0
Aging timer expires in: 970 secs
Protocols: IP, IPv6, CLNS
Packet: LSP ID: sisira.00-00, Length: 336 bytes, Lifetime : 1198 secs
Checksum: 0x10fc, Sequence: 0x11, Attributes: 0xb L1 L2 Attached
NLPID: 0x83, Fixed length: 27 bytes, Version: 1, Sysid length: 0 bytes
Packet type: 18, Packet version: 1, Max area: 0
TLVs:
Area address: 60.0006.80ff.f800.0000.0108.0001 (13)
Speaks: IP
Speaks: IPV6
Speaks: CLNP
Hostname: sisira
ES neighbor TLV: Internal, Metric: default 0, Up
ES: sisira
IS neighbor: hemantha-CE3.02, Internal, Metric: default 10
IS extended neighbor: hemantha-CE3.02, Metric: default 10
ES neighbor TLV: External, Metric: default 10, Down
ES: 0040.0040.0040
ES: 0025.0025.0025

IS-IS Feature Guide

ES: 0015.0015.0015
ES: 0030.0030.0030
IP external prefix: 3.0.0.0/24, Internal, Metric: default 10, Down
IP extended prefix: 3.0.0.0/24 metric 10 down
IP prefix: 60.60.60.60/32, Internal, Metric: default 0, Up
IP extended prefix: 60.60.60.60/32 metric 0 up
No queued transmissions
Router-A.00-00 Sequence: 0x5, Checksum: 0x3196, Lifetime: 1158 secs

IS neighbor: Router-B.02 Metric: 10
Two-way fragment: Router-B.02-00, Two-way first fragment: Router-B.02-00
IS neighbor: Router-E.02 Metric: 10
Two-way fragment: Router-E.02-00, Two-way first fragment: Router-E.02-00
Header: LSP ID: Router-A.00-00, Length: 208 bytes

Protocols: IP, IPv6
Packet: LSP ID: Router-A.00-00, Length: 208 bytes, Lifetime : 1198 secs
Checksum: 0x3196, Sequence: 0x5, Attributes: 0x3 <L1 L2>
TLVs:
Speaks: IP
Speaks: IPV6
IP address: 192.168.0.1
Hostname: Router-A

IPextended prefix: 10.0.0.0/30 metric 10 up

ISneighbor: Router-E.02, Internal, Metric: default 10
ISneighbor: Router-B.02, Internal, Metric: default 10
ISextended neighbor: Router-E.02, Metric: default 10
IS extended neighbor: Router-B.02, Metric: default 10
Router-B.00-00 Sequence: 0x5, Checksum: 0xf8f, Lifetime: 1183 secs

IS neighbor: Router-C.02 Metric: 10
Two-way fragment: Router-C.02-00, Two-way first fragment: Router-C.02-00
Header: LSP ID: Router-B.00-00, Length: 208 bytes

Protocols: IP, IPv6
Packet: LSP ID: Router-B.00-00, Length: 208 bytes, Lifetime : 1196 secs
Checksum: 0xf8f, Sequence: 0x5, Attributes: 0x3 <L1 L2>
TLVs:
Speaks: IP
Speaks: IPV6
IP address: 192.168.0.2
Hostname: Router-B
IS neighbor: Router-B.02, Internal, Metric: default 10
IS neighbor: Router-C.02, Internal, Metric: default 10
IS extended neighbor: Router-C.02, Metric: default 10
Router-B.02-00 Sequence: 0x1, Checksum: 0x3c7c, Lifetime: 1156 secs

IS neighbor: Router-A.00 Metric: 0
Two-way fragment: Router-A.00-00, Two-way first fragment: Router-A.00-00

IS-IS Feature Guide
Header: LSP ID: Router-B.02-00, Length: 76 bytes

Packet: LSP ID: Router-B.02-00, Length: 76 bytes, Lifetime : 1196 secs

Checksum: 0x3c7c, Sequence: 0x1, Attributes: 0x3 <L1 L2>
TLVs:
IS neighbor: Router-A.00, Internal, Metric: default 0
IS extended neighbor: Router-A.00, Metric: default 0
Router-C.00-00 Sequence: 0x5, Checksum: 0x255b, Lifetime: 1182 secs

IS neighbor: Router-D.03 Metric: 10
Two-way fragment: Router-D.03-00, Two-way first fragment: Router-D.03-00
Header: LSP ID: Router-C.00-00, Length: 208 bytes

Protocols: IP, IPv6
Packet: LSP ID: Router-C.00-00, Length: 208 bytes, Lifetime : 1196 secs
Checksum: 0x255b, Sequence: 0x5, Attributes: 0x3 <L1 L2>
TLVs:
Speaks: IP
Speaks: IPV6
IP address: 192.168.0.3
Hostname: Router-C
IS neighbor: Router-D.03, Internal, Metric: default 10

IS extended neighbor: Router-D.03, Metric: default 10

Router-C.02-00 Sequence: 0x1, Checksum: 0xaa09, Lifetime: 1181 secs

Header: LSP ID: Router-C.02-00, Length: 76 bytes

Packet: LSP ID: Router-C.02-00, Length: 76 bytes, Lifetime : 1194 secs

Checksum: 0xaa09, Sequence: 0x1, Attributes: 0x3 <L1 L2>
TLVs:
Router-D.00-00 Sequence: 0x4, Checksum: 0x8ab7, Lifetime: 1180 secs

Header: LSP ID: Router-D.00-00, Length: 208 bytes

Protocols: IP, IPv6
Packet: LSP ID: Router-D.00-00, Length: 208 bytes, Lifetime : 1192 secs
Checksum: 0x8ab7, Sequence: 0x4, Attributes: 0x3 <L1 L2>
TLVs:
Speaks: IP
Speaks: IPV6
IP address: 192.168.0.4
Hostname: Router-D

IS-IS Feature Guide

Router-D.02-00 Sequence: 0x1, Checksum: 0xebbc, Lifetime: 1128 secs

IS neighbor: Router-F.00 Metric: 0
Two-way fragment: Router-F.00-00, Two-way first fragment: Router-F.00-00


Checksum: 0xebbc, Sequence: 0x1, Attributes: 0x3 <L1 L2>
TLVs:
IS neighbor: Router-F.00, Internal, Metric: default 0
IS extended neighbor: Router-F.00, Metric: default 0
Router-D.03-00 Sequence: 0x1, Checksum: 0x129b, Lifetime: 1180 secs



Checksum: 0x129b, Sequence: 0x1, Attributes: 0x3 <L1 L2>
TLVs:

Router-E.00-00 Sequence: 0x4, Checksum: 0x9da9, Lifetime: 1155 secs

Header: LSP ID: Router-E.00-00, Length: 208 bytes

Protocols: IP, IPv6
Packet: LSP ID: Router-E.00-00, Length: 208 bytes, Lifetime : 1185 secs
Checksum: 0x9da9, Sequence: 0x4, Attributes: 0x3 <L1 L2>
TLVs:
Speaks: IP
Speaks: IPV6
IP address: 192.168.0.5
Hostname: Router-E
IS neighbor: Router-E.02, Internal, Metric: default 10
IS extended neighbor: Router-E.02, Metric: default 10
Router-E.02-00 Sequence: 0x1, Checksum: 0xb4fa, Lifetime: 1130 secs



IS-IS Feature Guide
Checksum: 0xb4fa, Sequence: 0x1, Attributes: 0x3 <L1 L2>

TLVs:
Router-F.00-00 Sequence: 0x5, Checksum: 0x94bd, Lifetime: 1153 secs

Header: LSP ID: Router-F.00-00, Length: 208 bytes

Protocols: IP, IPv6
Packet: LSP ID: Router-F.00-00, Length: 208 bytes, Lifetime : 1183 secs
Checksum: 0x94bd, Sequence: 0x5, Attributes: 0x3 <L1 L2>
TLVs:
Speaks: IP
Speaks: IPV6
IP address: 192.168.0.6
Hostname: Router-F
Router-E.02-00 Sequence: 0x1, Checksum: 0xb4fa, Lifetime: 1130 secs




Checksum: 0xb4fa, Sequence: 0x1, Attributes: 0x3 <L1 L2>
TLVs:
Router-F.00-00 Sequence: 0x5, Checksum: 0x94bd, Lifetime: 1153 secs


Protocols: IP, IPv6
Checksum: 0x94bd, Sequence: 0x5, Attributes: 0x3 <L1 L2>
TLVs:
Speaks: IP
Speaks: IPV6
IP address: 192.168.0.6
Hostname: Router-F

IS-IS Feature Guide

Router-F.02-00 Sequence: 0x1, Checksum: 0xf5ae, Lifetime: 1153 secs



Checksum: 0xf5ae, Sequence: 0x1, Attributes: 0x3 <L1 L2>
TLVs:

show isis hostname

Syntax show isis hostname

Syntax (EX Series show isis hostname

Switches and QFX
Series)

Description Display IS-IS hostname database information.
This command displays the system ID-to-name cache. The output shows if the mapping
has been learned by receipt of a Hostname TLV #137 (type dynamic) configured in Junos
OS with the set system host-name command, or a static mapping defined in Junos OS
with the set system static-host-mapping hostname sysid command (type static). The
local router always has its type set to static even if static-host-mapping is not configured.
Options none—Display IS-IS hostname database information.


Level
List of Sample Output show isis hostname on page 682
Output Fields Table 19 on page 681 describes the output fields for the show isis hostname command.
Table 19: show isis hostname Output Fields
System Id System identifier mapped to the hostname.
Hostname Hostname mapped to the system identifier.

IS-IS Feature Guide
Table 19: show isis hostname Output Fields (continued)
Type Type of mapping between system identifier and hostname.
• Dynamic—Hostname mapping determined as described in

RFC 2763, Dynamic Hostname Exchange Mechanism for IS-IS.
• Static—Hostname mapping configured by user.
Sample Output
show isis hostname

user@host> show isis hostname
IS-IS hostname database:

System Id Hostname Type
1921.6800.4201 isis1 Dynamic
1921.6800.4202 isis2 Static
1921.6800.4203 isis3 Dynamic

show isis interface

Syntax show isis interface

<interface-name>
Syntax (EX Series show isis interface

Switches and QFX <brief | detail | extensive>
Series) <interface-name>

Description Display status information about Intermediate System-to-Intermediate System

(IS-IS)-enabled interfaces.
NOTE: If the configured metric for an IS-IS level is above 63, and the
wide-metrics-only statement is not configured, the show isis interface detail
command and the show isis interface extensive command display 63 as the
metric value for that level. Configure the wide-metrics-only statement to
generate metric values greater than 63 on a per IS-IS level basis.
The show isis interface command displays the configured metric value for an
IS-IS level irrespective of whether is configured or not.
Options none—Display standard information about all IS-IS-enabled interfaces.
brief | detail | extensive—(Optional) Display the specified level of output.
interface-name—(Optional) Display information about the specified interface only.


Level
Related • Understanding Wide IS-IS Metrics for Traffic Engineering on page 272
Documentation

IS-IS Feature Guide
List of Sample Output show isis interface on page 686

show isis interface brief on page 686
show isis interface detail on page 686
show isis interface extensive on page 686
Output Fields Table 20 on page 684 describes the output fields for the show isis interface command.
Table 20: show isis interface Output Fields
interface-name Name of the interface. detail
Designated router Routing device selected by other routers that is responsible for sending link-state detail
advertisements that describe the network. Used only on broadcast networks.
Index Interface index assigned by the Junos OS kernel. detail
State Internal implementation information. detail
Circuit id Circuit identifier. detail
NOTE: Each IS-IS interface is assigned a circuit ID value to identify the interface
within the linkstate database. All interfaces (loopback, broadcast, and so on)
and all point-to-point links share the locally significant value of 0x01, and this
value is not incremented.
Circuit type Circuit type: detail
LSP interval Interval between link-state PDUs sent from the interface. detail
CSNP interval Interval between complete sequence number PDUs sent from the interface. detail extensive
Sysid System identifier. detail
Interface Interface through which the adjacency is made. none brief
L or Level Level: All levels
NOTE: The default IS-IS level on loopback interfaces are always same as the
IS-IS level configured on other IS-IS interfaces in a router. You can also configure
IS-IS level on loopback interfaces per your requirement.
CirID Circuit identifier. none brief

Table 20: show isis interface Output Fields (continued)
Level 1 DR Level 1 designated intermediate system. none brief
Level 2 DR Level 2 designated intermediate system. none brief
L1/L2 Metric Interface's metric for Level 1 and Level 2. If there is no information, the metric none brief
is 0.
Flood-group Flood-group is configured on a specific IS-IS interface detail extensive

Area-ID
NOTE: Seen only when Flood-group is configured.
Adjacency This routing device has signaled to advertise this interface to its neighbors in detail extensive
advertisement: their label-switched paths (LSPs).
Advertise
Adjacency This neighbor has signaled not to advertise this interface in the routing device’s detail extensive
advertisement: outbound LSPs.
Suppress
Adjacencies Number of adjacencies established on this interface. detail
Priority Priority value for this interface. detail
Metric Metric value for this interface. detail
Hello(s) / Hello Interface's hello interval. detail extensive

Interval
Hold(s) / Hold Time Interface's hold time. detail extensive
Designated Router Router responsible for sending network link-state advertisements, which describe detail
all the routing devices attached to the network.
Hello padding Type of hello padding: extensive
• Adaptive—On point-to-point connections, the hello packets are padded from

the initial detection of a new neighbor until the neighbor verifies the adjacency
as Up in the adjacency state TLV. If the neighbor does not support the
adjacency state TLV, then padding continues. On LAN connections, padding
starts from the initial detection of a new neighbor until there is at least one
active adjacency on the interface.
• Loose—(Default) The hello packet is padded from the initial detection of a
new neighbor until the adjacency transitions to the Up state.
• Strict—Padding is performed on all interface types and for all adjacency
states, and is continuous.
LDP sync state Current LDP synchronization state: in sync, in holddown, or not supported. extensive
reason Reason for being in the LDP sync state. extensive

IS-IS Feature Guide
Table 20: show isis interface Output Fields (continued)
config holdtime Configured value of the hold timer. extensive
remaining If the state is not in sync and the hold time is not infinity, then this field displays extensive
the remaining hold time in seconds.
IIH max size Configured value of IS-IS hello packets extensive
Sample Output
show isis interface

user@host> show isis interface

at-2/3/0.0 3 0x1 Point to Point Point to Point 10/10
show isis interface brief
The output for the show isis interface brief command is identical to that for the show isis
interface command. For sample output, see show isis interface on page 686.
show isis interface detail

user@host> show isis interface detail

at-2/3/0.0
1 1 64 10 9.000 27
2 1 64 10 9.000 27
lo0.0
Protection Type: Node Link, No eligible Backup
1 0 64 0 Passive
2 0 64 0 Passive
show isis interface extensive

user@host> show isis interface extensive

xe-6/1/0.0
LSP interval: 100 ms, CSNP interval: 10 s, Loose Hello padding, IIH max size:
1505

Flood-group Area-ID: 49.0001

Level 1
Disabled
Level 2
Designated Router: nemean.03

IS-IS Feature Guide
Syntax show isis interface-group

<instance instance>
<logical-system (all| logical-system-name)>
Release Information Command introduced in Junos OS Release 16.1 for the M Series and MX Series.
Description Display status information about the specified interface group.
Options none— Display standard status information about the interface group.
instance— Display the status information about the interface group for the specified
instance.
logical-system (all | logical-system-name)— (Optional) Perform this operation on all


Level
Related • interface-group-holddown-delay on page 496

Documentation
List of Sample Output show isis interface-group on page 689
Output Fields Table 21 on page 688 describes the output fields for the show isis interface-group command.
Table 21: show layer2-map Output Fields
Interface-group Name of the interface group followed by the interfaces that belong to the specified group and their
status.
Total Nominal Bandwidth Minimum bandwidth reserved for this interface group.
Total Actual Bandwidth Total bandwidth that is actually available.
Level IS-IS Level
• 1—Level 1
• 2—Level 2
Address family Address family can have one of the following values:
• IPv6 Unicast
• IPv6 Multicast

Table 21: show layer2-map Output Fields (continued)
Metric Metric value for this interface group.
Bandwidth Treshold The maximum bandwidth allowed for this interface group.
Sample Output

user@host> show isis interface-group
Interface-group: R2-B
et-8/0/0.0, 100Gbps, Up
et-9/0/0.0, 100Gbps, Up
Total Nominal Bandwidth: 200Gbps, Total Actual Bandwidth: 200Gbps
Level 1
IPV6 Unicast, Metric: 30
Bandwidth Threshold: 100Gbps, Metric: 1000
IPV6 Multicast, Metric: 30

IS-IS Feature Guide
show isis layer2-map
Syntax show isis layer2-map

<destination>
Release Information Command introduced in Junos OS Release 16.1 for the MX Series and PTX Series.
Description Display the details of the Layer 2 ARP or neighbor discovery next hops and the mapped
data link address in the kernel for the routing instances.
Options none— Display all the Layer 2 mappings in the kernel for all supported address families
for all routing instances.
destination— (Optional) Display the Layer 2 mapping for a specified destination address.
instance instance-name— (Optional) Display the Layer 2 mapping for the specified
routing instance only.
logical-system (all | logical-system-name)— (Optional) Perform this operation on all


Level
Related • Layer 2 Mapping for IS-IS on page 281

Documentation
• layer2-map on page 509
List of Sample Output show isis layer2-map on page 691
Output Fields Table 21 on page 688 describes the output fields for the show isis layer2-map command.
Table 22: show isis layer2-map Output Fields
Interface The interface name of the next hop.
IP address IP address of the next hop.
IPv4 records Total number of IPv4 records.
IPv6 records Total number of IPv6 records.

Table 22: show isis layer2-map Output Fields (continued)
SNPA The subnetwork point of attachment (SNPA) indicates the data link address of the next hop.
State State of the next hop. This field can have one of the following values:
• Delete—The specified entry is deleted.

• Disabled—The Layer 2 mapping is disabled.
• Rexmit—This additional state is displayed along with other states for entries that need to be
retransmitted
• Sent—The entry was sent or added to the kernel.
Refresh Time in seconds before the next hop is refreshed.
Sample Output
show isis layer2-map

user@host> show isis layer2-map logical-system all
logical-system: r2

12.0.0.1 lt-1/2/0.21 b0:c6:9a:2c:d8:bc 00:14:34
Sent
IPv4 records: 1
IPv6 records: 0
-----
logical-system: r1

12.0.0.2 lt-1/2/0.12 b0:c6:9a:2c:d8:bd 00:14:34
Sent
IPv4 records: 1
IPv6 records: 0

IS-IS Feature Guide
show isis overview
Syntax show isis overview

Syntax (EX Series show isis overview

Series)

Description Display IS-IS overview information.
Options none—Display standard overview information about IS-IS for all routing instances.
instance instance-name—(Optional) Display overview information for the specified

routing instance.


Level
List of Sample Output show isis overview on page 694
Output Fields Table 23 on page 692 lists the output fields for the show isis overview command. Output
fields are listed in the approximate order in which they appear.
Table 23: show isis overview Output Fields
Hostname Name of the router.
Sysid Part of the ISO address of the routing device.
Areaid The area number of the routing device.
Instance IS-IS routing instance.
Router ID Router ID of the routing device.
Adjacency holddown Adjacency holddown capability: enabled or disabled.

Table 23: show isis overview Output Fields (continued)
Maximum Areas Maximum number of IS-IS areas advertised by the routing device.
LSP life time Lifetime of the link-state PDU, in seconds.
Filter low life time LSPs LSPs with a lifetime lower than this value are filtered out.
up to
Attached bit evaluation Attached bit capability: enabled or disabled.
SPF delay Delay before performing consecutive shortest-path-first (SPF) calculations.
SPF holddown Delay before performing additional SPF calculations after the maximum number of consecutive SPF
calculations is reached.
SPF rapid runs Maximum number of SPF calculations that can be performed in succession before the holddown timer
begins.
Overload bit at startup Overload bit capability is enabled.

is set
Overload high metrics Overload high metrics capability: enabled or disabled.
Allow internal prefix Allow internal prefixes to be advertised with high metric: enabled or disabled
overloading
Allow external prefix Allow external prefixes to be advertised with high metric: enabled or disabled
overloading
Overload timeout Time period after which overload is reset and the time that remains before the timer is set to expire.
Traffic engineering Traffic engineering capability: enabled or disabled.
Restart Graceful restart capability: enabled or disabled.
Restart duration Time period for complete reacquisition of IS-IS neighbors.
Helper mode Graceful restart helper capability: enabled or disabled.
Level IS-IS level:
IPv4 is enabled IP Protocol version 4 capability is enabled.
IPv6 is enabled IP Protocol version 6 capability is enabled.

IS-IS Feature Guide
Table 23: show isis overview Output Fields (continued)
Micro-loop avoidance Micro-loop avoidance is enabled. Generally adjacent nodes converge faster than neighboring nodes
causing traffic to loop. A route convergence delay is configured to avoid such micro loops.
Internal route Preference value of internal routes.

preference
External route Preference value of external routes.

preference
Prefix export limit Number of prefixes allowed to be exported, as configured by the prefix-export-limit statement.
Prefix export count Number of prefixes exported.
Wide area metrics are Wide area metrics capability is enabled.

enabled
Narrow metrics are Narrow metrics capability is enabled.

enabled
Adjacency holddown is IS-IS adjacencies come up one after another when adjacency holddown is enabled.
active
Sample Output
show isis overview

user@host> show isis overview
Instance: master
Router ID: 10.255.107.183
Hostname: pro-bng3-a
Sysid: 0192.0168.0001
Areaid: 49.0002
Maximum Areas: 3
LSP life time: 1200
Filter low life time LSPs up to: 300
Overload bit at startup is set
Overload high metrics: disabled
Allow route leaking: disabled
Allow internal prefix overloading: enabled
Allow external prefix overloading: enabled
Overload timeout: 60 sec
IPv4 is enabled, IPv6 is enabled
Micro-loop avoidance: Enabled
Method: Route Convergence Delay, Route convergence delay: 5000 msec
Restart: Disabled
Level 1


Adjacency holddown is active
Level 2
Prefix export limit: 5, Prefix export count: 5
Wide metrics are enabled
Adjacency holddown is active
user@host> show isis overview logical-system R2
Instance: master
Router ID: 192.168.0.2
Hostname: pro-bng3-a-R2
Sysid: 0192.0168.0002
Areaid: 49.0002
Maximum Areas: 3
LSP life time: 1200
Restart: Disabled
Level 1
Level 2
user@host> show isis overview logical-system R3
Instance: master
Router ID: 192.168.0.3
Hostname: pro-bng3-a-R3
Sysid: 0192.0168.0003
Areaid: 49.0002
Maximum Areas: 3
LSP life time: 1200
Restart: Disabled
Level 1
Level 2

IS-IS Feature Guide


show isis purge log
Syntax show isis purge log

<level level>
Release Information Command introduced in Junos OS Release 16.2R1 for the MX Series and PTX Series.
Description Displays the purge log history received from adjacent devices. The purge log can include
the type, length and value (TLV) details and the Intermediate System (IS) identification.
Use this command to identify the purge originator and view other details of recent purges.
You can display the last 50 entries in the IS-IS purge log and filter the log history based
on the IS-IS level or by routing instance.
Options none—Display purge log of all routing instances.
instance instance-name—(Optional) Display purge log of the specified routing instance.
level level—(Optional) Display purge log of IS-IS routers that belong to the specified
level.


Level
Related • purge-originator on page 569

Documentation
List of Sample Output show isis purge log on page 698
Output Fields Table 24 on page 697 describes the output fields for the show isis purge log command.
Table 24: show isis purge log Output Fields
IS-IS Level Level:
An exclamation point (!) preceding the level number indicates that the adjacency
is missing an IP address.

IS-IS Feature Guide
Table 24: show isis purge log Output Fields (continued)
Time Date and time in hours, minutes, and seconds when the purge occurred.
LSP Name Name of the LSP where the purge occurred
Originator Source of the purge
Received Router that received the purge instruction
Sample Output
show isis purge log

user@host> show isis purge log
IS-IS level Level: 1 Purge log:

Time LSP Name Originator Received
Wed Aug 5 17:52:32 VMX_R5_re.00-00 VMX_R6_re VMX_R4_re
Wed Aug 5 17:52:32 VMX_R6_re.00-00 VMX_R6_re 0000.0000.0000

show isis route

Syntax show isis route

<destination>
<inet | inet6>
<topology (ipv4-multicast | ipv6-multicast | ipv6-unicast | unicast)>
Syntax (EX Series show isis route

Switches and QFX <destination>
Series) <inet | inet6>

Description Display the routes in the IS-IS routing table.
Options none—Display all routes in the IS-IS routing table for all supported address families for
all routing instances.
destination—(Optional) Destination address for the route.
inet | inet6—(Optional) Display inet (IPv4) or inet6 (IPv6) routes, respectively.
instance instance-name—(Optional) Display routes for the specified routing instance

only.


routes for the specified topology only, or use unicast to display information, if
available, for both IPv4 and IPv6 unicast topologies.

Level
List of Sample Output show isis route logical-system on page 700

show isis route floodgroup on page 701
show isis route (CLNS) on page 701

IS-IS Feature Guide
show isis route on page 701
Output Fields Table 25 on page 700 describes the output fields for the show isis route command. Output
Table 25: show isis route Output Fields
Current version Number of the current version of the IS-IS routing table.
L1 Version of Level 1 SPF that was run.
Prefix or Label Destination of the route.
L IS-IS level:
Version Version of SPF that generated the route.
Metric Metric value associated with the route.
Type Metric type: int (internal) or ext (external).
Interface Interface to the next hop.
Via System identifier of the next hop, displayed as a name if possible.
ISO Routes ISO routing table entries.
snpa MAC address.
Sample Output
show isis route logical-system

user@host> show isis route logical-system ls1

Prefix L Version Metric Type Interface Via
10.9.7.0/30 2 11 20 int gr-0/2/0.0 h
10.9.201.1/32 2 11 60 int gr-0/2/0.0 h
IPV6 Unicast IS-IS routing table Current version: L1: 9 L2: 11
8009:3::a09:3200/126 2 11 20 int gr-0/2/0.0 h

show isis route floodgroup

user@R2> show isis route floodgroup 49.0001

IPv4/IPv6 Routes
----------------
Backup Score
0.0.0.0/0 1 14 10 int ge-0/0/8.0 IPV4 R1
81.3.3.3/32 1 14 10 int ge-0/0/8.0 IPV4 R1
128.220.17.202/32 1 14 10 int ge-0/0/8.0 IPV4 R1
show isis route (CLNS)

user@host> show isis route

IPv4/IPv6 Routes
0.0.0.0/0 1 10 10 int fe-0/0/1.0 ISIS.0
ISO Routes
Prefix L Version Metric Type Interface Via snpa
0/0
1 10 10 int fe-0/0/1.0 isis.0 0:12:0:34:0:56
47.0005.80ff.f800.0000.0108.0001/104
1 10 0 int
47.0005.80ff.f800.0000.0108.0001.1921.6800.4001/152
1 10 10 int fe-0/0/1.0 isis.0 0:12:0:34:0:56
47.0005.80ff.f800.0000.0108.0001.1921.6800.4002/152
1 10 20 int fe-0/0/1.0 isis.0 0:12:0:34:0:56
47.0005.80ff.f800.0000.0108.0002/104
1 10 0 int
47.0005.80ff.f800.0000.0108.0002.1921.6800.4001/152
1 10 10 int fe-0/0/1.0 isis.0 0:12:0:34:0:56
show isis route

user@host> show isis route

IPv4/IPv6 Routes
----------------
10.255.71.52/32 2 13 10 int ae0.0 IPV4 camaro
10.255.71.238/32 2 13 20 int so-6/0/0.0 IPV4 olympic
as0.0 IPV4 glacier
ae0.0 IPV4 camaro
10.255.71.242/32 2 13 10 int as0.0 IPV4 glacier

IS-IS Feature Guide
13.15.0.0/30 2 13 30 int ae0.0 IPV4 camaro
so-6/0/0.0 IPV4 olympic
as0.0 IPV4 glacier
13.16.0.0/30 2 13 25 int as0.0 IPV4 glacier
14.15.0.0/30 2 13 20 int ae0.0 IPV4 camaro
as0.0 IPV4 glacier
1eee::/64 2 13 30 int so-6/0/0.0 IPV6 olympic
as0.0 IPV6 glacier
abcd::10:255:71:52/128 2 13 10 int ae0.0 IPV6 camaro
abcd::10:255:71:238/128 2 13 20 int so-6/0/0.0 IPV6 olympic
as0.0 IPV6 glacier
ae0.0 IPV6 camaro
abcd::10:255:71:242/128 2 13 10 int as0.0 IPV6 glacier
MPLS Routes
-----------
Label L Version Metric Type Interface NH Via
300032 /52 2 38 0 int lt-1/2/0.13 MPLS Direct forward
to 10.0.7.60(pro-bng3-c-E)
to 10.0.6.60(pro-bng3-c-E)
to 10.0.6.60(pro-bng3-c-E)
to 10.0.6.60(pro-bng3-c-E)
to 10.0.6.60(pro-bng3-c-E)
to 10.0.10.70(pro-bng3-c-F)
to 10.0.10.70(pro-bng3-c-F)
to 10.0.10.70(pro-bng3-c-F)
to 10.0.10.70(pro-bng3-c-F)
to 10.0.7.60(pro-bng3-c-E)


to 10.0.7.60(pro-bng3-c-E)
to 10.0.7.60(pro-bng3-c-E)

IS-IS Feature Guide
show isis route download priority
Syntax show isis route download priority

<destination>
<floodgroup floodgroup>
<inet | inet6>
<iso>
<logical-system (all | logical-system-name>
<nexthop interface | neighbor>
Description Display the routes in the IS-IS routing table in the sequence of set priority. IS-IS routes
set with a high priority are displayed first followed by medium and low priority prefixes.
Internet Service Providers (ISP) can configure route priority to ensure faster convergence
for important customers.
Configure a routing policy to assign a priority to IS-IS routes. These routes are updated
in the routing table in the order of their priority. In the event of an IS-IS topology change,
high priority prefixes are updated in the routing table first followed by medium and then
low priority prefixes.
Options none—Display all routes in the IS-IS routing table in order of their priority for all supported
address families for all routing instances.
destination—(Optional) Destination address for the route for which you want to display
the priority.
floodgroup floodgroup—(Optional) Display the priority of routes that belong to a specific

floodgroup.
inet | inet6—(Optional) Display IS-IS route priority for inet (IPv4) or inet6 (IPv6) routes,
respectively.
instance instance-name—(Optional) Display route priority for the specified routing

instance only.
iso—(Optional) Display the priority of Connectionless Network Service (CLNS) routes.
nexthop interface | neighbor—Display the priority of routes reachable through a specific

next hop.


routes in order of the set priority for the specified topology only, or use unicast to
display information, if available, for both IPv4 and IPv6 unicast topologies.


Level
Related • show isis route on page 699

Documentation
• Example: Configuring a Routing Policy to Prioritize IS-IS Routes on page 115
• import (Protocols IS-IS) on page 493
List of Sample Output show isis route download-priority on page 705
Output Fields Table 25 on page 700 describes the output fields for the show isis route command. Output
Table 26: show isis route Output Fields
Current version Number of the current version of the IS-IS routing table.
Prefix or Label Destination of the route.
L IS-IS level:
Version Version of SPF that generated the route.
Metric Metric value associated with the route.
Type Metric type: int (internal) or ext (external).
Interface Interface to the next hop.
Via System identifier of the next hop, displayed as a name if possible.
NH Next hop address type: IPv4, IPv6, or MPLS.
Backup Score Count of available backup paths.
Sample Output
show isis route download-priority

user@host> show isis route download-priority

IS-IS Feature Guide

IPv4/IPv6 Routes
----------------
Backup Score
3.3.3.3/32 2 122 20 int ge-1/0/1.0 IPV4 R2
ge-5/0/9.0 IPV4 R2
2.2.2.2/32 2 122 10 int ge-1/0/1.0 IPV4 R2
ge-5/0/9.0 IPV4 R2
198.1.1.0/24 2 122 20 int ge-1/0/1.0 IPV4 R2
ge-5/0/9.0 IPV4 R2
198.1.2.0/24 2 122 20 int ge-1/0/1.0 IPV4 R2
ge-5/0/9.0 IPV4 R2
2001:db8:2:2::1/128 2 122 10 int ge-1/0/1.0 IPV6 R2
ge-5/0/9.0 IPV6 R2
2001:db8:3:3::3/128 2 122 20 int ge-1/0/1.0 IPV6 R2
ge-5/0/9.0 IPV6 R2
2001:db8:1:1::/64 2 122 20 int ge-1/0/1.0 IPV6 R2
ge-5/0/9.0 IPV6 R2
2001:db8:1:2::/64 2 122 20 int ge-1/0/1.0 IPV6 R2
ge-5/0/9.0 IPV6 R2

show isis spf

Syntax show isis spf (brief | log | results)

<level (1 | 2)>
Syntax (EX Series show isis spf (brief | log | results)

Switches) <instance instance-name>
<level (1 | 2)>

Description Display information about IS-IS shortest-path-first (SPF) calculations.
Options brief—Display an overview of SPF calculations.
log—Display the log of SPF calculations.
results—Display the results of SPF calculations.
instance instance instance-name—(Optional) Display SPF calculations for the specified

routing instance.
level (1 | 2)—(Optional) Display SPF calculations for the specified IS-IS level.
log—Display the log of SPF calculations.

results—Display the results of SPF calculations.

SPF calculations for the specified topology only.

Level
List of Sample Output show isis spf log on page 708

show isis spf results logical-system on page 709
show isis spf results (CLNS) on page 710

IS-IS Feature Guide
Output Fields Table 27 on page 708 describes the output fields for the show isis spf command. Output
Table 27: show isis spf Output Fields
Node System ID of a node.
Metric Metric to the node.
Interface Interface of the next hop.
Via System ID of the next hop.
SNPA Subnetwork point of attachment (MAC address of the next hop).
Start time (log option only) Time that the SPF computation started.
Elapsed (secs) (log option only) Length of time, in seconds, required to complete
the SPF computation.
Count (log option only) Number of times the SPF was triggered.
Reason (log option only) Reason that the SPF computation was completed.
Sample Output
show isis spf log

user@host> show isis spf log logical-system lsl
IS-IS level 1 SPF log:

Start time Elapsed (secs) Count Reason
Fri Oct 31 12:41:18 0.000069 1 Reconfig
Fri Oct 31 12:41:18 0.000107 3 Updated LSP fix.00-00
Fri Oct 31 12:41:18 0.000050 3 Address change on so-1/2/2.0
Fri Oct 31 12:41:28 0.000178 5 New adjacency scat on ge-1/1/0.0
Fri Oct 31 12:42:30 0.000161 2 Multi area attachment change
Fri Oct 31 12:56:58 0.000198 1 Periodic SPF
IS-IS level 2 SPF log:

Fri Oct 31 12:41:18 0.000035 1 Reconfig
Fri Oct 31 12:41:18 0.000043 5 Address change on gr-0/2/0.0
Fri Oct 31 12:41:59 0.000144 3 New adjacency h on gr-0/2/0.0
Fri Oct 31 12:42:30 0.000257 3 New LSP skag.00-00
Fri Oct 31 12:55:55 0.000174 1 Updated LSP h.00-00

Fri Oct 31 12:55:58 0.000176 1 Updated LSP skag.00-00

IPV6 Unicast IS-IS level 1 SPF log:

Fri Oct 31 12:41:18 0.000028 1 Reconfig
Fri Oct 31 12:41:28 0.000103 5 New adjacency scat on ge-1/1/0.0
Fri Oct 31 12:42:30 0.000118 2 Multi area attachment change
IPV6 Unicast IS-IS level 2 SPF log:

Fri Oct 31 12:41:18 0.000027 1 Reconfig
Fri Oct 31 12:41:59 0.000087 3 New adjacency h on gr-0/2/0.0
Fri Oct 31 12:42:30 0.000123 3 New LSP skag.00-00
Fri Oct 31 12:55:55 0.000121 1 Updated LSP h.00-00
Fri Oct 31 12:55:58 0.000121 1 Updated LSP skag.00-00
...
show isis spf results logical-system

user@host> show isis spf results logical-system ls1

Node Metric Interface Via SNPA
scat.00 10 ge-1/1/0.0 scat 0:90:69:a6:48:9d
20 10.9.1.0/30
fix.02 10
fix.00 0
10 10.9.1.0/30
10 10.9.5.0/30
10 10.9.6.0/30
20 10.9.7.0/30
60 10.9.201.1/32
3 nodes

skag.00 20 gr-0/2/0.0 h
30 10.9.7.0/30
skag.02 20 gr-0/2/0.0 h
h.00 10 gr-0/2/0.0 h
20 10.9.6.0/30
20 10.9.7.0/30
60 10.9.201.1/32
fix.00 0
10 10.9.1.0/30
10 10.9.5.0/30

IS-IS Feature Guide
10 10.9.6.0/30
4 nodes

scat.00 10 ge-1/1/0.0 scat 0:90:69:a6:48:9d
ge-1/1/0.0 scat 0:90:69:a6:48:9d
20 8009:1::a09:1400/126
fix.02 10
fix.00 0
10 8009:1::a09:1400/126
10 8009:2::a09:1e00/126
20 8009:3::a09:3200/126
10 8009:4::a09:2800/126
3 nodes

skag.00 20 gr-0/2/0.0 h
gr-0/2/0.0 h
30 8009:3::a09:3200/126
skag.02 20 gr-0/2/0.0 h
gr-0/2/0.0 h
h.00 10 gr-0/2/0.0 h
gr-0/2/0.0 h
20 8009:3::a09:3200/126
20 8009:4::a09:2800/126
fix.00 0
10 8009:1::a09:1400/126
10 8009:2::a09:1e00/126
10 8009:4::a09:2800/126
4 nodes
Multicast IS-IS level 1 SPF results:

scat.00 10 ge-1/1/0.0 scat 0:90:69:a6:48:9d
fix.02 10
fix.00 0
3 nodes
Multicast IS-IS level 2 SPF results:

skag.00 20 gr-0/2/0.0 h
skag.02 20 gr-0/2/0.0 h
h.00 10 gr-0/2/0.0 h
fix.00 0
4 nodes
...
show isis spf results (CLNS)

user@host> show isis spf results

skag.00 10 fe-0/0/1.0 toothache 0:12:0:34:0:56
fe-0/0/1.0 toothache 0:12:0:34:0:56
20 192.168.37.64/29
10 1921.6800.4001
20 1921.6800.4002

pro1-a.02 10
pro1-a.00 0
0 10.255.245.1/32
10 192.168.37.64/29
0 1921.6800.4211
3 nodes

skag.00 10 fe-0/0/1.0 toothache 0:12:0:34:0:56
fe-0/0/1.0 toothache 0:12:0:34:0:56
20 10.255.245.1/32
20 192.168.37.64/29
20 47.0005.80ff.f800.0000.0109.0010/104
pro1-a.02 10
pro1-a.00 0
0 10.255.245.1/32
10 192.168.37.64/29
3 nodes

IS-IS Feature Guide
show isis spring interface traffic-statistics
Syntax show isis spring interface traffic-statistics

logical-system (all |logical-system-name)
Release Information Command introduced in Junos OS Release 17.3R1 for MX Series and PTX Series.
Description Display the traffic statistics of an IS-IS SPRING link. SPRING traffic is measured to
recalculate the actual available bandwidth to RSVP for traffic engineering.
Options none— Display the traffic statistics of an IS-IS SPRING link.


Level

Documentation
• clear isis spring traffic-statistics on page 612
• show auto-bandwidth on page 626
List of Sample Output show isis spring interface traffic-statistics on page 712
Sample Output
show isis spring interface traffic-statistics

user@host> show isis spring interface traffic-statistics
Interface name Bytes Packets

ge-0/0/1.0 1287495 3000
ae0.0 2332435435 10233

show isis spring sensor info
Syntax show isis spring sensor info

logical-system (all |logical-system-name)
Release Information Command introduced in 19.1R1 on MX Series routers with MPC and MIC interfaces, and
PTX series routers.
Description Displays a list of sensors associated with the label IS-IS route and next hops for segment
routing traffic. The command only displays the information related to the sensors and
not the traffic statistics.
Options none— Display the sensor information of an IS-IS SPRING route.


Level
Related • sensor-based-stats on page 574

Documentation
• Understanding Source Packet Routing in Networking (SPRING) on page 289
List of Sample Output show isis spring sensor info on page 713
Output Fields Table 1 describes the output fields for the show isis spring sensor info command. Output
Table 28: show isis spring sensor info Output Fields
Field Field Description
Sensor-name Represents the router or interface that the sensor is associated with.
Sensor-id Unique number associated either with route or interface.
Sample Output
show isis spring sensor info

user@host> show isis spring sensor info
Per-interface-per-member-link Ingress Sensor:

---------------------------------------------
Sensor-name Sensor-id

IS-IS Feature Guide
aggr_ingress_intf_sensor 3221225484
Per-interface-per-member-link Egress Sensor:

---------------------------------------------
ge-0/0/0.0 3221225497
ge-0/0/1.0 3221225498
ge-0/0/2.0 3221225499
Per-sid Ingress Sensor:

----------------------
16 3221225478
17 3221225479
18 3221225474
19 3221225475
20 3221225482
21 3221225483
22 3221225480
23 3221225481
24 3221225489
25 3221225490
400001 3221225491
400002 3221225492
400005 3221225487
400006 3221225488
400009 3221225493
400010 3221225494
400011 3221225495
400012 3221225496
IPv4/IPv6 Per-sid Egress Sensor:

--------------------------------
L-ISIS-::10.10.10.1 3221225474

show isis statistics

Syntax show isis statistics

Syntax (EX Series show isis statistics

Series)

Description Display statistics about IS-IS traffic.
Options none—Display IS-IS traffic statistics for all routing instances.
instance instance-name—(Optional) Display statistics for the specified routing instance.


Level
Related • clear isis statistics on page 610

Documentation
List of Sample Output show isis statistics on page 717
Output Fields Table 29 on page 716 describes the output fields for the show isis statistics command.

IS-IS Feature Guide
Table 29: show isis statistics Output Fields
PDU type PDU type:
• CSNP—Complete sequence number PDUs contain a complete list of all link-state PDUs in the IS-IS
database. CSNPs are sent periodically on all links, and the receiving systems use the information
in the CSNP to update and synchronize their link-state PDU databases. The designated router
multicasts CSNPs on broadcast links in place of sending explicit acknowledgments for each
link-state PDU.
• IIH—IS-IS hello packets are broadcast to discover the identity of neighboring IS-IS systems and to
determine whether the neighbors are Level 1 or Level 2 intermediate systems.
• LSP—Link-state PDUs contain information about the state of adjacencies to neighboring IS-IS
systems. Link-state PDUs are flooded periodically throughout an area.
• PSNP—Partial sequence number PDUs are sent multicast by a receiver when it detects that it is
missing a link-state PDU (when its link-state PDU database is out of date). The receiver sends a
PSNP to the system that transmitted the CSNP, effectively requesting that the missing link-state
PDU be transmitted. That routing device, in turn, forwards the missing link-state PDU to the
requesting routing device.
• Unknown—The PDU type is unknown.
Received Number of PDUs received since IS-IS started or since the statistics were set to zero.
Processed Number of PDUs received less the number dropped.
Drops Number of PDUs dropped.
Sent Number of PDUs transmitted since IS-IS started or since the statistics were set to zero.
Rexmit Number of PDUs retransmitted since IS-IS started or since the statistics were set to zero.
Total packets Total number of PDUs received and transmitted since IS-IS started or since the statistics were set to
received/sent zero.
SNP queue length Number of CSPN and PSNP packets currently waiting in the queue for processing. This value is almost
always 0.
LSP queue length Number of link-state PDUs waiting in the queue for processing. This value is almost always 0.
SPF runs Number of shortest-path-first (SPF) calculations that have been performed. If this number is
incrementing rapidly, it indicates that the network is unstable.
Fragments rebuilt Number of link-state PDU fragments that the local system has computed.
LSP regenerations Number of link-state PDUs that have been regenerated. A link-state PDU is regenerated when it is
nearing the end of its lifetime and it has not changed.
Purges initiated Number of purges that the system initiated. A purge is initiated if the software decides that a link-state
PDU must be removed from the network.

Sample Output
show isis statistics


LSP 12227 12227 0 8184 683
IIH 113808 113808 0 115817 0
CSNP 198868 198868 0 198934 0
PSNP 6985 6979 6 8274 0
Unknown 0 0 0 0 0
Totals 331888 331882 6 331209 683

SPF runs: 1014

Purges initiated: 0

IS-IS Feature Guide
show policy

Syntax show policy

<policy-name>
<statistics >
Syntax (EX Series show policy

Switches) <policy-name>

statistics option introduced in Junos OS Release 16.1 for MX Series routers.
Description Display information about configured routing policies.
Options none—List the names of all configured routing policies.

policy-name—(Optional) Show the contents of the specified policy.
statistics—(Optional) Use in conjunction with the test policy command to show the
length of time (in microseconds) required to evaluate a given policy and the number
of times it has been executed. This information can be used, for example, to help
structure a policy so it is evaluated efficiently. Timers shown are per route; times are
not cumulative. Statistics are incremented even when the router is learning (and
thus evaluating) routes from peering routers.

Level
Related • show policy damping

Documentation
• test policy on page 925
List of Sample Output show policy on page 719

show policy policy-name on page 719
show policy statistics policy-name on page 719
show policy (Multicast Scoping) on page 720
show policy (Route Filter and source Address Filter Lists) on page 720

Output Fields Table 30 on page 719 lists the output fields for the show policy command. Output fields
are listed in the approximate order in which they appear.
Table 30: show policy Output Fields
policy-name Name of the policy listed.
term Name of the user-defined policy term. The term name unnamed is
used for policy elements that occur outside of user defined terms
from Match condition for the policy.
then Action for the policy.
Sample Output
show policy
user@host> show policy
Configured policies:
__vrf-export-red-internal__
__vrf-import-red-internal__
red-export
rf-test-policy
multicast-scoping
show policy policy-name

user@host> show policy vrf-import-red-internal
Policy vrf-import-red-internal:
from
203.0.113.0/28 accept
203.0.113.32/28 accept
then reject
show policy statistics policy-name

user@host> show policy statistics iBGP-v4-RR-Import
Policy iBGP-v4-RR-Import:
[1243328] Term Lab-Infra:
from [1243328 0] proto BGP
[28 0] route filter:
then [28 0] accept
[1243300] Term External:
from [1243300 1] proto BGP
[1243296 0] community Ext-Com1 [64496:1515 ]
[1243296 0] prefix-list-filter Customer-Routes
[1243296 0] aspath AS6221
[1243296 1] route filter:

IS-IS Feature Guide
172.16.49.0/12 orlonger
172.16.50.0/12 orlonger
172.16.51.0/12 orlonger
172.16.52.0/12 orlonger
172.16.56.0/12 orlonger
172.16.60.0/12 orlonger
then [1243296 2] community + Ext-Com2 [64496:2000 ] [1243296 0] accept
[4] Term Final:
then [4 0] reject
show policy (Multicast Scoping)

user@host> show policy multicast-scoping
Policy multicast-scoping:
from
multicast-scope == 8
then
accept
show policy (Route Filter and source Address Filter Lists)

user@host> show policy rf-test-policy
Policy rf-test-policy:
Term term1:
from source-address-filter-list saf-list-1
source-address filter:
192.0.2.0/29 longer
192.0.2.64/28 exact
192.0.2.128/28 exact
192.0.2.160/28 orlonger
Term term2:
from route-filter-list rf-list-1
route filter:
198.51.100.0/29 upto 198.51.100.0/30
198.51.100.8/29 upto 198.51.100.8/30 accept
Term unnamed:
then reject

show policy conditions
Syntax show policy conditions

<condition-name>
<detail>
<dynamic>
Syntax (EX Series show policy conditions

Switches) <condition-name>
<detail>
<dynamic>

Description Display all the configured conditions as well as the routing tables with which the
configuration manager is interacting. If the detail keyword is included, the output also
displays dependent routes for each condition.
Options none—Display all configured conditions and associated routing tables.
condition-name—(Optional) Display information about the specified condition only.
detail—(Optional) Display the specified level of output.
dynamic—(Optional) Display information about the conditions in the dynamic database.


Level
List of Sample Output show policy conditions detail on page 722
Output Fields Table 31 on page 721 lists the output fields for the show policy conditions command. Output
Table 31: show policy conditions Output Fields
Condition Name of configured condition. All levels
event Condition type. If the if-route-exists option is configured, the event type is: All levels
Existence of a route in a specific routing table.

IS-IS Feature Guide
Table 31: show policy conditions Output Fields (continued)
Dependent routes List of routes dependent on the condition, along with the latest generation detail
number.
Condition tables List of routing tables associated with the condition, along with the latest All levels
generation number and number of dependencies.
If-route-exists List of conditions configured to look for a route in the specified table. All levels
conditions
Sample Output
show policy conditions detail

user@host> show policy conditions detail
Configured conditions:
Condition cond1, event: Existence of a route in a specific routing table
Dependent routes:
172.16.4.4/32, generation 3
6.6.6.6/32, generation 3
10.10.10.10/32, generation 3
Condition cond2, event: Existence of a route in a specific routing table

Dependent routes:
None
Condition tables:
Table inet.0, generation 4, dependencies 3, If–route-exists conditions: cond1
(static) cond2 (static)

show route

Syntax show route

<all>
<destination-prefix>
<private>
<te-ipv4-prefix-ip te-ipv4-prefix-ip>
<te-ipv4-prefix-node-ip te-ipv4-prefix-node-ip>
<te-ipv4-prefix-node-iso te-ipv4-prefix-node-iso>
Syntax (EX Series show route

Switches) <all>
<private>

Option private introduced in Junos OS Release 9.5.
Option private introduced in Junos OS Release 9.5 for EX Series switches.
Command introduced in Junos OS Release 15.1R3 on MX Series routers for enhanced
subscriber management.
Option display-client-data introduced in Junos OS Release 16.2R1 on MX80, MX104,
MX240, MX480, MX960, MX2010, MX2020, vMX Series routers.
Options te-ipv4-prefix-ip, te-ipv4-prefix-node-ip, and te-ipv4-prefix-node-iso introduced
in Junos OS Release 17.2R1 on MX Series and PTX Series.
Description Display the active entries in the routing tables.
Options none—Display brief information about all active entries in the routing tables.
all—(Optional) Display information about all routing tables, including private, or internal,
routing tables.
destination-prefix—(Optional) Display active entries for the specified address or range

of addresses.

private—(Optional) Display information only about all private, or internal, routing tables.
display-client-data —(Optional) Display client id and cookie information for routes

installed by the routing protocol process client applications.

IS-IS Feature Guide
te-ipv4-prefix-ip te-ipv4-prefix-ip—(Optional) Display IPv4 address of the

traffic-engineering prefix, without the mask length if present in the routing table.
te-ipv4-prefix-node-ip te-ipv4-prefix-node-ip—(Optional) Display all prefixes that have

originated from the traffic-engineering node. You can filter IPv4 node addresses from
the traffic-engineered routes in the lsdist.0 table.
te-ipv4-prefix-node-iso te-ipv4-prefix-node-iso—(Optional) Display all prefixes that

have originated from the traffic-engineering node. You can filter IPv4 routes with the
specified ISO circuit ID from the lsdist.0 table.

Level

Documentation
• Examples: Configuring Internal BGP Peering
• Examples: Configuring External BGP Peering
• Examples: Configuring OSPF Routing Policy
• Verifying and Managing Junos OS Enhanced Subscriber Management
List of Sample Output show route on page 727

show route (VPN) on page 728
show route (with Destination Prefix) on page 728
show route destination-prefix detail on page 728
show route extensive on page 728
show route extensive ( ECMP) on page 729
show route extensive (Multipath Resolution) on page 729
show route (Enhanced Subscriber Management) on page 734
show route (IPv6 Flow Specification) on page 734
show route display-client-data detail on page 734
show route te-ipv4-prefix-ip on page 735
show route te-ipv4-prefix-ip extensive on page 736
show route te-ipv4-prefix-node-iso on page 738
show route te-ipv4-prefix-node-iso extensive on page 739
show route te-ipv4-prefix-node-iso detail on page 741
Output Fields Table 32 on page 724 describes the output fields for the show route command. Output
Table 32: show route Output Fields
routing-table-name Name of the routing table (for example, inet.0).

Table 32: show route Output Fields (continued)
number destinations Number of destinations for which there are routes in the routing table.
number routes Number of routes in the routing table and total number of routes in the following states:
• active (routes that are active).

• holddown (routes that are in the pending state before being declared inactive). A holddown route
was once the active route and is no longer the active route. The route is in the holddown state
because a protocol still has interest in the route, meaning that the interest bit is set. A protocol
might have its interest bit set on the previously active route because the protocol is still advertising
the route. The route will be deleted after all protocols withdraw their advertisement of the route
and remove their interest bit. A persistent holddown state often means that the interested protocol
is not releasing its interest bit properly.
However, if you have configured advertisement of multiple routes (with the add-path or
advertise-inactive statement), the holddown bit is most likely set because BGP is advertising the
route as an active route. In this case, you can ignore the holddown state because nothing is wrong.
• hidden (routes that are not used because of a routing policy).
destination-prefix Route destination (for example:10.0.0.1/24). Sometimes the route information is presented in another
format, such as:
• MPLS-label (for example, 80001).

• interface-name (for example, ge-1/0/2).
• neighbor-address:control-word-status:encapsulation type:vc-id :source (Layer 2 circuit only. For example,
10.1.1.195:NoCtrlWord:1:1:Local/96):
• neighbor-address—Address of the neighbor.
• control-word-status—Whether the use of the control word has been negotiated for this virtual
circuit: NoCtrlWord or CtrlWord.
• encapsulation type—Type of encapsulation, represented by a number: (1) Frame Relay DLCI, (2)
ATM AAL5 VCC transport, (3) ATM transparent cell transport, (4) Ethernet, (5) VLAN Ethernet,
(6) HDLC, (7) PPP, (8) ATM VCC cell transport, (10) ATM VPC cell transport.
• vc-id—Virtual circuit identifier.
• source—Source of the advertisement: Local or Remote.
[ protocol, preference ] Protocol from which the route was learned and the preference value for the route.
• +—A plus sign indicates the active route, which is the route installed from the routing table into the
forwarding table.
• - —A hyphen indicates the last active route.
• *—An asterisk indicates that the route is both the active and the last active route. An asterisk before
a to line indicates the best subpath to the route.
In every routing metric except for the BGP LocalPref attribute, a lesser value is preferred. In order to
use common comparison routines, Junos OS stores the 1's complement of the LocalPref value in the
Preference2 field. For example, if the LocalPref value for Route 1 is 100, the Preference2 value is -101.
If the LocalPref value for Route 2 is 155, the Preference2 value is -156. Route 2 is preferred because it
has a higher LocalPref value and a lower Preference2 value.
weeks:days How long the route been known (for example, 2w4d 13:11:14, or 2 weeks, 4 days, 13 hours, 11 minutes,
hours:minutes:seconds and 14 seconds).

IS-IS Feature Guide
metric Cost value of the indicated route. For routes within an AS, the cost is determined by the IGP and the
individual protocol metrics. For external routes, destinations, or routing domains, the cost is determined
by a preference value.
localpref Local preference value included in the route.
from Interface from which the route was received.
AS path AS path through which the route was learned. The letters at the end of the AS path indicate the path
origin, providing an indication of the state of the route at the point at which the AS path originated:
• I—IGP.
• E—EGP.
• ?—Incomplete; typically, the AS path was aggregated.
When AS path numbers are included in the route, the format is as follows:
• [ ]—Brackets enclose the local AS number associated with the AS path if more than one AS number
is configured on the routing device, or if AS path prepending is configured.
• { }—Braces enclose AS sets, which are groups of AS numbers in which the order does not matter.
A set commonly results from route aggregation. The numbers in each AS set are displayed in
ascending order.
• ( )—Parentheses enclose a confederation.
• ( [ ] )—Parentheses and brackets enclose a confederation set.
NOTE: In Junos OS Release 10.3 and later, the AS path field displays an unrecognized attribute and
associated hexadecimal value if BGP receives attribute 128 (attribute set) and you have not configured
an independent domain in any routing instance.
encapsulated Extended next-hop encoding capability enabled for the specified BGP community for routing IPv4
traffic over IPv6 tunnels. When BGP receives routes without the tunnel community, IPv4-0ver IPv6
tunnels are not created and BGP routes are resolved without encapsulation.
Route Labels Stack of labels carried in the BGP route update.
validation-state (BGP-learned routes) Validation status of the route:
• Invalid—Indicates that the prefix is found, but either the corresponding AS received from the EBGP
peer is not the AS that appears in the database, or the prefix length in the BGP update message is
longer than the maximum length permitted in the database.
• Unknown—Indicates that the prefix is not among the prefixes or prefix ranges in the database.
• Unverified—Indicates that the origin of the prefix is not verified against the database. This is because
the database got populated and the validation is not called for in the BGP import policy, although
origin validation is enabled, or the origin validation is not enabled for the BGP peers.
• Valid—Indicates that the prefix and autonomous system pair are found in the database.
to Next hop to the destination. An angle bracket (>) indicates that the route is the selected route.
If the destination is Discard, traffic is dropped.

via Interface used to reach the next hop. If there is more than one interface available to the next hop, the
interface that is actually used is followed by the word Selected. This field can also contain the following
information:
• Weight—Value used to distinguish primary, secondary, and fast reroute backup routes. Weight
information is available when MPLS label-switched path (LSP) link protection, node-link protection,
or fast reroute is enabled, or when the standby state is enabled for secondary paths. A lower weight
value is preferred. Among routes with the same weight value, load balancing is possible.
• Balance—Balance coefficient indicating how traffic of unequal cost is distributed among next hops
when a routing device is performing unequal-cost load balancing. This information is available
when you enable BGP multipath load balancing.
• lsp-path-name—Name of the LSP used to reach the next hop.
• label-action—MPLS label and operation occurring at the next hop. The operation can be pop (where
a label is removed from the top of the stack), push (where another label is added to the label stack),
or swap (where a label is replaced by another label). For VPNs, expect to see multiple push
operations, corresponding to the inner and outer labels required for VPN routes (in the case of a
direct PE-to-PE connection, the VPN route would have the inner label push only).
Private unicast (Enhanced subscriber management for MX Series routers) Indicates that an access-internal route is
managed by enhanced subscriber management. By contrast, access-internal routes not managed
by enhanced subscriber management are displayed with associated next-hop and media access
control (MAC) address information.
balance Distribution of the load based on the underlying operational interface bandwidth for equal-cost
multipaths (ECMP) across the nexthop gateways in percentages.
Sample Output
show route
user@host> show route

1:65500:1:10.0.0.20/240
*[MVPN/70] 19:53:41, metric2 1
Indirect
1:65500:1:10.0.0.40/240
*[BGP/170] 19:53:29, localpref 100, from 10.0.0.30
AS path: I
> to 10.0.24.4 via lt-0/3/0.24, label-switched-path toD
[BGP/170] 19:53:26, localpref 100, from 10.0.0.33
AS path: I
> to 10.0.24.4 via lt-0/3/0.24, label-switched-path toD
1:65500:1:10.0.0.60/240
AS path: I
> to 10.0.28.8 via lt-0/3/0.28, label-switched-path toF
AS path: I
> to 10.0.28.8 via lt-0/3/0.28, label-switched-path toF

IS-IS Feature Guide
show route (VPN)
The following sample output shows a VPN route with composite next hops enabled. The
first Push operation corresponds to the outer label. The second Push operation
corresponds to the inner label.
user@host> show route 192.0.2.0
13979:665001.inet.0: 871 destinations, 3556 routes (871 active, 0 holddown, 0

hidden)
192.0.2.0/24 [BGP/170] 00:28:32, localpref 100, from 10.9.9.160

AS path: 13980 ?, validation-state: unverified
> to 10.100.0.42 via ae2.0, Push 16, Push 300368(top)
AS path: 13980 ?, validation-state: unverified
#[Multipath/255] 00:28:28, metric2 102
to 10.100.0.42 via ae2.0, Push 16, Push 300368(top)
show route (with Destination Prefix)

user@host> show route 192.168.0.0/12

192.168.0.0/12 *[Static/5] 2w4d 12:54:27

> to 192.168.167.254 via fxp0.0
show route destination-prefix detail

user@host> show route 198.51.100.0 detail

198.51.100.0/24 (2 entries, 2 announced)
*BGP Preference: 170/-101
...
BGP-Static Preference: 4294967292
Next hop type: Discard
Address: 0x9041ae4
State: <NoReadvrt Int Ext AlwaysFlash>
Inactive reason: Route Preference
Local AS: 200
Age: 4d 1:40:40
Task: RT
Announcement bits (1): 2-BGP_RT_Background
AS path: 4 5 6 I
show route extensive

user@host> show route extensive

v1.mvpn.0: 5 destinations, 8 routes (5 active, 1 holddown, 0 hidden)

1:65500:1:10.0.0.40/240 (1 entry, 1 announced)
PMSI: Flags 0x0: Label[0:0:0]: PIM-SM: Sender 10.0.0.40 Group
203.0.113.1
Next hop type: Indirect
Address: 0x92455b8
Source: 10.0.0.30
Protocol next hop: 10.0.0.40
Indirect next hop: 2 no-forward
State: <Active Int Ext>
Local AS: 64510 Peer AS: 64511
Age: 3 Metric2: 1
Task: BGP_64510.10.0.0.30+179
Announcement bits (2): 0-PIM.v1 1-mvpn global task
AS path: I (Originator) Cluster list: 10.0.0.30
AS path: Originator ID: 10.0.0.40
Communities: target:64502:100 encapsulation:0L:14 Import
Accepted
Localpref: 100
Router ID: 10.0.0.30
Primary Routing Table bgp.mvpn.0
Indirect next hops: 1
Protocol next hop: 10.0.0.40 Metric: 1
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 10.0.24.4 via lt-0/3/0.24 weight 0x1
10.0.0.40/32 Originating RIB: inet.3
Metric: 1 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.0.24.4 via lt-0/3/0.24
show route extensive ( ECMP)

Level: 1
Address: 0xXXXXXXXXXX
Next-hop reference count: YY
Next hop: 198.51.100.2 via ae1.0 balance 43%, selected
Session Id: 0x141
Next hop: 192.0.2.2 via ae0.0 balance 57%
show route extensive (Multipath Resolution)


TSI:
KRT in-kernel 10.1.1.2/32 -> {indirect(1048574)}
*Static Preference: 5
Next hop type: Indirect, Next hop index: 0
Address: 0xb39d1b0

IS-IS Feature Guide

Session Id: 0x144
Session Id: 0x145
Indirect next hop: 0xb2b20f0 1048574 INH Session ID: 0x143
Age: 2:53 Metric2: 0
Task: RT
Announcement bits (2): 0-KRT 2-Resolve tree 1
AS path: I
Indirect next hop: 0xb2b20f0 1048574 INH Session ID: 0x143

Next hop: 10.1.1.2 via ge-2/0/1.0
Session Id: 0x144
Next hop: 10.2.1.2 via ge-2/0/2.0
Session Id: 0x145
Node path count: 1
Node flags: 1
Forwarding nexthops: 2 (Merged)
Nexthop: 10.1.1.2 via ge-2/0/1.0
Nexthop: 10.2.1.2 via ge-2/0/2.0
user@host> show route active-path extensive
user@host> show route 198.51.100.1 active-path extensive

198.51.100.1/32 (1 entry, 1 announced)
TSI:
unicast reverse-path: 0
[ae0.0 ae1.0]
Page 0 idx 0, (group Internet-IPv4 type External) Type 1 val 0xbb2e53d8 (adv_entry)
Advertised metrics:
Nexthop: Self
AS path: [500] 410 I
Communities:
Path 198.51.100.1 from 10.0.0.11 Vector len 4. Val: 0
Address: 0x2e9aacdc
Source: 10.0.0.11
Next hop: 10.0.12.2 via ae0.0 weight 0x1
Label operation: Push 3851, Push 25, Push 20(top)
Label TTL action: prop-ttl, prop-ttl, prop-ttl(top)
Load balance label: Label 3851: None; Label 25: None; Label 20: None;
Label element ptr: 0xb5dc1780
Label parent element ptr: 0x18d48080


Session Id: 0x0
Session Id: 0x0
Label element ptr: 0x18d40800
Session Id: 0x0
Label parent element ptr: 0x18d48f00
Session Id: 0x0
Label parent element ptr: 0x18d44d80
Session Id: 0x0
Label parent element ptr: 0x18d3da80
Session Id: 0x0
Next hop: 10.0.13.3 via ae1.0 weight 0x1, selected
Label element ptr: 0x18d41500

IS-IS Feature Guide

Session Id: 0x0
Session Id: 0x0
Indirect next hop: 0x1883e200 1051215 INH Session ID: 0xb0d
State:
Age: 1:40:03 Metric2: 2
Task: BGP_500.10.0.0.11
Announcement bits (5): 0-KRT 8-KRT 9-BGP_RT_Background 10-Resolve tree 5 11-Resolve
tree 8
AS path: 410 I
Accepted
Route Label: 3851
Localpref: 100
Router ID: 10.0.0.11
Indirect next hop: 0x1883e200 1051215 INH Session ID: 0xb0d
Indirect path forwarding next hops (Merged): 8
Session Id: 0x0
Session Id: 0x0
Session Id: 0x0
Session Id: 0x0
Session Id: 0x0
Session Id: 0x0
Session Id: 0x0
Session Id: 0x0
Node flags: 1
Indirect nexthops: 4
Protocol Nexthop: 10.0.0.4 Metric: 1 Push 24
Indirect nexthop: 0x1880f200 1048597 INH Session ID: 0xb0c
Path forwarding nexthops link: 0x36120400

Path inh link: 0x0

Indirect path forwarding nexthops: 2
Nexthop: 10.0.12.2 via ae0.0
Session Id: 0
Session Id: 0
Session Id: 0
Session Id: 0
Indirect nexthop: 0x18810000 1048596 INH Session ID: 0xb0b
Path forwarding nexthops link: 0x1545be00
Path inh link: 0x0
Session Id: 0
Session Id: 0
Session Id: 0
Session Id: 0
Indirect nexthop: 0x1880e600 1048588 INH Session ID: 0xb0a
Path forwarding nexthops link: 0x3611f440
Path inh link: 0x0
Session Id: 0
Session Id: 0
Session Id: 0
Session Id: 0
Indirect nexthop: 0x1880dc00 1048586 INH Session ID: 0xb09
Path forwarding nexthops link: 0x15466d80
Path inh link: 0x0
Session Id: 0
Session Id: 0
Session Id: 0

IS-IS Feature Guide

Session Id: 0
show route (Enhanced Subscriber Management)


198.51.100.11/24 *[Access-internal/12] 00:00:08

> to #0 10.0.0.1.93.65 via demux0.1073741824
198.51.100.12/24 *[Access-internal/12] 00:00:08
Private unicast
show route (IPv6 Flow Specification)


2001:db8::10:255:185:19/128
*[Direct/0] 05:11:27
> via lo0.0
2001:db8::11:11:11:0/120
*[BGP/170] 00:28:58, localpref 100
> to 2001:db8::13:14:2:2 via ge-1/1/4.0
2001:db8::13:14:2:0/120*[Direct/0] 00:45:07
> via ge-1/1/4.0
2001:db8::13:14:2:1/128*[Local/0] 00:45:18
fe80::2a0:a50f:fc71:71d5/128
*[Direct/0] 05:11:27
> via lo0.0
fe80::5e5e:abff:feb0:933e/128
*[Local/0] 00:45:18
inet6flow.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

2001:db8::11:11:11:10/128,*,proto=6,dstport=80,srcport=65535/term:1
*[BGP/170] 00:28:58, localpref 100, from 2001:db8::13:14:2:2
Fictitious
2001:db8::11:11:11:30/128,*,icmp6-type=128,len=100,dscp=10/term:2
*[BGP/170] 00:20:54, localpref 100, from 2001:db8::13:14:2:2
Fictitious
show route display-client-data detail

user@host> show route 198.51.100.0/24 display-client-data detail

198.51.100.0/24 (1 entry, 1 announced)

State: <FlashAll>
*BGP-Static Preference: 5/-101
Address: 0xa5c2af8
Session Id: 0x160
Indirect next hop: 0xa732cb0 1048621 INH Session ID: 0x17e
State: <Active Int Ext AlwaysFlash NSR-incapable Programmed>
Announcement bits (3): 0-KRT 5-LDP 6-Resolve tree 3
AS path: I
Client id: 1, Cookie: 1
show route te-ipv4-prefix-ip

user@host> show route te-ipv4-prefix-ip 10.10.10.10
lsdist.0: 283 destinations, 283 routes (283 active, 0 holddown, 0 hidden)

PREFIX { Node { AS:64496 ISO:0100.0a0a.0a0a.00 } { IPv4:10.10.10.10/32 } ISIS-L1:0

}/1152
*[IS-IS/15] 00:01:01
Fictitious
PREFIX { Node { AS:64496 ISO:0100.0101.0101.00 } { IPv4:10.10.10.10/32 } ISIS-L2:0
}/1152
*[IS-IS/18] 00:01:01
Fictitious
}/1152
*[IS-IS/18] 00:01:01
Fictitious
}/1152
*[IS-IS/18] 00:01:01
Fictitious
}/1152
*[IS-IS/18] 00:01:01
Fictitious
}/1152
*[IS-IS/18] 00:01:01
Fictitious
}/1152
*[IS-IS/18] 00:01:01
Fictitious
}/1152
*[IS-IS/18] 00:01:01
Fictitious
}/1152

IS-IS Feature Guide
*[IS-IS/18] 00:01:01
Fictitious
show route te-ipv4-prefix-ip extensive

user@host>show route te-ipv4-prefix-ip 10.10.10.10 extensive

Level: 1
Next hop type: Fictitious, Next hop index: 0
Address: 0xa1a2ac4
Next hop:
State:<Active NotInstall>
Local AS: 64496
Age: 7:58
Task: IS-IS
AS path: I
Prefix SID: 1000, Flags: 0x40, Algo: 0

}/1152 (1 entry, 0 announced)
Level: 2
Address: 0xa1a2ac4
Next hop:
State: <Active NotInstall
Local AS: 64496
Age: 7:58
Task: IS-IS
AS path: I
Prefix SID: 1000, Flags: 0xe0, Algo: 0>

Level: 2
Address: 0xa1a2ac4
Next hop:
State: <Active NotInstall>
Local AS: 64496
Age: 7:58
Task: IS-IS
AS path: I
Prefix SID: 1000, Flags: 0xe0, Algo: 0

Level: 2
Address: 0xa1a2ac4


Next hop:
Local AS: 64496
Age: 7:58
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 7:58
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 7:58
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 7:58
Task: IS-IS
AS path: I


IS-IS Feature Guide
Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 7:58
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 7:58
Task: IS-IS
AS path: I
show route te-ipv4-prefix-node-iso

user@host> show route te-ipv4-prefix-node-iso 0100.0a0a.0a0a.00


}/1152
*[IS-IS/15] 00:05:20
Fictitious
}/1152
*[IS-IS/18] 00:05:20
Fictitious
}/1152
*[IS-IS/18] 00:05:20
Fictitious
}/1152
*[IS-IS/18] 00:05:20
Fictitious
}/1152
*[IS-IS/18] 00:05:20
Fictitious
}/1152
*[IS-IS/18] 00:05:20

Fictitious
}/1152
*[IS-IS/18] 00:05:20
Fictitious
}/1152
*[IS-IS/18] 00:05:20
Fictitious
}/1152
*[IS-IS/18] 00:05:20
Fictitious
show route te-ipv4-prefix-node-iso extensive

user@host> show route te-ipv4-prefix-node-iso 0100.0a0a.0a0a.00 extensive

Level: 1
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:47
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:47
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:

IS-IS Feature Guide

Local AS: 64496
Age: 6:47
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:47
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:47
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:47
Task: IS-IS
AS path: I

Level: 2


Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:47
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:47
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:47
Task: IS-IS
AS path: I
show route te-ipv4-prefix-node-iso detail

user@host> show route te-ipv4-prefix-node-iso 0100.0a0a.0a0a.00 detail

Level: 1
Address: 0xa1a2ac4
Next hop:
Local AS: 64496

IS-IS Feature Guide
Age: 6:54
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:54
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:54
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:54
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4


Next hop:
Local AS: 64496
Age: 6:54
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:54
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:54
Task: IS-IS
AS path: I

Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:54
Task: IS-IS
AS path: I


IS-IS Feature Guide
Level: 2
Address: 0xa1a2ac4
Next hop:
Local AS: 64496
Age: 6:54
Task: IS-IS
AS path: I

show route active-path

Syntax show route active-path

<brief | detail | extensive | terse>
Syntax (EX Series show route active-path

Switches) <brief | detail | extensive | terse>

Description Display all active routes for destinations. An active route is a route that is selected as the
best path. Inactive routes are not displayed.
Options none—Display all active routes.
brief | detail | extensive | terse—(Optional) Display the specified level of output. If you
do not specify a level of output, the system defaults to brief.


Level
List of Sample Output show route active-path on page 745

show route active-path brief on page 746
show route active-path detail on page 746
show route active-path extensive on page 747
show route active-path terse on page 749
Output Fields For information about output fields, see the output field tables for the show route
command, the show route detail command, the show route extensive command, or the
show route terse command.
Sample Output
show route active-path

user@host> show route active-path

IS-IS Feature Guide
10.255.70.19/32 *[Direct/0] 21:33:52

> via lo0.0
10.255.71.50/32 *[IS-IS/15] 00:18:13, metric 10
> to 172.16.100.1 via so-2/1/3.0
172.16.100.1/24 *[Direct/0] 00:18:36
> via so-2/1/3.0
172.16.100.1/32 *[Local/0] 00:18:41
Local via so-2/1/3.0
192.168.64.0/21 *[Direct/0] 21:33:52
> via fxp0.0
192.168.70.19/32 *[Local/0] 21:33:52
Local via fxp0.0
show route active-path brief
The output for the show route active-path brief command is identical to that for the show
route active-path command. For sample output, see show route active-path on page 745.
show route active-path detail

user@host> show route active-path detail
10.255.70.19/32 (1 entry, 1 announced)

*Direct Preference: 0
Next hop type: Interface
Next hop: via lo0.0, selected
State: ‹Active Int›
Local AS: 200
Age: 21:37:10
Task: IF
Announcement bits (3): 2-IS-IS 5-Resolve tree 2 6-Resolve tree 3
AS path: I
10.255.71.50/32 (1 entry, 1 announced)

Level: 1
Next hop: 172.16.100.1 via so-2/1/3.0, selected
Local AS: 200
Task: IS-IS
Announcement bits (4): 0-KRT 2-IS-IS 5-Resolve tree 2 6-Resolve
tree 3
AS path: I
172.16.100.0/24 (1 entry, 1 announced)

Next hop: via so-2/1/3.0, selected


Local AS: 200
Age: 21:54
Task: IF
AS path: I
172.16.100.1/32 (1 entry, 1 announced)

*Local Preference: 0
Next hop type: Local
Interface: so-2/1/3.0
State: ‹Active NoReadvrt Int›
Local AS: 200
Age: 21:59
Task: IF
Announcement bits (2): 5-Resolve tree 2 6-Resolve tree 3
AS path: I
192.168.64.0/21 (1 entry, 1 announced)

Next hop: via fxp0.0, selected
Local AS: 200
Age: 21:37:10
Task: IF
AS path: I
192.168.70.19/32 (1 entry, 1 announced)

Interface: fxp0.0
Local AS: 200
Age: 21:37:10
Task: IF
AS path: I
show route active-path extensive

user@host> show route active-path extensive

10.255.70.19/32 (1 entry, 1 announced)
TSI:
IS-IS level 1, LSP fragment 0
Local AS: 200

IS-IS Feature Guide
Age: 21:39:47
Task: IF
AS path: I
10.255.71.50/32 (1 entry, 1 announced)

TSI:
KRT in-kernel 10.255.71.50/32 -> {172.16.100.1}
Level: 1
Next hop: 172.16.100.1 via so-2/1/3.0, selected
Local AS: 200
Task: IS-IS
Announcement bits (4): 0-KRT 2-IS-IS 5-Resolve tree 2 6-Resolve
tree 3
AS path: I
172.16.100.1/24 (1 entry, 1 announced)

TSI:
Local AS: 200
Age: 24:31
Task: IF
AS path: I
172.16.100.1/32 (1 entry, 1 announced)

Local AS: 200
Age: 24:36
Task: IF
AS path: I
192.168.64.0/21 (1 entry, 1 announced)

Local AS: 200
Age: 21:39:47
Task: IF


AS path: I
192.168.70.19/32 (1 entry, 1 announced)

Interface: fxp0.0
Local AS: 200
Age: 21:39:47
Task: IF
AS path: I
show route active-path terse

user@host> show route active-path terse

A Destination P Prf Metric 1 Metric 2 Next hop AS path

* 10.255.70.19/32 D 0 >lo0.0
* 10.255.71.50/32 I 15 10 >172.16.100.1.
* 172.16.100.0/24 D 0 >so-2/1/3.0
* 172.16.100.2/32 L 0 Local
* 192.168.64.0/21 D 0 >fxp0.0
* 192.168.70.19/32 L 0 Local

IS-IS Feature Guide
show route advertising-protocol
Syntax show route advertising-protocol protocol neighbor-address

Description Display the routing information as it has been prepared for advertisement to a particular
neighbor of a particular dynamic routing protocol.
Options brief | detail | extensive | terse—(Optional) Display the specified level of output.

neighbor-address—Address of the neighboring router to which the route entry is being

transmitted.
protocol—Protocol transmitting the route:
• bgp—Border Gateway Protocol
• dvmrp—Distance Vector Multicast Routing Protocol
• msdp—Multicast Source Discovery Protocol
• pim—Protocol Independent Multicast
• rip—Routing Information Protocol
• ripng—Routing Information Protocol next generation
Additional Information Routes displayed are routes that the routing table has exported into the routing protocol
and that have been filtered by the associated protocol's export routing policy statements.
Starting with Junos OS Release 13.3, you can display the routing instance table foo for
any address family, on a VPN route reflector, or a VPN AS boundary router that is
advertising local VPN routes. However, If you do not specify the table in the command,
the output displays each VRF prefix twice.

Level
Related • Example: Configuring the MED Attribute That Determines the Exit Point in an AS
Documentation
List of Sample Output show route advertising-protocol bgp (Layer 3 VPN) on page 753
show route advertising-protocol bgp detail on page 753

show route advertising-protocol bgp detail (Aggregate Extended Community

Bandwidth) on page 753
show route advertising-protocol bgp detail (Labeled Unicast) on page 754
show route advertising-protocol bgp detail (Layer 2 VPN) on page 754
show route advertising-protocol bgp detail (Layer 3 VPN) on page 754
show route advertising-protocol bgp extensive all (Next Hop Self with RIB-out IP
Address) on page 755
Output Fields Table 33 on page 751 lists the output fields for the show route advertising-protocol
Table 33: show route advertising-protocol Output Fields
routing-table-name Name of the routing table—for example, inet.0. All levels
number Number of destinations for which there are routes in the routing table. All levels
destinations
number routes Number of routes in the routing table and total number of routes in the following All levels
states:
• active (routes that are active)

• holddown (routes that are in the pending state before being declared inactive)
• hidden (routes that are not used because of a routing policy)
Prefix Destination prefix. brief none
destination-prefix Destination prefix. The entry value is the number of routes for this destination, detail extensive
(entry , announced) and the announced value is the number of routes being announced for this
destination.
BGP group and type BGP group name and type (Internal or External). detail extensive
Route Distinguisher Unique 64-bit prefix augmenting each IP subnet. detail extensive
Advertised Label Incoming label advertised by the Label Distribution Protocol (LDP). When an detail extensive
IP packet enters a label-switched path (LSP), the ingress router examines the
packet and assigns it a label based on its destination, placing the label in the
packet's header. The label transforms the packet from one that is forwarded
based on its IP routing information to one that is forwarded based on information
associated with the label.
Label-Base, range First label in a block of labels and label block size. A remote PE router uses this detail extensive
first label when sending traffic toward the advertising PE router.
VPN Label Virtual private network (VPN) label. Packets are sent between CE and PE routers detail extensive
by advertising VPN labels. VPN labels transit over either a Resource Reservation
Protocol (RSVP) or a Label Distribution Protocol (LDP) label-switched path
(LSP) tunnel.

IS-IS Feature Guide
Table 33: show route advertising-protocol Output Fields (continued)
Nexthop Next hop to the destination. An angle bracket (>) indicates that the route is the All levels
selected route.
If the next-hop advertisement to the peer is Self, and the RIB-out next hop is a
specific IP address, the RIB-out IP address is included in the extensive output.
See show route advertising-protocol bgp extensive all (Next Hop Self with RIB-out
IP Address) on page 755.
MED Multiple exit discriminator value included in the route. brief
Lclpref or Localpref Local preference value included in the route. All levels
Queued When BGP route prioritization is enabled and a route is present in a priority All levels except brief
queue, this shows which priority queue the route is in.
AS path AS path through which the route was learned. The letters at the end of the AS All levels
path indicate the path origin, providing an indication of the state of the route at
the point at which the AS path originated:
• I—IGP.
• E—EGP.
• [ ]—Brackets enclose the local AS number associated with the AS path if

configured on the router, or if AS path prepending is configured.
• { }—Braces enclose AS sets, which are groups of AS numbers in which the
order does not matter. A set commonly results from route aggregation. The
numbers in each AS set are displayed in ascending order.
NOTE: In Junos OS Release 10.3 and later, the AS path field displays an
unrecognized attribute and associated hexadecimal value if BGP receives
attribute 128 (attribute set) and you have not configured an independent domain
in any routing instance.
Route Labels Stack of labels carried in the BGP route update. detail extensive
Cluster list (For route reflected output only) Cluster ID sent by the route reflector. detail extensive
Originator ID (For route reflected output only) Address of routing device that originally sent detail extensive
the route to the route reflector.
Communities Community path attribute for the route. See the output field table for the show detail extensive
route detail command for all possible values for this field.
AIGP Accumulated interior gateway protocol (AIGP) BGP attribute. detail extensive

Table 33: show route advertising-protocol Output Fields (continued)
Attrset AS Number, local preference, and path of the autonomous system (AS) that detail extensive
originated the route. These values are stored in the Attrset attribute at the
originating router.
Layer2-info: encaps Layer 2 encapsulation (for example, VPLS). detail extensive
control flags Control flags: none or Site Down. detail extensive
mtu Maximum transmission unit (MTU) of the Layer 2 circuit. detail extensive
Sample Output
show route advertising-protocol bgp (Layer 3 VPN)

user@host> show route advertising-protocol bgp 10.255.14.171
VPN-A.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

Prefix Nexthop MED Lclpref AS path
10.255.14.172/32 Self 1 100 I
VPN-B.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
10.255.14.181/32 Self 2 100 I
show route advertising-protocol bgp detail

user@host> show route advertising-protocol bgp 111.222.1.3 detail
bgp20.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

111.222.1.11/32 (1 entry, 1 announced)
BGP group pe-pe type Internal
Route Distinguisher: 111.255.14.11:69
Advertised Label: 100000
next hop: Self
Localpref: 100
AS path: 2 I
Communities: target:69:20
AIGP 210
BGP group pe-pe type Internal
Advertised Label: 100000
Next hop: Self
Localpref: 100
AS path: 2 I
AIGP 210
show route advertising-protocol bgp detail (Aggregate Extended Community Bandwidth)

user@host> show route advertising-protocol bgp 10.0.4.2 10.0.2.0/30 detail

* 10.0.2.0/30 (2 entries, 1 announced)

IS-IS Feature Guide
BGP group external2 type External

Nexthop: Self
AS path: [65000] 65001 I
Communities: bandwidth:65000:80000000
show route advertising-protocol bgp detail (Labeled Unicast)

user@host>show route advertising bgp 1.1.1.3 detail

BGP group ibgp type Internal
Route Labels: 1000123(top) 1000124 1000125 1000126
Nexthop: 1.1.1.4
MED: 7
Localpref: 100
AS path: [5] I
Cluster ID: 3.3.3.3
Originator ID: 1.1.1.1
Entropy label capable
* 100::1/128 (2 entries, 1 announced)
Labels: 1000123(top) 1000124 1000125 1000126
Nexthop: ::ffff:1.1.1.4
Localpref: 100
AS path: [5] I
Cluster ID: 3.3.3.3
show route advertising-protocol bgp detail (Layer 2 VPN)

vpn-a.l2vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

192.168.16.1:1:1:1/96 (1 entry, 1 announced)
BGP group int type Internal
Label-base : 32768, range : 3
Nexthop: Self
Localpref: 100
AS path: I
AIGP 210
Layer2-info: encaps:VLAN, control flags:, mtu:
show route advertising-protocol bgp detail (Layer 3 VPN)

vpna.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

* 10.49.0.0/30 (1 entry, 1 announced)
VPN Label: 101264
Nexthop: Self
Localpref: 100
AS path: I

AIGP 210
AttrSet AS: 100
Localpref: 100
AS path: I
...
show route advertising-protocol bgp extensive all (Next Hop Self with RIB-out IP Address)
user@host> show route advertising-protocol bgp 200.0.0.2 170.0.1.0/24 extensive all

BGP group eBGP-INTEROP type External
Nexthop: Self (rib-out 10.100.3.2)
AS path: [4713] 200 I
...

IS-IS Feature Guide
show route all

Syntax show route all

Syntax (EX Series show route all

Switches)

Description Display information about all routes in all routing tables, including private, or internal,
tables.
Options none—Display information about all routes in all routing tables, including private, or
internal, tables.


Level
Related • show route brief on page 761

Documentation
• show route detail on page 763
List of Sample Output show route all on page 756
Output Fields In Junos OS Release 9.5 and later, only the output fields for the show route all command
display all routing tables, including private, or hidden, routing tables. The output field
table of the show route command does not display entries for private, or hidden, routing
tables in Junos OS Release 9.5 and later.
Sample Output
show route all
The following example displays a snippet of output from the show route command and
then displays the same snippet of output from the show route all command:


Restart Complete
0 *[MPLS/0] 2d 02:24:39, metric 1
Receive
1 *[MPLS/0] 2d 02:24:39, metric 1
Receive
2 *[MPLS/0] 2d 02:24:39, metric 1
Receive
800017 *[VPLS/7] 1d 14:00:16
> via vt-3/2/0.32769, Pop
800018 *[VPLS/7] 1d 14:00:26
> via vt-3/2/0.32772, Pop
user@host> show route all

Restart Complete
0 *[MPLS/0] 2d 02:19:12, metric 1
Receive
1 *[MPLS/0] 2d 02:19:12, metric 1
Receive
2 *[MPLS/0] 2d 02:19:12, metric 1
Receive
800017 *[VPLS/7] 1d 13:54:49
> via vt-3/2/0.32769, Pop
800018 *[VPLS/7] 1d 13:54:59
> via vt-3/2/0.32772, Pop
vt-3/2/0.32769 [VPLS/7] 1d 13:54:49
Unusable
vt-3/2/0.32772 [VPLS/7] 1d 13:54:59
Unusable

IS-IS Feature Guide
show route best

Syntax show route best destination-prefix

Syntax (EX Series show route best destination-prefix


Description Display the route in the routing table that is the best route to the specified address or
range of addresses. The best route is the longest matching route.
Options brief | detail | extensive | terse—(Optional) Display the specified level of output. If you
destination-prefix—Address or range of addresses.


Level
Related • show route brief on page 761

Documentation
• show route detail on page 763
List of Sample Output show route best on page 759

show route best detail on page 759
show route best extensive on page 760
show route best terse on page 760

Sample Output
show route best

user@host> show route best 10.255.70.103

Restart Complete
10.255.70.103/32 *[OSPF/10] 1d 13:19:20, metric 2
> to 10.31.1.6 via ge-3/1/0.0
via so-0/3/0.0

Restart Complete
10.255.70.103/32 *[RSVP/7] 1d 13:20:13, metric 2
> via so-0/3/0.0, label-switched-path green-r1-r3
private1__.inet.0: 2 destinations, 3 routes (2 active, 0 holddown, 0 hidden)

10.0.0.0/8 *[Direct/0] 2d 01:43:34
> via fxp2.0
[Direct/0] 2d 01:43:34
> via fxp1.0
show route best detail

user@host> show route best 10.255.70.103 detail

Restart Complete
10.255.70.103/32 (1 entry, 1 announced)
*OSPF Preference: 10
Next hop: via so-0/3/0.0
State: <Active Int>
Local AS: 69
Age: 1d 13:20:06 Metric: 2
Area: 0.0.0.0
Task: OSPF
AS path: I

Restart Complete
10.255.70.103/32 (1 entry, 1 announced)
State: <FlashAll>
*RSVP Preference: 7
Next hop: via so-0/3/0.0 weight 0x1, selected
Label-switched-path green-r1-r3
State: <Active Int>
Local AS: 69
Age: 1d 13:20:59 Metric: 2
Task: RSVP
AS path: I

IS-IS Feature Guide
private1__inet.0: 2 destinations, 3 routes (2 active, 0 holddown, 0 hidden)

State: <Active Int>
Age: 2d 1:44:20
Task: IF
AS path: I
Direct Preference: 0
State: <NotBest Int>
Inactive reason: No difference
Age: 2d 1:44:20
Task: IF
AS path: I
show route best extensive
The output for the show route best extensive command is identical to that for the show
route best detail command. For sample output, see show route best detail on page 759.
show route best terse

user@host> show route best 10.255.70.103 terse

Restart Complete

* 10.255.70.103/32 O 10 2 >10.31.1.6
so-0/3/0.0

Restart Complete

* 10.255.70.103/32 R 7 2 >so-0/3/0.0


* 10.0.0.0/8 D 0 >fxp2.0
D 0 >fxp1.0

show route brief

Syntax show route brief

Syntax (EX Series show route brief

Switches) <destination-prefix>

Description Display brief information about the active entries in the routing tables.
Options none—Display all active entries in the routing table.

of addresses.


Level
Related • show route all on page 756

Documentation
• show route best on page 758
List of Sample Output show route brief on page 761
Output Fields For information about output fields, see the Output Field table of the show route
command.
Sample Output
show route brief

user@host> show route brief

0.0.0.0/0 *[Static/5] 1w5d 20:30:29

IS-IS Feature Guide
Discard
10.255.245.51/32 *[Direct/0] 2w4d 13:11:14
> via lo0.0
172.16.0.0/12 *[Static/5] 2w4d 13:11:14
> to 192.168.167.254 via fxp0.0
192.168.0.0/18 *[Static/5] 1w5d 20:30:29
> to 192.168.167.254 via fxp0.0
192.168.40.0/22 *[Static/5] 2w4d 13:11:14
> to 192.168.167.254 via fxp0.0
192.168.64.0/18 *[Static/5] 2w4d 13:11:14
> to 192.168.167.254 via fxp0.0
192.168.164.0/22 *[Direct/0] 2w4d 13:11:14
> via fxp0.0
192.168.164.51/32 *[Local/0] 2w4d 13:11:14
Local via fxp0.0
207.17.136.192/32 *[Static/5] 2w4d 13:11:14
> to 192.168.167.254 via fxp0.0
green.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
100.101.0.0/16 *[Direct/0] 1w5d 20:30:28
> via fe-0/0/3.0
100.101.2.3/32 *[Local/0] 1w5d 20:30:28
172.16.233.5/32 *[OSPF/10] 1w5d 20:30:29, metric 1
MultiRecv

show route detail

Syntax show route detail

Syntax (EX Series show route detail


Command introduced in Junos OS Release 13.2X51-D15 for the QFX Series.
Comand introduced in Junos OS Release 14.1X53-D20 for the OCX Series.
Description Display detailed information about the active entries in the routing tables.
Options none—Display all active entries in the routing table on all systems.

of addresses.


Level
List of Sample Output show route detail on page 774

show route detail (with BGP Multipath) on page 780
show route label detail (Multipoint LDP Inband Signaling for Point-to-Multipoint
LSPs) on page 781
show route label detail (Multipoint LDP with Multicast-Only Fast Reroute) on page 781
show route detail (Flexible VXLAN Tunnel Profile) on page 782
Output Fields Table 34 on page 763 describes the output fields for the show route detail command.
Table 34: show route detail Output Fields

IS-IS Feature Guide
Table 34: show route detail Output Fields (continued)

route-destination Route destination (for example:10.0.0.1/24). The entry value is the number of routes for this destination,
(entry, announced) and the announced value is the number of routes being announced for this destination. Sometimes
the route destination is presented in another format, such as:

• neighbor-address:control-word-status:encapsulation type:vc-id:source (Layer 2 circuit only; for example,
10.1.1.195:NoCtrlWord:1:1:Local/96).
label stacking (Next-to-the-last-hop routing device for MPLS only) Depth of the MPLS label stack, where the
label-popping operation is needed to remove one or more labels from the top of the stack. A pair of
routes is displayed, because the pop operation is performed only when the stack depth is two or more
labels.
• S=0 route indicates that a packet with an incoming label stack depth of 2 or more exits this routing
device with one fewer label (the label-popping operation is performed).
• If there is no S= information, the route is a normal MPLS route, which has a stack depth of 1 (the
label-popping operation is not performed).

[protocol, preference] Protocol from which the route was learned and the preference value for the route.
forwarding table.
has a higher LocalPref value.
Preference2 values are signed integers, that is, Preference2 values can be either positive or negative
values. However, Junos OS evaluates Preference2 values as unsigned integers that are represented
by positive values. Based on the Preference2 values, Junos OS evaluates a preferred route differently
in the following scenarios:
• Both Signed Preference2 values

• Route A = -101
• Route B = -156
Where both the Preference2 values are signed, Junos OS evaluates only the unsigned value of
Preference2 and Route A, which has a lower Preference2 value is preferred.
• Unsigned Preference2 values
Now consider both unsigned Preference2 values:
• Route A = 4294967096
• Route B = 200
Here, Junos OS considers the lesser Preference2 value and Route B with a Preference2 value of 200
is preferred because it is less than 4294967096.
• Combination of signed and unsigned Preference2 values
When Preference2 values of two routes are compared, and for one route the Preference2 is a signed
value, and for the other route it is an unsigned value, Junos OS prefers the route with the positive
Preference2 value over the negative Preference2 value. For example, consider the following signed
and unsigned Preference2 values:
• Route A = -200
• Route B = 200
In this case, Route B with a Preference2 value of 200 is preferred although this value is greater than
-200, because Junos OS evaluates only the unsigned value of the Preference2 value.
Level (IS-IS only). In IS-IS, a single AS can be divided into smaller groups called areas. Routing between
areas is organized hierarchically, allowing a domain to be administratively divided into smaller areas.
This organization is accomplished by configuring Level 1 and Level 2 intermediate systems. Level 1
systems route within an area. When the destination is outside an area, they route toward a Level 2
system. Level 2 intermediate systems route between areas and toward other ASs.
Route Distinguisher IP subnet augmented with a 64-bit prefix.
PMSI Provider multicast service interface (MVPN routing table).

IS-IS Feature Guide
Next-hop type Type of next hop. For a description of possible values for this field, see Table 35 on page 769.
Next-hop reference Number of references made to the next hop.

count
Flood nexthop branches Indicates that the number of flood next-hop branches exceeded the system limit of 32 branches, and
exceed maximum only a subset of the flood next-hop branches were installed in the kernel.
message
Source IP address of the route source.
Next hop Network layer address of the directly reachable neighboring system.
name of the interface that is actually used is followed by the word Selected. This field can also contain
the following information:
Label-switched-path Name of the LSP used to reach the next hop.

lsp-path-name
Label operation MPLS label and operation occurring at this routing device. The operation can be pop (where a label
is removed from the top of the stack), push (where another label is added to the label stack), or swap
(where a label is replaced by another label).
Interface (Local only) Local interface name.
Protocol next hop Network layer address of the remote routing device that advertised the prefix. This address is used
to derive a forwarding next hop.
Indirect next hop Index designation used to specify the mapping between protocol next hops, tags, kernel export policy,
and the forwarding next hops.
State State of the route (a route can be in more than one state). See Table 36 on page 771.
Local AS AS number of the local routing device.
Age How long the route has been known.
AIGP Accumulated interior gateway protocol (AIGP) BGP attribute.

Metricn Cost value of the indicated route. For routes within an AS, the cost is determined by IGP and the
MED-plus-IGP Metric value for BGP path selection to which the IGP cost to the next-hop destination has been added.
TTL-Action For MPLS LSPs, state of the TTL propagation attribute. Can be enabled or disabled for all
RSVP-signaled and LDP-signaled LSPs or for specific VRF routing instances.
For sample output, see show route table.
Task Name of the protocol that has added the route.
Announcement bits The number of BGP peers or protocols to which Junos OS has announced this route, followed by the
list of the recipients of the announcement. Junos OS can also announce the route to the KRT for
installing the route into the Packet Forwarding Engine, to a resolve tree, a L2 VC, or even a VPN. For
example, n-Resolve inet indicates that the specified route is used for route resolution for next hops
found in the routing table.
• n—An index used by Juniper Networks customer support only.
• I—IGP.
• E—EGP.
• Recorded—The AS path is recorded by the sample process (sampled).
• [ ]—Brackets enclose the number that precedes the AS path. This number represents the number
of ASs present in the AS path, when calculated as defined in RFC 4271. This value is used in the
AS-path merge process, as defined in RFC 4893.
• [ ]—If more than one AS number is configured on the routing device, or if AS path prepending is
configured, brackets enclose the local AS number associated with the AS path.
ascending order.

IS-IS Feature Guide
ORR Generation-ID Displays the optimal route reflection (ORR) generation identifier. ISIS and OSPF interior gateway
protocol (IGP) updates filed whenever any of the corresponding ORR route has its metric valued
changed, or if the ORR route is added or deleted.
FECs bound to route Point-to-multipoint root address, multicast source address, and multicast group address when
multipoint LDP (M-LDP) inband signaling is configured.
Primary Upstream When multipoint LDP with multicast-only fast reroute (MoFRR) is configured, the primary upstream
path. MoFRR transmits a multicast join message from a receiver toward a source on a primary path,
while also transmitting a secondary multicast join message from the receiver toward the source on
a backup path.
RPF Nexthops When multipoint LDP with MoFRR is configured, the reverse-path forwarding (RPF) next-hop
information. Data packets are received from both the primary path and the secondary paths. The
redundant packets are discarded at topology merge points due to the RPF checks.
Label Multiple MPLS labels are used to control MoFRR stream selection. Each label represents a separate
route, but each references the same interface list check. Only the primary label is forwarded while all
others are dropped. Multiple interfaces can receive packets using the same label.
weight Value used to distinguish MoFRR primary and backup routes. A lower weight value is preferred. Among
routes with the same weight value, load balancing is possible.
VC Label MPLS label assigned to the Layer 2 circuit virtual connection.
MTU Maximum transmission unit (MTU) of the Layer 2 circuit.
VLAN ID VLAN identifier of the Layer 2 circuit.
Prefixes bound to route Forwarding equivalent class (FEC) bound to this route. Applicable only to routes installed by LDP.
Communities Community path attribute for the route. See Table 37 on page 773 for all possible values for this field.
Layer2-info: encaps Layer 2 encapsulation (for example, VPLS).
control flags Control flags: none or Site Down.
mtu Maximum transmission unit (MTU) information.

Label-Base, range First label in a block of labels and label block size. A remote PE routing device uses this first label
when sending traffic toward the advertising PE routing device.
status vector Layer 2 VPN and VPLS network layer reachability information (NLRI).
Accepted Multipath Current active path when BGP multipath is configured.
Accepted The LongLivedStale flag indicates that the route was marked LLGR-stale by this router, as part of the
LongLivedStale operation of LLGR receiver mode. Either this flag or the LongLivedStaleImport flag may be displayed
for a route. Neither of these flags are displayed at the same time as the Stale (ordinary GR stale) flag.
Accepted The LongLivedStaleImport flag indicates that the route was marked LLGR-stale when it was received
LongLivedStaleImport from a peer, or by import policy. Either this flag or the LongLivedStale flag may be displayed for a
route. Neither of these flags are displayed at the same time as the Stale (ordinary GR stale) flag.
Accept all received BGP long-lived graceful restart (LLGR) and LLGR stale routes learned from
configured neighbors and import into the inet.0 routing table
ImportAccepted Accept all received BGP long-lived graceful restart (LLGR) and LLGR stale routes learned from
LongLivedStaleImport configured neighbors and imported into the inet.0 routing table
The LongLivedStaleImport flag indicates that the route was marked LLGR-stale when it was received
from a peer, or by import policy.
Accepted Path currently contributing to BGP multipath.

MultipathContrib
Localpref Local preference value included in the route.
Router ID BGP router ID as advertised by the neighbor in the open message.
Primary Routing Table In a routing table group, the name of the primary routing table in which the route resides.
Secondary Tables In a routing table group, the name of one or more secondary tables in which the route resides.
Table 35 on page 769 describes all possible values for the Next-hop Types output field.
Table 35: Next-hop Types Output Field Values
Next-Hop Type Description
Broadcast (bcast) Broadcast next hop.
Deny Deny next hop.
Discard Discard next hop.
Dynamic List Dynamic list next hop

IS-IS Feature Guide
Table 35: Next-hop Types Output Field Values (continued)
Flood Flood next hop. Consists of components called branches,

up to a maximum of 32 branches. Each flood next-hop
branch sends a copy of the traffic to the forwarding
interface. Used by point-to-multipoint RSVP,
point-to-multipoint LDP, point-to-multipoint CCC, and
multicast.
Hold Next hop is waiting to be resolved into a unicast or

multicast type.
Indexed (idxd) Indexed next hop.
Indirect (indr) Used with applications that have a protocol next hop
address that is remote. You are likely to see this next-hop
type for internal BGP (IBGP) routes when the BGP next
hop is a BGP neighbor that is not directly connected.
Interface Used for a network address assigned to an interface. Unlike

the router next hop, the interface next hop does not
reference any specific node on the network.
Local (locl) Local address on an interface. This next-hop type causes

packets with this destination address to be received locally.
Multicast (mcst) Wire multicast next hop (limited to the LAN).
Multicast discard (mdsc) Multicast discard.
Multicast group (mgrp) Multicast group member.
Receive (recv) Receive.
Reject (rjct) Discard. An ICMP unreachable message was sent.
Resolve (rslv) Resolving next hop.
Routed multicast (mcrt) Regular multicast next hop.
Router A specific node or set of nodes to which the routing device

forwards packets that match the route prefix.
To qualify as next-hop type router, the route must meet

the following criteria:
• Must not be a direct or local subnet for the routing

device.
• Must have a next hop that is directly connected to the
routing device.

Software Next hop added to the Routing Engine forwarding table

for remote IP addresses with prefix /32 for Junos OS
Evolved only.
Table Routing table next hop.
Unicast (ucst) Unicast.
Unilist (ulst) List of unicast next hops. A packet sent to this next hop
goes to any next hop in the list.
Table 36 on page 771 describes all possible values for the State output field. A route can
be in more than one state (for example, <Active NoReadvrt Int Ext>).
Table 36: State Output Field Values
Value Description
Accounting Route needs accounting.
Active Route is active.
Always Compare MED Path with a lower multiple exit discriminator (MED) is
available.
AS path Shorter AS path is available.
Cisco Non-deterministic MED Cisco nondeterministic MED is enabled, and a path with a
selection lower MED is available.
Clone Route is a clone.
Cluster list length Length of cluster list sent by the route reflector.
Delete Route has been deleted.
Ex Exterior route.
Ext BGP route received from an external BGP neighbor.
FlashAll Forces all protocols to be notified of a change to any route,

active or inactive, for a prefix. When not set, protocols are
informed of a prefix only when the active route changes.
Hidden Route not used because of routing policy.
IfCheck Route needs forwarding RPF check.

IS-IS Feature Guide
Table 36: State Output Field Values (continued)
Value Description
IGP metric Path through next hop with lower IGP metric is available.
Inactive reason Flags for this route, which was not selected as best for a
particular destination.
Initial Route being added.
Int Interior route.
Int Ext BGP route received from an internal BGP peer or a BGP
confederation peer.
Interior > Exterior > Exterior via Direct, static, IGP, or EBGP path is available.
Interior
Local Preference Path with a higher local preference value is available.
Martian Route is a martian (ignored because it is obviously invalid).
MartianOK Route exempt from martian filtering.
Next hop address Path with lower metric next hop is available.
No difference Path from neighbor with lower IP address is available.
NoReadvrt Route not to be advertised.
NotBest Route not chosen because it does not have the lowest MED.
Not Best in its group Incoming BGP AS is not the best of a group (only one AS can
be the best).
NotInstall Route not to be installed in the forwarding table.
Number of gateways Path with a greater number of next hops is available.
Origin Path with a lower origin code is available.
Pending Route pending because of a hold-down configured on another

route.
Programmed Route installed programatically by on-box or off-box

applications using API.
Release Route scheduled for release.
RIB preference Route from a higher-numbered routing table is available.

Value Description
Route Distinguisher 64-bit prefix added to IP subnets to make them unique.
Route Metric or MED comparison Route with a lower metric or MED is available.
Route Preference Route with lower preference value is available
Router ID Path through a neighbor with lower ID is available.
Secondary Route not a primary route.
Unusable path Path is not usable because of one of the following conditions:
• The route is damped.

• The route is rejected by an import policy.
• The route is unresolved.
Update source Last tiebreaker is the lowest IP address value.
ProtectionCand Indicates paths requesting protection.
ProtectionPath Indicates the route entry that can be used as a protection path.
Table 37 on page 773 describes the possible values for the Communities output field.
Table 37: Communities Output Field Values
Value Description
area-number 4 bytes, encoding a 32-bit area number. For AS-external routes, the value is 0. A nonzero value
identifies the route as internal to the OSPF domain, and as within the identified area. Area
numbers are relative to a particular OSPF domain.
bandwidth: local AS Link-bandwidth community value used for unequal-cost load balancing. When BGP has
number:link-bandwidth-number several candidate paths available for multipath purposes, it does not perform unequal-cost
load balancing according to the link-bandwidth community unless all candidate paths have
this attribute.
domain-id Unique configurable number that identifies the OSPF domain.
domain-id-vendor Unique configurable number that further identifies the OSPF domain.
link-bandwidth-number Link-bandwidth number: from 0 through 4,294,967,295 (bytes per second).
local AS number Local AS number: from 1 through 65,535.
options 1 byte. Currently this is only used if the route type is 5 or 7. Setting the least significant bit in
the field indicates that the route carries a type 2 metric.

IS-IS Feature Guide
Table 37: Communities Output Field Values (continued)
Value Description
origin (Used with VPNs) Identifies where the route came from.
ospf-route-type 1 byte, encoded as 1 or 2 for intra-area routes (depending on whether the route came from a
type 1 or a type 2 LSA); 3 for summary routes; 5 for external routes (area number must be0);
7 for NSSA routes; or 129 for sham link endpoint addresses.
route-type-vendor Displays the area number, OSPF route type, and option of the route. This is configured using
the BGP extended community attribute 0x8000. The format is
area-number:ospf-route-type:options.
rte-type Displays the area number, OSPF route type, and option of the route. This is configured using
target Defines which VPN the route participates in; target has the format 32-bit IP address:16-bit
number. For example, 10.19.0.0:100.
unknown IANA Incoming IANA codes with a value between 0x1 and 0x7fff. This code of the BGP extended
community attribute is accepted, but it is not recognized.
unknown OSPF vendor Incoming IANA codes with a value above 0x8000. This code of the BGP extended community
Sample Output
show route detail

user@host> show route detail

Next hop: 192.168.71.254 via fxp0.0, selected
State: <Active NoReadvrt Int Ext>
Local AS: 69
Age: 1:31:43
Task: RT
AS path: I

State: <Active Int>
Local AS: 69
Age: 1:30:17
Task: IF

AS path: I
OSPF Preference: 10
State: <Int>
Local AS: 69
Age: 1:30:17 Metric: 1
Area: 0.0.0.0
Task: OSPF
AS path: I

State: <Active NoReadvrt Int>
Local AS: 69
Age: 1:30:20
Task: IF
AS path: I
...

State: <Active Int>
Local AS: 69
Area: 0.0.0.0
Task: OSPF
AS path: I
...
172.16.233.2/32 (1 entry, 1 announced)

*PIM Preference: 0
Local AS: 69
Age: 1:31:45
Task: PIM Recv
AS path: I
...
172.16.233.22/32 (1 entry, 1 announced)

*IGMP Preference: 0
Local AS: 69

IS-IS Feature Guide
Age: 1:31:43
Task: IGMP
AS path: I
10.255.70.103/32 (1 entry, 1 announced)

State: <FlashAll>
*RSVP Preference: 7
Next hop: 10.31.1.6 via ge-3/1/0.0 weight 0x1, selected
State: <Active Int>
Local AS: 69
Task: RSVP
AS path: I
10.255.71.238/32 (1 entry, 1 announced)

State: <FlashAll>
*RSVP Preference: 7
State: <Active Int>
Local AS: 69
Task: RSVP
AS path: I
private__.inet.0: 2 destinations, 3 routes (2 active, 0 holddown, 0 hidden)
47.0005.80ff.f800.0000.0108.0001.0102.5507.1052/152 (1 entry, 0 announced)

State: <Active Int>
Local AS: 69
Age: 1:31:44
Task: IF
AS path: I

*MPLS Preference: 0
Next hop type: Receive
State: <Active Int>
Local AS: 69
Task: MPLS
AS path: I

...

TSI:
KRT in-kernel 299840 /52 -> {indirect(1048575)}
*RSVP Preference: 7/2
Next hop type: Flood
Address: 0x9174a30
Address: 0x9174c28
Label-switched-path R2-to-R4-2p2mp
Address: 0x92544f0
Label-switched-path R2-to-R200-p2mp
State: <Active Int>
Age: 1:29 Metric: 1
Task: RSVP
AS path: I...

*VPLS Preference: 7
Next hop: via vt-3/2/0.32769, selected
State: <Active Int>
Age: 1:29:30
Task: Common L2 VC
AS path: I
vt-3/2/0.32769 (1 entry, 1 announced)

*VPLS Preference: 7
Label operation: Push 800012, Push 100096(top)
Push 800012
Indirect next hop: 87272e4 1048574
State: <Active Int>
Age: 1:29:30 Metric2: 2
Task: Common L2 VC
Announcement bits (2): 0-KRT 1-Common L2 VC
AS path: I
Communities: target:11111:1 Layer2-info: encaps:VPLS,
control flags:, mtu: 0

IS-IS Feature Guide
abcd::10:255:71:52/128 (1 entry, 0 announced)

State: <Active Int>
Local AS: 69
Age: 1:31:44
Task: IF
AS path: I
fe80::280:42ff:fe10:f179/128 (1 entry, 0 announced)

Local AS: 69
Age: 1:31:44
Task: IF
AS path: I
ff02::2/128 (1 entry, 1 announced)

*PIM Preference: 0
Local AS: 69
Age: 1:31:45
Task: PIM Recv6
AS path: I
ff02::d/128 (1 entry, 1 announced)

*PIM Preference: 0
Local AS: 69
Age: 1:31:45
Task: PIM Recv6
AS path: I

*MLD Preference: 0
Local AS: 69
Age: 1:31:43
Task: MLD
AS path: I
private.inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)



Age: 1:31:44
Task: IF
AS path: I
green.l2vpn.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
10.255.70.103:1:3:1/96 (1 entry, 1 announced)

Source: 10.255.70.103
State: <Secondary Active Int Ext>
Age: 1:25:49 Metric2: 1
AIGP 210
Task: BGP_69.10.255.70.103+179
Announcement bits (1): 0-green-l2vpn
AS path: I
Label-base: 800008, range: 8
Localpref: 100
Router ID: 10.255.70.103
Primary Routing Table bgp.l2vpn.0
10.255.71.52:1:1:1/96 (1 entry, 1 announced)

*L2VPN Preference: 170/-1
Indirect next hop: 0 -
Age: 1:31:40 Metric2: 1
Task: green-l2vpn
Announcement bits (1): 1-BGP.0.0.0.0+179
AS path: I
Communities: Layer2-info: encaps:VPLS, control flags:Site-Down,
mtu: 0
Label-base: 800016, range: 8, status-vector: 0x9F
10.255.71.52:1:5:1/96 (1 entry, 1 announced)

Age: 1:31:40 Metric2: 1
Task: green-l2vpn
AS path: I
Communities: Layer2-info: encaps:VPLS, control flags:, mtu: 0
...
l2circuit.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

10.245.255.63:CtrlWord:4:3:Local/96 (1 entry, 1 announced)

IS-IS Feature Guide
*L2CKT Preference: 7
Next hop: via so-1/1/2.0 weight 1, selected
Label-switched-path my-lsp
Label operation: Push 100000[0]
Protocol next hop: 10.245.255.63 Indirect next hop: 86af000 296
State: <Active Int>
Local AS: 99
Age: 10:21
Task: l2 circuit
Announcement bits (1): 0-LDP
AS path: I
VC Label 100000, MTU 1500, VLAN ID 512

Level: 2
Address: 0x9db6ed0
Next hop: 10.1.1.6 via lt-1/0/10.5, selected
Session Id: 0x18a
State: <Active Int>
Local AS: 2
Task: IS-IS
Announcement bits (3): 0-KRT 5-Resolve tree 4 6-Resolve_IGP_FRR
task
AS path: I

Address: 0xc008830
Session Id: 0x1b7
State: <Active Int>
Local AS: 1
Age: 3:06:59 Metric: 100
Area: 0.0.0.0
Task: OSPF
AS path: I
show route detail (with BGP Multipath)

user@host> show route detail

Address: 0x901a010

Source: 10.1.1.2
Next hop: 10.1.1.6 via ge-0/3/0.5
State: <Active Ext>
Age: 5:04:43
Task: BGP_2.10.1.1.2+59955
AS path: 2 I
Accepted Multipath
Localpref: 100
Router ID: 172.16.1.2
BGP Preference: 170/-101
Address: 0x8f97520
Source: 10.1.1.6
State: <NotBest Ext>
Inactive reason: Not Best in its group - Active preferred
Age: 5:04:43
Task: BGP_2.10.1.1.6+58198
AS path: 2 I
Accepted MultipathContrib
Localpref: 100
Router ID: 172.16.1.3
show route label detail (Multipoint LDP Inband Signaling for Point-to-Multipoint LSPs)
user@host> show route label 299872 detail

*LDP Preference: 9
Address: 0x9097d90
Next hop: via vt-0/1/0.1
Next-hop index: 661
Address: 0x9172130
Next-hop index: 654
Label operation: Swap 299872
State: **Active Int>
Local AS: 1001
Age: 8:20 Metric: 1
Task: LDP
AS path: I
FECs bound to route: P2MP root-addr 10.255.72.166, grp 232.1.1.1,
src 192.168.142.2
show route label detail (Multipoint LDP with Multicast-Only Fast Reroute)

IS-IS Feature Guide

*LDP Preference: 9
Address: 0x2735208
Address: 0x2735d2c
Next hop: 1.3.8.2 via ge-1/2/22.0
Address: 0x2736290
Next hop: 1.3.4.2 via ge-1/2/18.0
State: <Active Int AckRequest MulticastRPF>
Local AS: 10
Task: LDP
AS path: I
FECs bound to route: P2MP root-addr 172.16.1.1, grp: 232.1.1.1,
src: 192.168.219.11
Primary Upstream : 172.16.1.3:0--172.16.1.2:0
RPF Nexthops :
ge-1/2/15.0, 1.2.94.1, Label: 301568, weight: 0x1
ge-1/2/14.0, 1.2.3.1, Label: 301568, weight: 0x1
Backup Upstream : 172.16.1.3:0--172.16.1.6:0
RPF Nexthops :
ge-1/2/20.0, 1.2.96.1, Label: 301584, weight: 0xfffe
show route detail (Flexible VXLAN Tunnel Profile)

user@host> show route 192.168.0.2 detail
...
CUSTOMER_0001.inet.0: 5618 destinations, 6018 routes (5618 active, 0 holddown, 0
hidden)
192.168.0.2/32 (1 entry, 1 announced)

*Static Preference: 5/100
Address: 0x5d9b03cc
Next hop: via fti0.6, selected
Session Id: 0x24c8
State: <Active Int NSR-incapable OpaqueData Programmed>
Age: 1:25:53
Tag: 10000001 Tag2: 1
AS path: I
Flexible IPv6 VXLAN tunnel profile
Action: Encapsulate

Interface: fti0.6 (Index: 10921)

VNI: 10000001
Source Prefix: 2001:db8:255::2/128
Source UDP Port Range: 54614 - 60074
Destination Address: 2001:db8:80:1:1:1:0:1
Destination UDP Port: 4790
VXLAN Flags: 0x08
...

IS-IS Feature Guide
show route exact

Syntax show route exact destination-prefix

Syntax (EX Series show route exact destination-prefix


Description Display only the routes that exactly match the specified address or range of addresses.
destination-prefix—Address or range of addresses.


Level
List of Sample Output show route exact on page 784

show route exact detail on page 785
show route exact extensive on page 785
show route exact terse on page 785
Sample Output
show route exact

user@host> show route exact 207.17.136.0/24

Restart Complete

207.17.136.0/24 *[Static/5] 2d 03:30:22

> to 192.168.71.254 via fxp0.0
show route exact detail

user@host> show route exact 207.17.136.0/24 detail

Restart Complete
207.17.136.0/24 (1 entry, 1 announced)
Local AS: 69
Age: 2d 3:30:26
Task: RT
AS path: I
show route exact extensive

user@host> show route exact 207.17.136.0/24 extensive

207.17.136.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 207.17.136.0/24 -> {192.168.71.254}
Local AS: 69
Age: 1:25:18
Task: RT
AS path: I
show route exact terse

user@host> show route exact 207.17.136.0/24 terse

* 207.17.136.0/24 S 5 >192.168.71.254

IS-IS Feature Guide
show route export

Syntax show route export

<brief | detail>
<instance <instance-name> | routing-table-name>
Syntax (EX Series show route export

Switches) <brief | detail>
<instance <instance-name> | routing-table-name>

Description Display policy-based route export information. Policy-based export simplifies the process
of exchanging route information between routing instances.
Options none—(Same as brief.) Display standard information about policy-based export for all
instances and routing tables on all systems.
brief | detail—(Optional) Display the specified level of output.
instance <instance-name>—(Optional) Display a particular routing instance for which

policy-based export is currently enabled.

routing-table-name—(Optional) Display information about policy-based export for all

routing tables whose name begins with this string (for example, inet.0 and inet6.0
are both displayed when you run the show route export inet command).

Level
List of Sample Output show route export on page 787

show route export detail on page 787
show route export instance detail on page 788
Output Fields Table 38 on page 787 lists the output fields for the show route export command. Output

Table 38: show route export Output Fields
Table or table-name Name of the routing tables that either import or export routes. All levels
Routes Number of routes exported from this table into other tables. If a particular route brief none
is exported to different tables, the counter will only increment by one.
Export Whether the table is currently exporting routes to other tables: Y or N (Yes or No). brief none
Import Tables currently importing routes from the originator table. (Not displayed for detail
tables that are not exporting any routes.)
Flags (instance keyword only) Flags for this feature on this instance: detail
• config auto-policy—The policy was deduced from the configured IGP export
policies.
• cleanup—Configuration information for this instance is no longer valid.
• config—The instance was explicitly configured.
Options (instance keyword only) Configured option displays the type of routing tables the detail
feature handles:
• unicast—Indicates instance.inet.0.
• multicast—Indicates instance.inet.2.
• unicast multicast—Indicates instance.inet.0 and instance.inet.2.
Import policy (instance keyword only) Policy that route export uses to construct the import-export detail
matrix. Not displayed if the instance type is vrf.
Instance (instance keyword only) Name of the routing instance. detail
Type (instance keyword only) Type of routing instance: forwarding, non-forwarding, or detail
vrf.
Sample Output
show route export

user@host> show route export
Table Export Routes

inet.0 N 0
black.inet.0 Y 3
red.inet.0 Y 4
show route export detail

user@host> show route export detail
inet.0 Routes: 0
black.inet.0 Routes: 3
Import: [ inet.0 ]

IS-IS Feature Guide
red.inet.0 Routes: 4
Import: [ inet.0 ]
show route export instance detail

user@host> show route export instance detail
Instance: master Type: forwarding

Flags: <config auto-policy> Options: <unicast multicast>
Import policy: [ (ospf-master-from-red || isis-master-from-black) ]
Instance: black Type: non-forwarding
Instance: red Type: non-forwarding


Syntax show route extensive

Syntax (EX Series show route extensive


Description Display extensive information about the active entries in the routing tables.
Options none—Display all active entries in the routing table.

of addresses.


Level
List of Sample Output show route extensive on page 796

show route extensive (Access Route) on page 803
show route extensive (BGP PIC Edge) on page 804
show route extensive (FRR and LFA) on page 804
show route extensive (IS-IS) on page 805
show route extensive (Route Reflector) on page 805
show route label detail (Multipoint LDP Inband Signaling for Point-to-Multipoint
LSPs) on page 806
show route label detail (Multipoint LDP with Multicast-Only Fast Reroute) on page 806
show route extensive (Flexible VXLAN Tunnel Profile) on page 807
Output Fields Table 39 on page 789 describes the output fields for the show route extensive command.
Table 39: show route extensive Output Fields

IS-IS Feature Guide
Table 39: show route extensive Output Fields (continued)
• active (routes that are active).

• holddown (routes that are in the pending state before being declared inactive).
• hidden (routes that are not used because of a routing policy).
route-destination Route destination (for example: 10.0.0.1/24). The entry value is the number of route for this destination,
• MPLS-label (for example, 80001 ).

TSI Protocol header information.
labels.
• S=0 route indicates that a packet with an incoming label stack depth of two or more exits this router
with one fewer label (the label-popping operation is performed).
forwarding table.

Level (IS-IS only). In IS-IS, a single autonomous system (AS) can be divided into smaller groups called
areas. Routing between areas is organized hierarchically, allowing a domain to be administratively
divided into smaller areas. This organization is accomplished by configuring Level 1 and Level 2
intermediate systems. Level 1 systems route within an area. When the destination is outside an area,
they route toward a Level 2 system. Level 2 intermediate systems route between areas and toward
other ASs.
Next-hop type Type of next hop. For a description of possible values for this field, see the Output Field table in the
show route detail command.

count
Flood nexthop branches Indicates that the number of flood next-hop branches exceeded the system limit of 32 branches, and
exceed maximum only a subset of the flood next-hop branches were installed in the kernel.
message

lsp-path-name
Offset Whether the metric has been increased or decreased by an offset value.
to recursively derive a forwarding next hop.

IS-IS Feature Guide
label-operation MPLS label and operation occurring at this routing device. The operation can be pop (where a label
Indirect next hops When present, a list of nodes that are used to resolve the path to the next-hop destination, in the
order that they are resolved.
When BGP PIC Edge is enabled, the output lines that contain Indirect next hop: weight follow next
hops that the software can use to repair paths where a link failure occurs. The next-hop weight has
one of the following values:
• 0x1 indicates active next hops.

• 0x4000 indicates passive next hops.
State State of the route (a route can be in more than one state). See the Output Field table in the show
route detail command.
Session ID The BFD session ID number that represents the protection using MPLS fast reroute (FRR) and loop-free
alternate (LFA).
Weight Weight for the backup path. If the weight of an indirect next hop is larger than zero, the weight value
is shown.

Inactive reason If the route is inactive, the reason for its current state is indicated. Typical reasons include:
• Active preferred—Currently active route was selected over this route.

• Always compare MED—Path with a lower multiple exit discriminator (MED) is available.
• AS path—Shorter AS path is available.
• Cisco Non-deterministic MED selection—Cisco nondeterministic MED is enabled and a path with a
lower MED is available.
• Cluster list length—Path with a shorter cluster list length is available.
• Forwarding use only—Path is only available for forwarding purposes.
• IGP metric—Path through the next hop with a lower IGP metric is available.
• IGP metric type—Path with a lower OSPF link-state advertisement type is available.
• Interior > Exterior > Exterior via Interior—Direct, static, IGP, or EBGP path is available.
• Local preference—Path with a higher local preference value is available.
• Next hop address—Path with a lower metric next hop is available.
• No difference—Path from a neighbor with a lower IP address is available.
• Not Best in its group—Occurs when multiple peers of the same external AS advertise the same
prefix and are grouped together in the selection process. When this reason is displayed, an additional
reason is provided (typically one of the other reasons listed).
• Number of gateways—Path with a higher number of next hops is available.
• Origin—Path with a lower origin code is available.
• OSPF version—Path does not support the indicated OSPF version.
• RIB preference—Route from a higher-numbered routing table is available.
• Route destinguisher—64-bit prefix added to IP subnets to make them unique.
• Route metric or MED comparison—Route with a lower metric or MED is available.
• Route preference—Route with a lower preference value is available.
• Router ID—Path through a neighbor with a lower ID is available.
• Unusable path—Path is not usable because of one of the following conditions: the route is damped,
the route is rejected by an import policy, or the route is unresolved.
• Update source—Last tiebreaker is the lowest IP address value.
Local AS Autonomous system (AS) number of the local routing device.
Metric Cost value of the indicated route. For routes within an AS, the cost is determined by IGP and the

IS-IS Feature Guide
Announcement bits List of protocols that are consumers of the route. Using the following output as an example,
Announcement bits (3): 0-KRT 5-Resolve tree 2 8-BGP RT Background there are (3) announcement
bits to reflect the three clients (protocols) that have state for this route: Kernel (0-KRT), 5 (resolution
tree process 2), and 8 (BGP).
The notation n-Resolve inet indicates that the route is used for route resolution for next hops found
in the routing table. n is an index used by Juniper Networks customer support only.
• I—IGP.
• E—EGP.
• [ ]—Brackets enclose the local AS number associated with the AS path if more than one AS number
is configured on the routing device, or if AS path prepending is configured.
ascending order.
• Unverified—Indicates that origin validation is not enabled for the BGP peers.
FECs bound to route Point-to-multipoint root address, multicast source address, and multicast group address when
multipoint LDP (M-LDP) inband signaling is configured.
AS path: I <Originator> (For route reflected output only) Originator ID attribute set by the route reflector.

route status Indicates the status of a BGP route:
• Accepted—The specified BGP route is imported by the default BGP policy.

• Import—The route is imported into a Layer 3 VPN routing instance.
• Import-Protect—A remote instance egress that is protected.
• Multipath—A BGP multipath active route.
• MultipathContrib—The route is not active but contributes to the BGP multipath.
• Protect—An egress route that is protected.
• Stale—A route that is marked stale due to graceful restart.
Primary Upstream When multipoint LDP with multicast-only fast reroute (MoFRR) is configured, the primary upstream
path. MoFRR transmits a multicast join message from a receiver toward a source on a primary path,
while also transmitting a secondary multicast join message from the receiver toward the source on
a backup path.
RPF Nexthops When multipoint LDP with MoFRR is configured, the reverse-path forwarding (RPF) next-hop
Cluster list (For route reflected output only) Cluster ID sent by the route reflector.
Originator ID (For route reflected output only) Address of router that originally sent the route to the route reflector.
Prefixes bound to route Forwarding Equivalent Class (FEC) bound to this route. Applicable only to routes installed by LDP.
Communities Community path attribute for the route. See the Output Field table in the show route detail command
for all possible values for this field.

IS-IS Feature Guide
Originating RIB Name of the routing table whose active route was used to determine the forwarding next-hop entry
in the resolution database. For example, in the case of inet.0 resolving through inet.0 and inet.3, this
field indicates which routing table, inet.0 or inet.3, provided the best path for a particular prefix.
Node path count Number of nodes in the path.
Forwarding nexthops Number of forwarding next hops. The forwarding next hop is the network layer address of the directly
reachable neighboring system (if applicable) and the interface used to reach it.
Sample Output


203.0.113.10/16 (1 entry, 1 announced)
TSI:
KRT in-kernel 203.0.113.10/16 -> {192.168.71.254}
Local AS: 64496
Age: 1:34:06
Task: RT
AS path: I

State: <Active Int>
Local AS: 64496
Age: 1:32:40
Task: IF
AS path: I
OSPF Preference: 10


State: <Int>
Local AS: 64496
Area: 0.0.0.0
Task: OSPF
AS path: I
203.0.113.103/32 (1 entry, 1 announced)

Local AS: 644969
Age: 1:32:43
Task: IF
AS path: I
...
203.0.113.203/30 (1 entry, 1 announced)

TSI:
KRT in-kernel 203.0.113.203/30 -> {203.0.113.216}
State: <Active Int>
Local AS: 64496
Area: 0.0.0.0
Task: OSPF
AS path: I
...
198.51.100.2/32 (1 entry, 1 announced)

TSI:
KRT in-kernel 198.51.100.2/32 -> {}
*PIM Preference: 0
Local AS: 64496
Age: 1:34:08
Task: PIM Recv
AS path: I
...
198.51.100.22/32 (1 entry, 1 announced)

TSI:
KRT in-kernel 198.51.100.22/32 -> {}
*IGMP Preference: 0

IS-IS Feature Guide
Local AS: 64496

Age: 1:34:06
Task: IGMP
AS path: I
203.0.113.103/32 (1 entry, 1 announced)

State: <FlashAll>
*RSVP Preference: 7
State: <Active Int>
Local AS: 64496
Task: RSVP
AS path: I
203.0.113.238/32 (1 entry, 1 announced)

State: <FlashAll>
*RSVP Preference: 7
State: <Active Int>
Local AS: 64496
Task: RSVP
AS path: I
...
47.0005.80ff.f800.0000.0108.0001.0102.5507.1052/152 (1 entry, 0 announced)

State: <Active Int>
Local AS: 64496
Age: 1:34:07
Task: IF
AS path: I
TSI:
KRT in-kernel 0 /36 -> {}
*MPLS Preference: 0
Next hop type: Receive

State: <Active Int>

Local AS: 64496
Task: MPLS
AS path: I
...

TSI:
KRT in-kernel 299840 /52 -> {indirect(1048575)}
Address: 0x9174a30
Address: 0x9174c28
Label-switched-path R2-to-R4-2p2mp
Address: 0x92544f0
Label-switched-path R2-to-R200-p2mp
State: <Active Int>
Age: 1:29 Metric: 1
Task: RSVP
AS path: I...
TSI:
KRT in-kernel 800010 /36 -> {vt-3/2/0.32769}
*VPLS Preference: 7
Next hop: via vt-3/2/0.32769, selected
State: <Active Int>
Age: 1:31:53
Task: Common L2 VC
AS path: I
vt-3/2/0.32769 (1 entry, 1 announced)

TSI:
KRT in-kernel vt-3/2/0.32769.0 /16 -> {indirect(1048574)}
*VPLS Preference: 7

IS-IS Feature Guide
Push 800012
State: <Active Int>
Age: 1:31:53 Metric2: 2
Task: Common L2 VC
AS path: I
Push 800012
Next hop: 203.0.113.216 via ge-3/1/0.0 weight 0x1

Nexthop: 203.0.113.216 via ge-3/1/0.0
2001:db8::10:255:71:52/128 (1 entry, 0 announced)

State: <Active Int>
Local AS: 64496
Age: 1:34:07
Task: IF
AS path: I

Local AS: 64496
Age: 1:34:07
Task: IF
AS path: I

TSI:
KRT in-kernel ff02::2/128 -> {}
*PIM Preference: 0
Local AS: 64496
Age: 1:34:08
Task: PIM Recv6
AS path: I
ff02::d/128 (1 entry, 1 announced)

TSI:
KRT in-kernel ff02::d/128 -> {}

*PIM Preference: 0
Local AS: 64496
Age: 1:34:08
Task: PIM Recv6
AS path: I

TSI:
KRT in-kernel ff02::16/128 -> {}
*MLD Preference: 0
Local AS: 64496
Age: 1:34:06
Task: MLD
AS path: I
private.inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

Age: 1:34:07
Task: IF
AS path: I
203.0.113.103:1:3:1/96 (1 entry, 1 announced)

Source: 203.0.113.103
Age: 1:28:12 Metric2: 1
Task: BGP_69.203.0.113.103+179
Announcement bits (1): 0-green-l2vpn
AS path: I
Label-base: 800008, range: 8
Localpref: 100
Router ID: 203.0.113.103
203.0.113.152:1:1:1/96 (1 entry, 1 announced)

TSI:
Page 0 idx 0 Type 1 val 8699540

IS-IS Feature Guide

Age: 1:34:03 Metric2: 1
Task: green-l2vpn
AS path: I
Communities: Layer2-info: encaps:VPLS, control flags:Site-Down,
mtu: 0
203.0.113.152:1:5:1/96 (1 entry, 1 announced)

TSI:
Page 0 idx 0 Type 1 val 8699528
Age: 1:34:03 Metric2: 1
Task: green-l2vpn
AS path: I
Communities: Layer2-info: encaps:VPLS, control flags:, mtu: 0
...
TSI:

State: <Active Int>
Local AS: 64499
Age: 10:21
Task: l2 circuit
AS path: I
203.0.113.55/24 (1 entry, 1 announced)

TSI:
KRT queued (pending) add
198.51.100.0/24 -> {Push 300112}
Address: 0x925c208
Source: 203.0.113.9
State: <Active Ext>


Age: 1w0d 23:06:56
AIGP: 25
Task: BGP_65539.203.0.113.9+56732
AS path: 65539 64508 I
Accepted
Route Label: 300112
Localpref: 100
Router ID: 213.0.113.99
show route extensive (Access Route)

user@host> show route 203.0.113.102 extensive

203.0.113.102/32 (1 entry, 1 announced)
TSI:
KRT in-kernel 203.0.113.102/32 -> {192.0.2.2}
OSPF area : 0.0.0.0, LSA ID : 203.0.113.102, LSA type : Extern
*Access Preference: 13
Next hop: 192.0.2.2 via fe-0/0/0.0, selected
State: <Active Int>
Age: 12
Task: RPD Unix Domain Server./var/run/rpd_serv.local
Announcement bits (2): 0-KRT 1-OSPFv2
AS path: I
user@host> show route 2001:db8:4641:1::/48 extensive

2001:db8:4641:1::/48 (1 entry, 1 announced)
TSI:
KRT in-kernel 2001:db8:4641:1::/48 -> {#0 0.13.1.0.0.1}
*Access Preference: 13
Address: 0x1638c1d8
Next hop: #0 0.13.1.0.0.1 via demux0.1073753267, selected
Session Id: 0x0
State: <Active Int>
Age: 4:17
AS path: I
2001:db8:4641:1::/128 (1 entry, 1 announced)
TSI:
KRT in-kernel 2001:db8:4641:1::/128 -> {#0 0.13.1.0.0.1}
*Access-internal Preference: 12
Address: 0x1638c1d8
Next hop: #0 0.13.1.0.0.1 via demux0.1073753267, selected
Session Id: 0x0
State: <Active Int>
Age: 4:17

IS-IS Feature Guide

AS path: I
show route extensive (BGP PIC Edge)

ed.inet.0: 6 destinations, 9 routes (6 active, 0 holddown, 0 hidden)

State: <CalcForwarding>
TSI:
KRT in-kernel 198.51.100.6/32 -> {indirect(1048574), indirect(1048577)}
Page 0 idx 0 Type 1 val 9219e30
Nexthop: Self
AS path: [2] 3 I
..
#Multipath Preference: 255
Address: 0x93f4010
..
Push 299824
Indirect next hop: 944c000 1048574 INH Session ID: 0x3
Indirect next hop: weight 0x1
Push 299824
Indirect next hop: 944c1d8 1048577 INH Session ID: 0x4
Indirect next hop: weight 0x4000
State: <ForwardingOnly Int Ext)>
Inactive reason: Forwarding use only
Age: 25 Metric2: 15
Task: RT
AS path: 3 I
show route extensive (FRR and LFA)


State: FlashAll
TSI:
KRT in-kernel 203.0.113.20/24 -> {Push 299776, Push 299792}
Address: 0xbbbc010
Label-switched-path europa-d-to-europa-e

Session Id: 0x201

Next hop: 203.0.113.122 via ge-2/1/4.0 weight 0x4001
Label-switched-path europa-d-to-europa-e
Session Id: 0x202
State: Active Int
Local AS: 64500
Age: 5:31 Metric: 2
Task: RSVP
AS path: I
OSPF Preference: 10
Address: 0xb9d78c4
Session Id: 0x201
State: Int
Local AS: 64500
Age: 5:35 Metric: 3
Area: 0.0.0.0
Task: OSPF
AS path: I
show route extensive (IS-IS)

IS-IS Preference: 15
Level: 1
Address: 0xXXXXXXXXXX
Next-hop reference count: YY
Next hop: 203.0.113.22 via ae1.0 balance 43%, selected
Session Id: 0x141
Next hop: 203.0.113.22 via ae0.0 balance 57%
show route extensive (Route Reflector)

203.0.113.0/8 (1 entry, 1 announced)
TSI:
Source: 192.168.4.214
Protocol next hop: 198.51.100.192 Indirect next hop: 84ac908 40
Age: 3:09 Metric: 0 Metric2: 0
Task: BGP_65548.192.168.4.214+1033
Announcement bits (2): 0-KRT 4-Resolve inet.0
AS path: 65544 64507 I <Originator>
Cluster list: 198.51.100.1
Communities: 7777:7777

IS-IS Feature Guide
Localpref: 100
Router ID: 203.0.113.4
Indirect next hop: 84ac908 40
Next hop type: Discard
show route label detail (Multipoint LDP Inband Signaling for Point-to-Multipoint LSPs)

*LDP Preference: 9
Address: 0x9097d90
Next hop: via vt-0/1/0.1
Next-hop index: 661
Address: 0x9172130
Next-hop index: 654
State: **Active Int>
Local AS: 64511
Age: 8:20 Metric: 1
Task: LDP
AS path: I
FECs bound to route: P2MP root-addr 203.0.113.166, grp 203.0.113.1,
src 192.168.142.2
show route label detail (Multipoint LDP with Multicast-Only Fast Reroute)

*LDP Preference: 9
Address: 0x2735208
Address: 0x2735d2c
Next hop: 203.0.113.82 via ge-1/2/22.0
Address: 0x2736290
Next hop: 203.0.113.2 via ge-1/2/18.0
State: <Active Int AckRequest MulticastRPF>
Local AS: 64500


Task: LDP
AS path: I
FECs bound to route: P2MP root-addr 198.51.100.1, grp: 203.0.113.1,
src: 192.168.219.11
Primary Upstream : 198.51.100.3:0--198.51.100.2:0
RPF Nexthops :
ge-1/2/15.0, 10.2.94.1, Label: 301568, weight: 0x1
ge-1/2/14.0, 10.2.3.1, Label: 301568, weight: 0x1
Backup Upstream : 198.51.100.3:0--198.51.100.6:0
RPF Nexthops :
show route extensive (Flexible VXLAN Tunnel Profile)

...
CUSTOMER_0001.inet.0: 5618 destinations, 6018 routes (5618 active, 0 holddown, 0
hidden)
192.168.0.2/32 (1 entry, 1 announced)

TSI:
KRT in-kernel 192.168.0.2/32 -> {fti0.6 Flags NSR-incapable}
Opaque data client: FLEX-TNL
Address: 0xd00eee8
Opaque-data reference count: 2
Opaque data: Flexible IPv6 VXLAN tunnel profile
*Static Preference: 5/100
Address: 0x5d9b03cc
Next hop: via fti0.6, selected
Session Id: 0x24c8
State: <Active Int NSR-incapable OpaqueData Programmed>
Age: 1:34:00
Tag: 10000001 Tag2: 1
AS path: I
Flexible IPv6 VXLAN tunnel profile
Action: Encapsulate
Interface: fti0.6 (Index: 10921)
VNI: 10000001
Source Prefix: 2001:db8:255::2/128
Source UDP Port Range: 54614 - 60074
Destination Address: 2001:db8:80:1:1:1:0:1
Destination UDP Port: 4790
VXLAN Flags: 0x08
...

IS-IS Feature Guide
show route forwarding-table

Syntax (MX Series Routers) on page 808
Syntax (TX Matrix and TX Matrix Plus Routers) on page 808
Syntax show route forwarding-table

<detail | extensive | summary>
<all>
<ccc interface-name>
<destination destination-prefix>
<family family | matching matching>
<interface-name interface-name>
<label name>
<matching matching>
<multicast>
<table (default | logical-system-name/routing-instance-name | routing-instance-name)>
<vlan (all | vlan-name)>
<vpn vpn>
Syntax (MX Series show route forwarding-table

Routers) <detail | extensive | summary>
<all>
<bridge-domain (all | domain-name)>
<label name>
<learning-vlan-id learning-vlan-id>
<matching matching>
<multicast>
<table (default | logical-system-name/routing-instance-name | routing-instance-name)>
<vlan (all | vlan-name)>
<vpn vpn>
Syntax (TX Matrix and show route forwarding-table

TX Matrix Plus <detail | extensive | summary>
Routers) <all>
<matching matching>
<label name>
<lcc number>
<multicast>
<table routing-instance-name>
<vpn vpn>


Option bridge-domain introduced in Junos OS Release 7.5
Option learning-vlan-id introduced in Junos OS Release 8.4
Options all and vlan introduced in Junos OS Release 9.6.
Description Display the Routing Engine's forwarding table, including the network-layer prefixes and
their next hops. This command is used to help verify that the routing protocol process
has relayed the correction information to the forwarding table. The Routing Engine
constructs and maintains one or more routing tables. From the routing tables, the Routing
Engine derives a table of active routes, called the forwarding table.
NOTE: The Routing Engine copies the forwarding table to the Packet
Forwarding Engine, the part of the router that is responsible for forwarding
packets. To display the entries in the Packet Forwarding Engine's forwarding
table, use the show pfe route command.
Options none—Display the routes in the forwarding tables. By default, the show route
forwarding-table command does not display information about private, or internal,
forwarding tables.
detail | extensive | summary—(Optional) Display the specified level of output.
all—(Optional) Display routing table entries for all forwarding tables, including private,
or internal, tables.
bridge-domain (all | bridge-domain-name)—(MX Series routers only) (Optional) Display

route entries for all bridge domains or the specified bridge domain.
ccc interface-name—(Optional) Display route entries for the specified circuit

cross-connect interface.
destination destination-prefix—(Optional) Destination prefix.
family family—(Optional) Display routing table entries for the specified family: bridge
(ccc | destination | detail | extensive | interface-name | label | learning-vlan-id | matching
| multicast | summary | table | vlan | vpn), ethernet-switching, evpn, fibre-channel,
fmembers, inet, inet6, iso, mcsnoop-inet, mcsnoop-inet6, mpls, satellite-inet,
satellite-inet6, satellite-vpls, tnp, unix, vpls, or vlan-classification.
interface-name interface-name—(Optional) Display routing table entries for the specified

interface.
label name—(Optional) Display route entries for the specified label.
lcc number—(TX Matrix and TX matrix Plus routers only) (Optional) On a routing matrix
composed of a TX Matrix router and T640 routers, display information for the

IS-IS Feature Guide
specified T640 router (or line-card chassis) connected to the TX Matrix router. On
a routing matrix composed of the TX Matrix Plus router and T1600 or T4000 routers,
display information for the specified router (line-card chassis) connected to the TX
Matrix Plus router.
Replace number with the following values depending on the LCC configuration:
• 0 through 3, when T640 routers are connected to a TX Matrix router in a routing

matrix.
• 0 through 3, when T1600 routers are connected to a TX Matrix Plus router in a

routing matrix.
• 0 through 7, when T1600 routers are connected to a TX Matrix Plus router with 3D
SIBs in a routing matrix.
• 0, 2, 4, or 6, when T4000 routers are connected to a TX Matrix Plus router with

3D SIBs in a routing matrix.
learning-vlan-id learning-vlan-id—(MX Series routers only) (Optional) Display learned

information for all VLANs or for the specified VLAN.
matching matching—(Optional) Display routing table entries matching the specified

prefix or prefix length.
multicast—(Optional) Display routing table entries for multicast routes.
table —(Optional) Display route entries for all the routing tables in the main routing
instance or for the specified routing instance. If your device supports logical systems,
you can also display route entries for the specified logical system and routing instance.
To view the routing instances on your device, use the show route instance command.
vlan (all | vlan-name)—(Optional) Display information for all VLANs or for the specified
VLAN.
vpn vpn—(Optional) Display routing table entries for a specified VPN.

Level
List of Sample Output show route forwarding-table on page 815

show route forwarding-table detail on page 816
show route forwarding-table destination extensive (Weights and Balances) on page 816
show route forwarding-table extensive on page 817
show route forwarding-table extensive (RPF) on page 818
show route forwarding-table extensive (PIM using point-to-multipoint
mode) on page 819
show route forwarding-table (dynamic list next hop) on page 819
show route forwarding-table family mpls on page 820
show route forwarding-table family mpls ccc ge-0/0/1.1004 on page 820
show route forwarding-table family vpls on page 821

show route forwarding-table vpls (Broadcast, unknown unicast, and multicast (BUM)
hashing is enabled) on page 821
show route forwarding-table vpls (Broadcast, unknown unicast, and multicast (BUM)
hashing is enabled with MAC Statistics) on page 821
show route forwarding-table family vpls extensive on page 822
show route forwarding-table table default on page 823
show route forwarding-table table
logical-system-name/routing-instance-name on page 824
show route forwarding-table vpn on page 825
Output Fields Table 40 on page 811 lists the output fields for the show route forwarding-table command.
Output fields are listed in the approximate order in which they appear. Field names might
be abbreviated (as shown in parentheses) when no level of output is specified, or when
the detail keyword is used instead of the extensive keyword.
Table 40: show route forwarding-table Output Fields
Logical system Name of the logical system. This field is displayed if you specify the table All levels
logical-system-name/routing-instance-name option on a device that is configured
for and supports logical systems.
Routing table Name of the routing table (for example, inet, inet6, mpls). All levels

IS-IS Feature Guide
Table 40: show route forwarding-table Output Fields (continued)
Enabled protocols The features and protocols that have been enabled for a given routing table. All levels
This field can contain the following values:
• BUM hashing—BUM hashing is enabled.

• MAC Stats—Mac Statistics is enabled.
• Bridging—Routing instance is a normal layer 2 bridge.
• No VLAN—No VLANs are associated with the bridge domain.
• All VLANs—The vlan-id all statement has been enabled for this bridge domain.
• Single VLAN—Single VLAN ID is associated with the bridge domain.
• MAC action drop—New MACs will be dropped when the MAC address limit
is reached.
• Dual VLAN—Dual VLAN tags are associated with the bridge domain
• No local switching—No local switching is enabled for this routing instance..
• Learning disabled—Layer 2 learning is disabled for this routing instance.
• MAC limit reached—The maximum number of MAC addresses that was
configured for this routing instance has been reached.
• VPLS—The VPLS protocol is enabled.
• No IRB l2-copy—The no-irb-layer-2-copy feature is enabled for this routing
instance.
• ACKed by all peers—All peers have acknowledged this routing instance.
• BUM Pruning—BUM pruning is enabled on the VPLS instance.
• Def BD VXLAN—VXLAN is enabled for the default bridge domain.
• EVPN—EVPN protocol is enabled for this routing instance.
• Def BD OVSDB—Open vSwitch Database (OVSDB) is enabled on the default
bridge domain.
• Def BD Ingress replication—VXLAN ingress node replication is enabled on the
default bridge domain.
• L2 backhaul—Layer 2 backhaul is enabled.
• FRR optimize—Fast reroute optimization
• MAC pinning—MAC pinning is enabled for this bridge domain.
• MAC Aging Timer—The MAC table aging time is set per routing instance.
• EVPN VXLAN—This routing instance supports EVPN with VXLAN
encapsulation.
• PBBN—This routing instance is configured as a provider backbone bridged
network.
• PBN—This routing instance is configured as a provider bridge network.
• ETREE—The ETREE protocol is enabled on this EVPN routing instance.
• ARP/NDP suppression—EVPN ARP NDP suppression is enabled in this routing
instance.
• Def BD EVPN VXLAN—EVPN VXLAN is enabled for the default bridge domain.
• MPLS control word—Control word is enabled for this MPLS routing instance.
Address family Address family (for example, IP, IPv6, ISO, MPLS, and VPLS). All levels
Destination Destination of the route. detail extensive

Route Type (Type) How the route was placed into the forwarding table. When the detail keyword All levels
is used, the route type might be abbreviated (as shown in parentheses):
• cloned (clon)—(TCP or multicast only) Cloned route.

• destination (dest)—Remote addresses directly reachable through an interface.
• destination down (iddn)—Destination route for which the interface is
unreachable.
• interface cloned (ifcl)—Cloned route for which the interface is unreachable.
• route down (ifdn)—Interface route for which the interface is unreachable.
• ignore (ignr)—Ignore this route.
• interface (intf)—Installed as a result of configuring an interface.
• permanent (perm)—Routes installed by the kernel when the routing table is
initialized.
• user—Routes installed by the routing protocol process or as a result of the
configuration.
Route Reference Number of routes to reference. detail extensive

(RtRef)
Flags Route type flags: extensive
• none—No flags are enabled.

• accounting—Route has accounting enabled.
• cached—Cache route.
• incoming-iface interface-number—Check against incoming interface.
• prefix load balance—Load balancing is enabled for this prefix.
• rt nh decoupled—Route has been decoupled from the next hop to the
destination.
• sent to PFE—Route has been sent to the Packet Forwarding Engine.
• static—Static route.
Next hop IP address of the next hop to the destination. detail extensive
NOTE: For static routes that use point-to-point (P2P) outgoing interfaces, the
next-hop address is not displayed in the output.

IS-IS Feature Guide
Next hop Type Next-hop type. When the detail keyword is used, the next-hop type might be detail extensive
(Type) abbreviated (as indicated in parentheses):
• broadcast (bcst)—Broadcast.
• deny—Deny.
• discard (dscd) —Discard.
• hold—Next hop is waiting to be resolved into a unicast or multicast type.
• indexed (idxd)—Indexed next hop.
• indirect (indr)—Indirect next hop.
• local (locl)—Local address on an interface.
• routed multicast (mcrt)—Regular multicast next hop.
• multicast (mcst)—Wire multicast next hop (limited to the LAN).
• multicast discard (mdsc)—Multicast discard.
• multicast group (mgrp)—Multicast group member.
• receive (recv)—Receive.
• reject (rjct)—Discard. An ICMP unreachable message was sent.
• resolve (rslv)—Resolving the next hop.
• unicast (ucst)—Unicast.
• unilist (ulst)—List of unicast next hops. A packet sent to this next hop goes
to any next hop in the list.
Index Software index of the next hop that is used to route the traffic for a given prefix. detail extensive none
Route Logical interface index from which the route is learned. For example, for interface extensive
interface-index routes, this is the logical interface index of the route itself. For static routes, this
field is zero. For routes learned through routing protocols, this is the logical
interface index from which the route is learned.
Reference (NhRef) Number of routes that refer to this next hop. detail extensive none
Next-hop interface Interface used to reach the next hop. detail extensive none
(Netif)
Weight Value used to distinguish primary, secondary, and fast reroute backup routes. extensive
Weight information is available when MPLS label-switched path (LSP) link
protection, node-link protection, or fast reroute is enabled, or when the standby
state is enabled for secondary paths. A lower weight value is preferred. Among
routes with the same weight value, load balancing is possible (see the Balance
field description).
Balance Balance coefficient indicating how traffic of unequal cost is distributed among extensive
next hops when a router is performing unequal-cost load balancing. This
information is available when you enable BGP multipath load balancing.
RPF interface List of interfaces from which the prefix can be accepted. Reverse path forwarding extensive
(RPF) information is displayed only when rpf-check is configured on the interface.

Sample Output
show route forwarding-table

user@host> show route forwarding-table

Internet:
default perm 0 rjct 46 4
0.0.0.0/32 perm 0 dscd 44 1
172.16.1.0/24 ifdn 0 rslv 608 1 ge-2/0/1.0
172.16.1.0/32 iddn 0 172.16.1.0 recv 606 1 ge-2/0/1.0
172.16.1.1/32 user 0 rjct 46 4
172.16.1.1/32 intf 0 172.16.1.1 locl 607 2
172.16.1.1/32 iddn 0 172.16.1.1 locl 607 2
172.16.1.255/32 iddn 0 ff:ff:ff:ff:ff:ff bcst 605 1 ge-2/0/1.0
10.0.0.0/24 intf 0 rslv 616 1 ge-2/0/0.0
10.0.0.0/32 dest 0 10.0.0.0 recv 614 1 ge-2/0/0.0
10.0.0.1/32 intf 0 10.0.0.1 locl 615 2
10.0.0.1/32 dest 0 10.0.0.1 locl 615 2
10.0.0.255/32 dest 0 10.0.0.255 bcst 613 1 ge-2/0/0.0
10.1.1.0/24 ifdn 0 rslv 612 1 ge-2/0/1.0
10.1.1.0/32 iddn 0 10.1.1.0 recv 610 1 ge-2/0/1.0
10.1.1.1/32 user 0 rjct 46 4
10.1.1.1/32 intf 0 10.1.1.1 locl 611 2
10.1.1.1/32 iddn 0 10.1.1.1 locl 611 2
10.1.1.255/32 iddn 0 ff:ff:ff:ff:ff:ff bcst 609 1 ge-2/0/1.0
10.206.0.0/16 user 0 10.209.63.254 ucst 419 20 fxp0.0
10.209.0.0/16 user 1 0:12:1e:ca:98:0 ucst 419 20 fxp0.0
10.209.0.0/18 intf 0 rslv 418 1 fxp0.0
10.209.0.0/32 dest 0 10.209.0.0 recv 416 1 fxp0.0
10.209.2.131/32 intf 0 10.209.2.131 locl 417 2
10.209.2.131/32 dest 0 10.209.2.131 locl 417 2
10.209.17.55/32 dest 0 0:30:48:5b:78:d2 ucst 435 1 fxp0.0
10.209.63.42/32 dest 0 0:23:7d:58:92:ca ucst 434 1 fxp0.0
10.209.63.254/32 dest 0 0:12:1e:ca:98:0 ucst 419 20 fxp0.0
10.209.63.255/32 dest 0 10.209.63.255 bcst 415 1 fxp0.0
10.227.0.0/16 user 0 10.209.63.254 ucst 419 20 fxp0.0
...
Routing table: iso

ISO:
47.0005.80ff.f800.0000.0108.0003.0102.5524.5220.00
intf 0 locl 28 1
Routing table: inet6

Internet6:
ff00::/8 perm 0 mdsc 4 1
ff02::1/128 perm 0 ff02::1 mcst 3 1
Routing table: ccc

MPLS:
Interface.Label Type RtRef Next hop Type Index NhRef Netif

IS-IS Feature Guide

100004(top)fe-0/0/1.0
show route forwarding-table detail

user@host> show route forwarding-table detail
Routing table: inet

Internet:
default user 2 0:90:69:8e:b1:1b ucst 132 4 fxp0.0
10.1.1.0/24 intf 0 ff.3.0.21 ucst 322 1 so-5/3/0.0
10.1.1.0/32 dest 0 10.1.1.0 recv 324 1 so-5/3/0.0
10.1.1.1/32 intf 0 10.1.1.1 locl 321 1
10.1.1.255/32 dest 0 10.1.1.255 bcst 323 1 so-5/3/0.0
10.21.21.0/24 intf 0 ff.3.0.21 ucst 326 1 so-5/3/0.0
10.21.21.0/32 dest 0 10.21.21.0 recv 328 1 so-5/3/0.0
10.21.21.1/32 intf 0 10.21.21.1 locl 325 1
10.21.21.255/32 dest 0 10.21.21.255 bcst 327 1 so-5/3/0.0
127.0.0.1/32 intf 0 127.0.0.1 locl 320 1
172.17.28.19/32 clon 1 192.168.4.254 ucst 132 4 fxp0.0
172.17.28.44/32 clon 1 192.168.4.254 ucst 132 4 fxp0.0
...
Routing table: private1__.inet

Internet:
10.0.0.0/8 intf 0 rslv 136 1 fxp1.0
10.0.0.0/32 dest 0 10.0.0.0 recv 134 1 fxp1.0
10.0.0.4/32 intf 0 10.0.0.4 locl 135 2
10.0.0.4/32 dest 0 10.0.0.4 locl 135 2
...
Routing table: iso

ISO:
Routing table: inet6

Internet6:
ff02::1/128 perm 0 ff02::1 mcst 17 1
...
Routing table: mpls

MPLS:
show route forwarding-table destination extensive (Weights and Balances)

user@host> show route forwarding-table destination 3.4.2.1 extensive

Routing table: inet [Index 0]

Internet:
Destination: 3.4.2.1/32
Route type: user
Route reference: 0 Route interface-index: 0
Flags: sent to PFE
Next-hop type: unilist Index: 262143 Reference: 1
Nexthop: 172.16.4.4
Next-hop type: unicast Index: 335 Reference: 2
Next-hop interface: so-1/1/0.0 Weight: 22 Balance: 3
Nexthop: 145.12.1.2
Next-hop interface: so-0/1/2.0 Weight: 33 Balance: 33
show route forwarding-table extensive

user@host> show route forwarding-table extensive

Internet:
Destination: default
Route type: user
Flags: sent to PFE
Nexthop: 00:00:5E:00:53:1b
Next-hop interface: fxp0.0
Route type: permanent
Flags: none
Next-hop type: reject Index: 14 Reference: 1
Route type: interface
Flags: sent to PFE
Nexthop: 127.0.0.1
Next-hop type: local Index: 320 Reference: 1
...
Routing table: private1__.inet [Index 1]

Internet:
Flags: sent to PFE
Flags: sent to PFE
Next-hop type: resolve Index: 136 Reference: 1
Next-hop interface: fxp1.0

IS-IS Feature Guide
...
Routing table: iso [Index 0]

ISO:
Flags: sent to PFE
Routing table: inet6 [Index 0]

Internet6:
Flags: sent to PFE
Destination: ff00::/8
Flags: sent to PFE
Next-hop type: multicast discard Index: 21 Reference: 1
...
Routing table: private1__.inet6 [Index 1]

Internet6:
Flags: sent to PFE
Destination: fe80::2a0:a5ff:fe3d:375/128
Flags: sent to PFE
Nexthop: fe80::2a0:a5ff:fe3d:375
Next-hop type: local Index: 75 Reference: 1
...
show route forwarding-table extensive (RPF)
The next example is based on the following configuration, which enables an RPF check
on all routes that are learned from this interface, including the interface route:
so-1/1/0 {
unit 0 {
family inet {
rpf-check;
address 192.0.2.2/30;
}

}
}

Internet:
...
...
Route type: destination
Flags: sent to PFE
Nexthop: 192.0.2.3
Next-hop type: broadcast Index: 328 Reference: 1
Next-hop interface: so-1/1/0.0
RPF interface: so-1/1/0.0
show route forwarding-table extensive (PIM using point-to-multipoint mode)

Destination: 198.51.100.0/24
Route type: user
Multicast RPF nh index: 0
P2mpidx: 0
Flags: cached, check incoming interface , accounting, sent to PFE, rt nh
decoupled
Next-hop type: indirect Index: 1048575 Reference: 4
Nexthop:
Next-hop type: composite Index: 627 Reference: 1
Next-hop interface: st0.1, 192.0.2.0
show route forwarding-table (dynamic list next hop)
The show route forwarding table output shows the two next hop elements for a
multihomed EVPN destination.
user@host> show route forwarding-table label 299952 extensive
MPLS:
Destination: 299952
Route type: user
P2mpidx: 0
Flags: sent to PFE, rt nh decoupled
Nexthop:
Nexthop: 1.0.0.4
Next-hop type: Push 301632, Push 299776(top) Index: 600 Reference: 2
Load Balance Label: None

IS-IS Feature Guide
Next-hop interface: ge-0/0/1.0

Nexthop: 1.0.0.4
After one of the PE router has been disabled in the EVPN multihomed network, the same
show route forwarding table output command shows one next hop element and one
empty next hop element.
user@host> show route forwarding-table label 299952 extensive
Routing table: default.mpls [Index 0]

MPLS:
Destination: 299952
Route type: user
P2mpidx: 0
Flags: sent to PFE, rt nh decoupled
Nexthop:
Nexthop: 1.0.0.4
show route forwarding-table family mpls

user@host> show route forwarding-table family mpls
Routing table: mpls

MPLS:
0 user 0 recv 18 3
1 user 0 recv 18 3
2 user 0 recv 18 3
100000 user 0 10.31.1.6 swap 100001 fe-1/1/0.0
800002 user 0 Pop vt-0/3/0.32770
vt-0/3/0.32770 (VPLS)
user 0 indr 351 4
Push 800000, Push 100002(top)
so-0/0/0.0
show route forwarding-table family mpls ccc ge-0/0/1.1004

user@host>show route forwarding-table mpls ccc ge-0/0/1.1004

MPLS:
ge-0/0/1.1004 (CCC) user 0 ulst 1048577 2
comp 754 3

comp 755 3
comp 756 3

MPLS:
show route forwarding-table family vpls

user@host> show route forwarding-table family vpls
Routing table: green.vpls

VPLS:
default dynm 0 flood 353 1
fe-0/1/0.0 dynm 0 flood 355 1
00:00:5E:00:53:1f/48 <<<<<Remote CE
dynm 0 indr 351 4

Push 800000, Push 100002(top)
so-0/0/0.0
00:00:5E:00:53:1f/48 <<<<<<Local CE
dynm 0 ucst 354 2 fe-0/1/0.0
show route forwarding-table vpls (Broadcast, unknown unicast, and multicast (BUM) hashing is enabled)
user@host> show route forwarding-table vpls

VPLS:
Enabled protocols: BUM hashing
lsi.1048832 intf 0 indr 1048574 4
172.16.3.2 Push 262145 621 2
ge-3/0/0.0
00:00:5E:00:53:01/48 user 0 ucst 590 5 ge-2/3/9.0
0x30003/51 user 0 comp 627 2
ge-2/3/9.0 intf 0 ucst 590 5 ge-2/3/9.0
ge-3/1/3.0 intf 0 ucst 619 4 ge-3/1/3.0
0x30002/51 user 0 comp 600 2
0x30001/51 user 0 comp 597 2
show route forwarding-table vpls (Broadcast, unknown unicast, and multicast (BUM) hashing is enabled with
MAC Statistics)
user@host> show route forwarding-table vpls

VPLS:
Enabled protocols: BUM hashing, MAC Stats
lsi.1048834 intf 0 indr 1048574 4
172.16.3.2 Push 262145 592 2

IS-IS Feature Guide
ge-3/0/0.0
00:19:e2:25:d0:01/48 user 0 ucst 590 5 ge-2/3/9.0
0x30003/51 user 0 comp 630 2
ge-2/3/9.0 intf 0 ucst 590 5 ge-2/3/9.0
ge-3/1/3.0 intf 0 ucst 591 4 ge-3/1/3.0
0x30002/51 user 0 comp 627 2
0x30001/51 user 0 comp 624 2
show route forwarding-table family vpls extensive

user@host> show route forwarding-table family vpls extensive
Routing table: green.vpls [Index 2]

VPLS:
Route type: dynamic
Flags: sent to PFE
Next-hop type: flood Index: 289 Reference: 1
Next-hop interface: fe-0/1/3.0
Flags: none
Next-hop type: discard Index: 341 Reference: 1
Destination: fe-0/1/2.0
Route type: dynamic
Flags: sent to PFE
Next-hop type: Push 800016
Next-hop interface: at-1/0/1.0
Next hop: 10.31.3.2
Destination: fe-0/1/3.0
Route type: dynamic
Flags: sent to PFE
Next-hop interface: at-1/0/1.0
Next hop: 10.31.3.2

Destination: 00:00:5E:00:53:01/48
Route type: dynamic
Flags: sent to PFE, prefix load balance
Route used as destination:
Packet count: 6640 Byte count: 675786
Route used as source
Destination: 00:00:5E:00:53:04/48
Route type: dynamic
Route used as destination:
Route used as source:
Destination: 00:00:5E:00:53:05/48
Route type: dynamic
Next hop: 10.31.3.2
show route forwarding-table table default

user@host> show route forwarding-table table default

Internet:
0.0.0.0/32 perm 0 dscd 34 1
10.0.60.0/30 user 0 10.0.60.13 ucst 713 5 fe-0/1/3.0
10.0.60.12/30 intf 0 rslv 688 1 fe-0/1/3.0
10.0.60.12/32 dest 0 10.0.60.12 recv 686 1 fe-0/1/3.0
10.0.60.13/32 dest 0 0:5:85:8b:bc:22 ucst 713 5 fe-0/1/3.0
10.0.60.14/32 intf 0 10.0.60.14 locl 687 2
10.0.60.14/32 dest 0 10.0.60.14 locl 687 2
10.0.60.15/32 dest 0 10.0.60.15 bcst 685 1 fe-0/1/3.0
10.0.67.12/30 user 0 10.0.60.13 ucst 713 5 fe-0/1/3.0
10.0.80.0/30 ifdn 0 ff.3.0.21 ucst 676 1 so-0/0/1.0
10.0.80.0/32 dest 0 10.0.80.0 recv 678 1 so-0/0/1.0
10.0.80.2/32 user 0 rjct 36 2
10.0.80.2/32 intf 0 10.0.80.2 locl 675 1
10.0.80.3/32 dest 0 10.0.80.3 bcst 677 1 so-0/0/1.0
10.0.90.12/30 intf 0 rslv 684 1 fe-0/1/0.0
10.0.90.12/32 dest 0 10.0.90.12 recv 682 1 fe-0/1/0.0
10.0.90.14/32 intf 0 10.0.90.14 locl 683 2
10.0.90.14/32 dest 0 10.0.90.14 locl 683 2
10.0.90.15/32 dest 0 10.0.90.15 bcst 681 1 fe-0/1/0.0
10.5.0.0/16 user 0 192.168.187.126 ucst 324 15 fxp0.0

IS-IS Feature Guide
10.10.0.0/16 user 0 192.168.187.126 ucst 324 15 fxp0.0

10.13.10.0/23 user 0 192.168.187.126 ucst 324 15 fxp0.0
10.84.0.0/16 user 0 192.168.187.126 ucst 324 15 fxp0.0
10.150.0.0/16 user 0 192.168.187.126 ucst 324 15 fxp0.0
10.157.64.0/19 user 0 192.168.187.126 ucst 324 15 fxp0.0
10.209.0.0/16 user 0 192.168.187.126 ucst 324 15 fxp0.0
...
Routing table: default.iso

ISO:
Routing table: default.inet6

Internet6:
::/128 perm 0 dscd 42 1
ff02::1/128 perm 0 ff02::1 mcst 39 1

MPLS:
show route forwarding-table table logical-system-name/routing-instance-name

user@host> show route forwarding-table table R4/vpn-red
Logical system: R4
Routing table: vpn-red.inet
Internet:
0.0.0.0/32 perm 0 dscd 561 2
172.16.0.1/32 user 0 dscd 561 2
172.16.2.0/24 intf 0 rslv 771 1 ge-1/2/0.3
172.16.2.0/32 dest 0 172.16.2.0 recv 769 1 ge-1/2/0.3
172.16.2.1/32 intf 0 172.16.2.1 locl 770 2
172.16.2.1/32 dest 0 172.16.2.1 locl 770 2
172.16.2.2/32 dest 0 0.4.80.3.0.1b.c0.d5.e4.bd.0.1b.c0.d5.e4.bc.8.0
ucst 789 1 ge-1/2/0.3
172.16.2.255/32 dest 0 172.16.2.255 bcst 768 1 ge-1/2/0.3
172.16.233.0/4 perm 1 mdsc 562 1
172.16.233.1/32 perm 0 172.16.233.1 mcst 558 1
255.255.255.255/32 perm 0 bcst 559 1
Logical system: R4
Routing table: vpn-red.iso
ISO:
Logical system: R4
Routing table: vpn-red.inet6
Internet6:

::/128 perm 0 dscd 706 1

ff00::/8 perm 0 mdsc 707 1
ff02::1/128 perm 0 ff02::1 mcst 704 1
Logical system: R4
Routing table: vpn-red.mpls
MPLS:
default perm 0 dscd 638
show route forwarding-table vpn

user@host> show route forwarding-table vpn VPN-A
Routing table:: VPN-A.inet

Internet:
Destination Type RtRef Nexthop Type Index NhRef Netif
10.39.10.20/30 intf 0 ff.3.0.21 ucst 40 1
so-0/0/0.0
10.39.10.21/32 intf 0 10.39.10.21 locl 36 1
10.255.14.172/32 user 0 ucst 69 2
so-0/0/0.0
10.255.14.175/32 user 0 indr 81 3
Push 100004, Push
100004(top) so-1/0/0.0
172.16.233.0/4 perm 2 mdsc 5 3
172.16.233.1/32 perm 0 172.16.233.1 mcst 1 8
172.16.233.5/32 user 1 172.16.233.5 mcst 1 8
255.255.255.255/32 perm 0 bcst 2 3
On QFX5200, the results for this command look like this:
show route forwarding-table family mpls

MPLS:
0 user 0 recv 64 4
1 user 0 recv 64 4
2 user 0 recv 64 4
13 user 0 recv 64 4
300384 user 0 9.1.1.1 Pop 1711 2 xe-0/0/34.0
300384(S=0) user 0 9.1.1.1 Pop 1712 2 xe-0/0/34.0
300400 user 0 ulst 131071 2
10.1.1.2 Pop 1713 1 xe-0/0/38.0
172.16.11.2 Pop 1714 1 xe-0/0/40.0
300400(S=0) user 0 ulst 131072 2
10.1.1.2 Pop 1715 1 xe-0/0/38.0
172.16.11.2 Pop 1716 1 xe-0/0/40.0

MPLS:

IS-IS Feature Guide
show route hidden
Syntax show route hidden

Description Display only hidden route information. A hidden route is unusable, even if it is the best
path.


Level
Related • Understanding Hidden Routes

Documentation
List of Sample Output show route hidden on page 826

show route hidden detail on page 827
show route hidden extensive on page 827
show route hidden terse on page 828
Output Fields For information about output fields, see the output field table for the show route
Sample Output
show route hidden

user@host> show route hidden

Restart Complete
127.0.0.1/32 [Direct/0] 04:26:38
> via lo0.0
red.inet.0: 6 destinations, 8 routes (4 active, 0 holddown, 3 hidden)

Restart Complete


AS path: 100 I
Unusable
AS path: 100 I
Unusable
AS path: I
Unusable
...
show route hidden detail

user@host> show route hidden detail

Restart Complete
State: <Hidden Martian Int>
Local AS: 1
Age: 4:27:37
Task: IF
AS path: I

Restart Complete

Next hop type: Unusable
State: <Secondary Hidden Int Ext>
Age: 3:45:09
Task: BGP_1.10.4.4.4+2493
AS path: 100 I
VPN Label: 100064
Localpref: 100
Router ID: 10.4.4.4
...
show route hidden extensive
The output for the show route hidden extensive command is identical to that of the show
route hidden detail command. For sample output, see show route hidden detail on
page 827.

IS-IS Feature Guide
show route hidden terse

user@host> show route hidden terse

Restart Complete

127.0.0.1/32 D 0 >lo0.0

Restart Complete

10.5.5.5/32 B 170 100 Unusable 100 I
10.12.1.0/24 B 170 100 Unusable 100 I
10.12.80.4/30 B 170 100 Unusable I

Restart Complete

Restart Complete
bgp.l3vpn.0: 3 destinations, 3 routes (0 active, 0 holddown, 3 hidden)

Restart Complete

10.4.4.4:4:10.5.5.5/32
B 170 100 Unusable 100 I
10.4.4.4:4:10.12.1.0/24
B 170 100 Unusable 100 I
10.4.4.4:4:10.12.80.4/30
B 170 100 Unusable I

Restart Complete
private1__.inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

show route inactive-path

Syntax show route inactive-path

Syntax (EX Series show route inactive-path


Description Display routes for destinations that have no active route. An inactive route is a route that
was not selected as the best path.
Options none—Display all inactive routes.


Level
Related • show route active-path on page 745

Documentation
List of Sample Output show route inactive-path on page 829

show route inactive-path detail on page 830
show route inactive-path extensive on page 831
show route inactive-path terse on page 831
Sample Output
show route inactive-path

user@host> show route inactive-path

IS-IS Feature Guide

Restart Complete
10.12.100.12/30 [OSPF/10] 03:57:28, metric 1

> via so-0/3/0.0

10.0.0.0/8 [Direct/0] 04:39:56

> via fxp1.0

Restart Complete
10.12.80.0/30 [BGP/170] 04:38:17, localpref 100

AS path: 100 I
> to 10.12.80.1 via ge-6/3/2.0

Restart Complete

Restart Complete

Restart Complete

Restart Complete
show route inactive-path detail

user@host> show route inactive-path detail

Restart Complete

OSPF Preference: 10
State: <Int>
Local AS: 1
Area: 0.0.0.0
Task: OSPF
AS path: I



State: <NotBest Int>
Inactive reason: No difference
Age: 4:40:52
Task: IF
AS path: I

Restart Complete

Source: 10.12.80.1
State: <Ext>
Peer AS: 100
Age: 4:39:13
Task: BGP_100.10.12.80.1+179
AS path: 100 I
Localpref: 100
Router ID: 10.0.0.0
show route inactive-path extensive
The output for the show route inactive-path extensive command is identical to that of
the show route inactive-path detail command. For sample output, see show route
inactive-path detail on page 830.
show route inactive-path terse

user@host> show route inactive-path terse

Restart Complete

10.12.100.12/30 O 10 1 >so-0/3/0.0


10.0.0.0/8 D 0 >fxp1.0

Restart Complete

10.12.80.0/30 B 170 100 >10.12.80.1 100 I

IS-IS Feature Guide

Restart Complete

Restart Complete

Restart Complete

Restart Complete

show route instance

Syntax show route instance

<brief | detail | summary>
<instance-name>
<operational>
Syntax (EX Series show route instance

Switches and QFX <brief | detail | summary>
Series) <instance-name>
<operational>

Description Display routing instance information.
Options none—(Same as brief) Display standard information about all routing instances.
brief | detail | summary—(Optional) Display the specified level of output. If you do not
specify a level of output, the system defaults to brief. (These options are not available
with the operational keyword.)
instance-name—(Optional) Display information for all routing instances whose name

begins with this string (for example, cust1, cust11, and cust111 are all displayed when
you run the show route instance cust1 command).

operational—(Optional) Display operational routing instances.

Level
Related • Example: Transporting IPv6 Traffic Across IPv4 Using Filter-Based Tunneling
Documentation
• Example: Configuring the Helper Capability Mode for OSPFv3 Graceful Restart
List of Sample Output show route instance on page 835

show route instance detail (Graceful Restart Complete) on page 835

IS-IS Feature Guide
show route instance detail (Graceful Restart Incomplete) on page 837

show route instance detail (VPLS Routing Instance) on page 839
show route instance operational on page 839
show route instance summary on page 839
Output Fields Table 41 on page 834 lists the output fields for the show route instance command. Output
Table 41: show route instance Output Fields
Instance or instance-name Name of the routing instance. All levels
Operational Routing Instances (operational keyword only) Names of all operational routing —
instances.
Type Type of routing instance: forwarding, l2vpn, no-forwarding, vpls, All levels
virtual-router, or vrf.
State State of the routing instance: active or inactive. brief detail none
Interfaces Name of interfaces belonging to this routing instance. brief detail none
Restart State Status of graceful restart for this instance: Pending or Complete. detail
Path selection timeout Maximum amount of time, in seconds, remaining until graceful detail
restart is declared complete. The default is 300.
Tables Tables (and number of routes) associated with this routing instance. brief detail none
Route-distinguisher Unique route distinguisher associated with this routing instance. detail
Vrf-import VPN routing and forwarding instance import policy name. detail
Vrf-export VPN routing and forwarding instance export policy name. detail
Vrf-import-target VPN routing and forwarding instance import target community detail
name.
Vrf-export-target VPN routing and forwarding instance export target community name. detail
Vrf-edge-protection-id Context identifier configured for edge-protection. detail
Fast-reroute-priority Fast reroute priority setting for a VPLS routing instance: high, medium, detail
or low. The default is low.
Restart State Restart state: detail
• Pending:protocol-name—List of protocols that have not yet

completed graceful restart for this routing table.
• Complete—All protocols have restarted for this routing table.

Table 41: show route instance Output Fields (continued)
Primary rib Primary table for this routing instance. brief none summary
Active/holddown/hidden Number of active, hold-down, and hidden routes. All levels
Sample Output
show route instance

user@host> show route instance
Instance Type
Primary RIB Active/holddown/hidden
master forwarding
inet.0 16/0/1
iso.0 1/0/0
mpls.0 0/0/0
inet6.0 2/0/0
l2circuit.0 0/0/0
__juniper_private1__ forwarding
__juniper_private1__.inet.0 12/0/0
__juniper_private1__.inet6.0 1/0/0
show route instance detail (Graceful Restart Complete)

user@host> show route instance detail
master:
Router ID: 10.255.14.176
Type: forwarding State: Active
Restart State: Complete Path selection timeout: 300
Tables:
inet.0 : 17 routes (15 active, 0 holddown, 1 hidden)
Restart Complete
Restart Complete
iso.0 : 1 routes (1 active, 0 holddown, 0 hidden)
Restart Complete
mpls.0 : 19 routes (19 active, 0 holddown, 0 hidden)
Restart Complete
bgp.l3vpn.0 : 10 routes (10 active, 0 holddown, 0 hidden)
Restart Complete
inet6.0 : 2 routes (2 active, 0 holddown, 0 hidden)
Restart Complete
Restart Complete
BGP-INET:
Router ID: 10.69.103.1
Type: vrf State: Active
Interfaces:
t3-0/0/0.103
Route-distinguisher: 10.255.14.176:103
Vrf-import: [ BGP-INET-import ]
Vrf-export: [ BGP-INET-export ]

IS-IS Feature Guide
Tables:
BGP-INET.inet.0 : 4 routes (4 active, 0 holddown, 0 hidden)
Restart Complete
BGP-L:
Router ID: 10.69.104.1
Interfaces:
t3-0/0/0.104
Vrf-import: [ BGP-L-import ]
Vrf-export: [ BGP-L-export ]
Tables:
BGP-L.inet.0 : 4 routes (4 active, 0 holddown, 0 hidden)
Restart Complete
BGP-L.mpls.0 : 3 routes (3 active, 0 holddown, 0 hidden)
Restart Complete
L2VPN:
Router ID: 0.0.0.0
Type: l2vpn State: Active
Interfaces:
t3-0/0/0.512
Vrf-import: [ L2VPN-import ]
Vrf-export: [ L2VPN-export ]
Tables:
L2VPN.l2vpn.0 : 2 routes (2 active, 0 holddown, 0 hidden)
Restart Complete
LDP:
Router ID: 10.69.105.1
Interfaces:
t3-0/0/0.105
Vrf-import: [ LDP-import ]
Vrf-export: [ LDP-export ]
Tables:
LDP.inet.0 : 5 routes (4 active, 0 holddown, 0 hidden)
Restart Complete
OSPF:
Router ID: 10.69.101.1
Interfaces:
t3-0/0/0.101
Vrf-import: [ OSPF-import ]
Vrf-export: [ OSPF-export ]
Vrf-import-target: [ target:11111
Tables:
OSPF.inet.0 : 8 routes (7 active, 0 holddown, 0 hidden)
Restart Complete
RIP:
Router ID: 10.69.102.1
Interfaces:
t3-0/0/0.102

Vrf-import: [ RIP-import ]
Vrf-export: [ RIP-export ]
Tables:
RIP.inet.0 : 6 routes (6 active, 0 holddown, 0 hidden)
Restart Complete
STATIC:
Router ID: 10.69.100.1
Interfaces:
t3-0/0/0.100
Vrf-import: [ STATIC-import ]
Vrf-export: [ STATIC-export ]
Tables:
STATIC.inet.0 : 4 routes (4 active, 0 holddown, 0 hidden)
Restart Complete
show route instance detail (Graceful Restart Incomplete)

user@host> show route instance detail
master:
Router ID: 10.255.14.176
Type: forwarding State: Active
Restart State: Pending Path selection timeout: 300
Tables:
Restart Pending: OSPF LDP
Restart Pending: OSPF LDP
iso.0 : 1 routes (1 active, 0 holddown, 0 hidden)
Restart Complete
mpls.0 : 23 routes (23 active, 0 holddown, 0 hidden)
Restart Pending: LDP VPN
Restart Pending: BGP VPN
inet6.0 : 2 routes (2 active, 0 holddown, 0 hidden)
Restart Complete
Restart Pending: BGP VPN
BGP-INET:
Router ID: 10.69.103.1
Interfaces:
t3-0/0/0.103
Vrf-import: [ BGP-INET-import ]
Vrf-export: [ BGP-INET-export ]
Tables:
BGP-INET.inet.0 : 6 routes (5 active, 0 holddown, 0 hidden)
Restart Pending: VPN
BGP-L:
Router ID: 10.69.104.1
Interfaces:
t3-0/0/0.104

IS-IS Feature Guide
Vrf-import: [ BGP-L-import ]
Vrf-export: [ BGP-L-export ]
Tables:
BGP-L.inet.0 : 6 routes (5 active, 0 holddown, 0 hidden)
BGP-L.mpls.0 : 2 routes (2 active, 0 holddown, 0 hidden)
L2VPN:
Router ID: 0.0.0.0
Type: l2vpn State: Active
Interfaces:
t3-0/0/0.512
Vrf-import: [ L2VPN-import ]
Vrf-export: [ L2VPN-export ]
Tables:
L2VPN.l2vpn.0 : 2 routes (2 active, 0 holddown, 0 hidden)
Restart Pending: VPN L2VPN
LDP:
Router ID: 10.69.105.1
Interfaces:
t3-0/0/0.105
Vrf-import: [ LDP-import ]
Vrf-export: [ LDP-export ]
Tables:
LDP.inet.0 : 5 routes (4 active, 1 holddown, 0 hidden)
Restart Pending: OSPF LDP VPN
OSPF:
Router ID: 10.69.101.1
Interfaces:
t3-0/0/0.101
Vrf-import: [ OSPF-import ]
Vrf-export: [ OSPF-export ]
Tables:
OSPF.inet.0 : 8 routes (7 active, 1 holddown, 0 hidden)
Restart Pending: OSPF VPN
RIP:
Router ID: 10.69.102.1
Interfaces:
t3-0/0/0.102
Vrf-import: [ RIP-import ]
Vrf-export: [ RIP-export ]
Tables:
RIP.inet.0 : 8 routes (6 active, 2 holddown, 0 hidden)
Restart Pending: RIP VPN
STATIC:
Router ID: 10.69.100.1

Interfaces:
t3-0/0/0.100
Vrf-import: [ STATIC-import ]
Vrf-export: [ STATIC-export ]
Tables:
STATIC.inet.0 : 4 routes (4 active, 0 holddown, 0 hidden)
show route instance detail (VPLS Routing Instance)

user@host> show route instance detail test-vpls
test-vpls:
Router ID: 0.0.0.0
Type: vpls State: Active
Interfaces:
lsi.1048833
lsi.1048832
fe-0/1/0.513
Vrf-import: [ __vrf-import-test-vpls-internal__ ]
Vrf-export: [ __vrf-export-test-vpls-internal__ ]
Vrf-import-target: [ target:300:1 ]
Vrf-export-target: [ target:300:1 ]
Vrf-edge-protection-id: 166.1.3.1 Fast-reroute-priority: high
Tables:
test-vpls.l2vpn.0 : 3 routes (3 active, 0 holddown, 0 hidden)
show route instance operational

user@host> show route instance operational
Operational Routing Instances:
master
default
show route instance summary

user@host> show route instance summary
Instance Type Primary rib Active/holddown/hidden

master forwarding
inet.0 15/0/1
iso.0 1/0/0
mpls.0 35/0/0
l3vpn.0 0/0/0
inet6.0 2/0/0
l2vpn.0 0/0/0
l2circuit.0 0/0/0
BGP-INET vrf
BGP-INET.inet.0 5/0/0
BGP-INET.iso.0 0/0/0
BGP-INET.inet6.0 0/0/0
BGP-L vrf
BGP-L.inet.0 5/0/0
BGP-L.iso.0 0/0/0
BGP-L.mpls.0 4/0/0

IS-IS Feature Guide
BGP-L.inet6.0 0/0/0
L2VPN l2vpn
L2VPN.inet.0 0/0/0
L2VPN.iso.0 0/0/0
L2VPN.inet6.0 0/0/0
L2VPN.l2vpn.0 2/0/0
LDP vrf
LDP.inet.0 4/0/0
LDP.iso.0 0/0/0
LDP.mpls.0 0/0/0
LDP.inet6.0 0/0/0
LDP.l2circuit.0 0/0/0
OSPF vrf
OSPF.inet.0 7/0/0
OSPF.iso.0 0/0/0
OSPF.inet6.0 0/0/0
RIP vrf
RIP.inet.0 6/0/0
RIP.iso.0 0/0/0
RIP.inet6.0 0/0/0
STATIC vrf
STATIC.inet.0 4/0/0
STATIC.iso.0 0/0/0
STATIC.inet6.0 0/0/0

show route next-hop

Syntax show route next-hop next-hop

Syntax (EX Series show route next-hop next-hop


Description Display the entries in the routing table that are being sent to the specified next-hop
address.
Options brief | detail | extensive | terse—(Optional) Display the specified level of ouput.

next-hop—Next-hop address.

Level
List of Sample Output show route next-hop on page 841

show route next-hop detail on page 842
show route next-hop extensive on page 844
show route next-hop terse on page 846
Sample Output
show route next-hop

user@host> show route next-hop 192.168.71.254

Restart Complete

IS-IS Feature Guide
10.10.0.0/16 *[Static/5] 06:26:25

> to 192.168.71.254 via fxp0.0
10.209.0.0/16 *[Static/5] 06:26:25
> to 192.168.71.254 via fxp0.0
172.16.0.0/12 *[Static/5] 06:26:25
> to 192.168.71.254 via fxp0.0
192.168.0.0/16 *[Static/5] 06:26:25
> to 192.168.71.254 via fxp0.0
192.168.102.0/23 *[Static/5] 06:26:25
> to 192.168.71.254 via fxp0.0
207.17.136.0/24 *[Static/5] 06:26:25
> to 192.168.71.254 via fxp0.0
207.17.136.192/32 *[Static/5] 06:26:25
> to 192.168.71.254 via fxp0.0

Restart Complete

Restart Complete

Restart Complete

Restart Complete
show route next-hop detail

user@host> show route next-hop 192.168.71.254 detail

Restart Complete
Local AS: 1
Age: 6:27:41
Task: RT
Announcement bits (3): 0-KRT 3-Resolve tree 1 5-Resolve tree 2
AS path: I
10.209.0.0/16 (1 entry, 1 announced)

Local AS: 1
Age: 6:27:41
Task: RT
AS path: I

172.16.0.0/12 (1 entry, 1 announced)

Local AS: 1
Age: 6:27:41
Task: RT
AS path: I
192.168.0.0/16 (1 entry, 1 announced)

Local AS: 1
Age: 6:27:41
Task: RT
AS path: I
192.168.102.0/23 (1 entry, 1 announced)

Local AS: 1
Age: 6:27:41
Task: RT
AS path: I
207.17.136.0/24 (1 entry, 1 announced)

Local AS: 1
Age: 6:27:41
Task: RT
AS path: I
207.17.136.192/32 (1 entry, 1 announced)

Local AS: 1
Age: 6:27:41
Task: RT
AS path: I

Restart Complete

IS-IS Feature Guide

Restart Complete

Restart Complete

Restart Complete
show route next-hop extensive

user@host> show route next-hop 192.168.71.254 extensive

TSI:
KRT in-kernel 10.10.0.0/16 -> {192.168.71.254}
Local AS: 69
Age: 2:02:28
Task: RT
AS path: I
10.209.0.0/16 (1 entry, 1 announced)

TSI:
KRT in-kernel 10.209.0.0/16 -> {192.168.71.254}
Local AS: 69
Age: 2:02:28
Task: RT
AS path: I
172.16.0.0/12 (1 entry, 1 announced)

TSI:
KRT in-kernel 172.16.0.0/12 -> {192.168.71.254}
Local AS: 69
Age: 2:02:28
Task: RT
AS path: I
192.168.0.0/16 (1 entry, 1 announced)

TSI:
KRT in-kernel 192.168.0.0/16 -> {192.168.71.254}


Local AS: 69
Age: 2:02:28
Task: RT
AS path: I
192.168.102.0/23 (1 entry, 1 announced)

TSI:
KRT in-kernel 192.168.102.0/23 -> {192.168.71.254}
Local AS: 69
Age: 2:02:28
Task: RT
AS path: I
207.17.136.0/24 (1 entry, 1 announced)

TSI:
KRT in-kernel 207.17.136.0/24 -> {192.168.71.254}
Local AS: 69
Age: 2:02:28
Task: RT
AS path: I
207.17.136.192/32 (1 entry, 1 announced)

TSI:
KRT in-kernel 207.17.136.192/32 -> {192.168.71.254}
Local AS: 69
Age: 2:02:28
Task: RT
AS path: I

IS-IS Feature Guide
red.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
show route next-hop terse

user@host> show route next-hop 192.168.71.254 terse

Restart Complete

* 10.10.0.0/16 S 5 >192.168.71.254
* 10.209.0.0/16 S 5 >192.168.71.254
* 172.16.0.0/12 S 5 >192.168.71.254
* 192.168.0.0/16 S 5 >192.168.71.254
* 192.168.102.0/23 S 5 >192.168.71.254
* 207.17.136.0/24 S 5 >192.168.71.254
* 207.17.136.192/32 S 5 >192.168.71.254

Restart Complete

Restart Complete

Restart Complete

Restart Complete

show route output

Syntax show route output (address ip-address | interface interface-name)

Syntax (EX Series show route output (address ip-address | interface interface-name)

Description Display the entries in the routing table learned through static routes and interior gateway
protocols that are to be sent out the interface with either the specified IP address or
specified name.
To view routes advertised to a neighbor or received from a neighbor for the BGP protocol,
use the show route advertising-protocol bgp and show route receive-protocol bgp
commands instead.
Options address ip-address—Display entries in the routing table that are to be sent out the
interface with the specified IP address.
interface interface-name—Display entries in the routing table that are to be sent out the
interface with the specified name.


Level
List of Sample Output show route output address on page 848

show route output address detail on page 848
show route output address extensive on page 849
show route output address terse on page 849
show route output interface on page 849
show route output interface detail on page 850
show route output interface extensive on page 850
show route output interface terse on page 850

IS-IS Feature Guide
command, the show route detail command, the show route extensive command, or
the show route terse command.
Sample Output
show route output address

user@host> show route output address 172.16.36.1/24

172.16.36.0/24 *[Direct/0] 00:19:56

> via so-0/1/2.0
[OSPF/10] 00:19:55, metric 1
> via so-0/1/2.0
show route output address detail

user@host> show route output address 172.16.36.1 detail

State: <Active Int>
Age: 23:00
Task: IF
AS path: I
OSPF Preference: 10
State: <Int>
Area: 0.0.0.0
Task: OSPF
AS path: I

show route output address extensive
The output for the show route output address extensive command is identical to that of
the show route output address detail command. For sample output, see show route
output address detail on page 848.
show route output address terse

user@host> show route output address 172.16.36.1 terse


* 172.16.36.0/24 D 0 >so-0/1/2.0
O 10 1 >so-0/1/2.0
show route output interface

user@host> show route output interface so-0/1/2.0

10.255.71.240/32 *[OSPF/10] 00:13:00, metric 2

via so-0/1/2.0
> via so-0/3/2.0
10.255.71.241/32 *[OSPF/10] 00:13:10, metric 1
> via so-0/1/2.0
172.16.14.0/24 *[OSPF/10] 00:05:11, metric 3
to 35.1.1.2 via ge-3/1/0.0
> via so-0/1/2.0
via so-0/3/2.0
172.16.16.0/24 *[OSPF/10] 00:13:10, metric 2
> via so-0/1/2.0
172.16.36.0/24 *[Direct/0] 00:13:21
> via so-0/1/2.0
[OSPF/10] 00:13:20, metric 1
> via so-0/1/2.0

IS-IS Feature Guide
show route output interface detail

user@host> show route output interface so-0/1/2.0 detail

10.255.71.240/32 (1 entry, 1 announced)
State: <Active Int>
Area: 0.0.0.0
Task: OSPF
AS path: I
10.255.71.241/32 (1 entry, 1 announced)

State: <Active Int>
Area: 0.0.0.0
Task: OSPF
AS path: I
...
show route output interface extensive
The output for the show route output interface extensive command is identical to that of
the show route output interface detail command. For sample output, see show route
output interface detail on page 850.
show route output interface terse

user@host> show route output interface so-0/1/2.0 terse


* 10.255.71.240/32 O 10 2 so-0/1/2.0
>so-0/3/2.0
* 10.255.71.241/32 O 10 1 >so-0/1/2.0
* 172.16.14.0/24 O 10 3 35.1.1.2

>so-0/1/2.0
so-0/3/2.0
* 172.16.16.0/24 O 10 2 >so-0/1/2.0
* 172.16.36.0/24 D 0 >so-0/1/2.0
O 10 1 >so-0/1/2.0

IS-IS Feature Guide
show route protocol

Syntax show route protocol protocol

Syntax (EX Series show route protocol protocol


ospf2 and ospf3 options introduced in Junos OS Release 9.2.
ospf2 and ospf3 options introduced in Junos OS Release 9.2 for EX Series switches.
flow option introduced in Junos OS Release 10.0.
flow option introduced in Junos OS Release 10.0 for EX Series switches.
Description Display the route entries in the routing table that were learned from a particular protocol.

protocol—Protocol from which the route was learned:
• access—Access route for use by DHCP application
• access-internal—Access-internal route for use by DHCP application
• aggregate—Locally generated aggregate route
• arp—Route learned through the Address Resolution Protocol
• atmvpn—Asynchronous Transfer Mode virtual private network
• bgp—Border Gateway Protocol
• ccc—Circuit cross-connect
• direct—Directly connected route
• dvmrp—Distance Vector Multicast Routing Protocol
• esis—End System-to-Intermediate System
• flow—Locally defined flow-specification route
• frr—Precomputed protection route or backup route used when a link goes down

• isis—Intermediate System-to-Intermediate System
• ldp—Label Distribution Protocol
• l2circuit—Layer 2 circuit
• l2vpn—Layer 2 virtual private network
• local—Local address
• mpls—Multiprotocol Label Switching
• msdp—Multicast Source Discovery Protocol
• ospf—Open Shortest Path First versions 2 and 3
• ospf2—Open Shortest Path First versions 2 only
• ospf3—Open Shortest Path First version 3 only
• pim—Protocol Independent Multicast
• rip—Routing Information Protocol
• ripng—Routing Information Protocol next generation
• rsvp—Resource Reservation Protocol
• rtarget—Local route target virtual private network
• static—Statically defined route
• tunnel—Dynamic tunnel
• vpn—Virtual private network
NOTE: EX Series switches run a subset of these protocols. See the switch
CLI for details.

Level
List of Sample Output show route protocol access on page 854

show route protocol access-internal extensive on page 854
show route protocol arp on page 854
show route protocol bgp on page 855
show route protocol bgp detail on page 855
show route protocol bgp detail (Labeled Unicast) on page 856
show route protocol bgp detail (Aggregate Extended Community
Bandwidth) on page 856
show route protocol bgp extensive on page 857
show route protocol bgp terse on page 858
show route protocol direct on page 858

IS-IS Feature Guide
show route protocol frr on page 859

show route protocol l2circuit detail on page 859
show route protocol l2vpn extensive on page 860
show route protocol ldp on page 861
show route protocol ldp extensive on page 861
show route protocol ospf (Layer 3 VPN) on page 862
show route protocol ospf detail on page 863
show route protocol rip on page 863
show route protocol rip detail on page 863
show route protocol ripng table inet6 on page 864
show route protocol static detail on page 864
Sample Output
show route protocol access

user@host> show route protocol access

13.160.0.3/32 *[Access/13] 00:00:09

> to 13.160.0.2 via fe-0/0/0.0
13.160.0.4/32 *[Access/13] 00:00:09
> to 13.160.0.2 via fe-0/0/0.0
13.160.0.5/32 *[Access/13] 00:00:09
> to 13.160.0.2 via fe-0/0/0.0
show route protocol access-internal extensive

user@host> show route protocol access-internal 13.160.0.19 extensive

13.160.0.19/32 (1 entry, 1 announced)
TSI:
KRT in-kernel 13.160.0.19/32 -> {13.160.0.2}
*Access-internal Preference: 12
State: <Active Int>
Age: 36
AS path: I
show route protocol arp

user@host> show route protocol arp

cust1.inet.0: 1033 destinations, 2043 routes (1033 active, 0 holddown, 0 hidden)

20.20.1.3/32 [ARP/4294967293] 00:04:35, from 20.20.1.1

Unusable
20.20.1.4/32 [ARP/4294967293] 00:04:35, from 20.20.1.1
Unusable
20.20.1.5/32 [ARP/4294967293] 00:04:32, from 20.20.1.1
Unusable
20.20.1.6/32 [ARP/4294967293] 00:04:34, from 20.20.1.1
Unusable
20.20.1.7/32 [ARP/4294967293] 00:04:35, from 20.20.1.1
Unusable
20.20.1.8/32 [ARP/4294967293] 00:04:35, from 20.20.1.1
Unusable
20.20.1.9/32 [ARP/4294967293] 00:04:35, from 20.20.1.1
Unusable
20.20.1.10/32 [ARP/4294967293] 00:04:35, from 20.20.1.1
Unusable
20.20.1.11/32 [ARP/4294967293] 00:04:33, from 20.20.1.1
Unusable
20.20.1.12/32 [ARP/4294967293] 00:04:33, from 20.20.1.1
Unusable
20.20.1.13/32 [ARP/4294967293] 00:04:33, from 20.20.1.1
Unusable
...
show route protocol bgp

user@host> show route protocol bgp 192.168.64.0/21
192.168.64.0/21 *[BGP/170] 6d 10:41:16, localpref 100, from 192.168.69.71

AS path: 10458 14203 2914 4788 4788 I
> to 192.168.167.254 via fxp0.0
show route protocol bgp detail

user@host> show route protocol bgp 66.117.63.0/24 detail
66.117.63.0/24 (1 entry, 1 announced)
Source: 192.168.69.71
Indirect next hop: 8e166c0 342
State: <Active Ext>
Age: 6d 10:42:42 Metric2: 0
Task: BGP_10458.192.168.69.71+179
Announcement bits (3): 0-KRT 2-BGP RT Background 3-Resolve tree
1

IS-IS Feature Guide
AS path: 10458 14203 2914 4788 4788 I

Communities: 2914:410 2914:2403 2914:3400
Accepted
Localpref: 100
Router ID: 207.17.136.192
show route protocol bgp detail (Labeled Unicast)

user@host> show route protocol bgp 1.1.1.8/32 detail

State:
Address: 0xc007f30
Source: 1.1.1.1
Label-switched-path lsp1
Label operation: Push 1000126, Push 1000125, Push 1000124, Push 1000123, Push
299872(top)
Label TTL action: prop-ttl, prop-ttl, prop-ttl, prop-ttl, prop-ttl(top)
Label 1000123: None; Label 299872: None;
Label element ptr: 0xc007860
Label parent element ptr: 0xc0089a0
Session Id: 0x140
Label operation: Push 1000126, Push 1000125, Push 1000124, Push 1000123(top)
Label TTL action: prop-ttl, prop-ttl, prop-ttl, prop-ttl
Label 1000123: None;
Indirect next hop: 0xae8d300 1048576 INH Session ID: 0x142
State:
Task: BGP_5.1.1.1.1
AS path: I
Accepted
Route Labels: 1000123(top) 1000124 1000125 1000126
Localpref: 100
Router ID: 1.1.1.1
show route protocol bgp detail (Aggregate Extended Community Bandwidth)

user@host> show route 10.0.2.0 protocol bgp detail

Address: 0xb618990


Source: 10.0.1.1
Next hop: 10.0.0.2 via ge-0/0/0.0 balance 40%
Session Id: 0x0
Next hop: 10.0.1.1 via ge-0/0/1.0 balance 60%, selected
Session Id: 0x0
State: <Active Ext>
Age: 20:33
Task: BGP_65001.10.0.1.1
Announcement bits (3): 0-KRT 2-BGP_Listen.0.0.0.0+179
3-BGP_RT_Background
AS path: 65001 I
Accepted Multipath
Localpref: 100
Router ID: 128.49.121.137
Address: 0xb7a1330
Source: 10.0.0.2
Session Id: 0x141
State: <NotBest Ext>
Inactive reason: Not Best in its group - Active preferred
Age: 20:33
Task: BGP_65001.10.0.0.2
AS path: 65001 I
Accepted MultipathContrib
Localpref: 100
Router ID: 128.49.121.132
show route protocol bgp extensive

user@host> show route protocol bgp 192.168.64.0/21 extensive
192.168.64.0/21 (1 entry, 1 announced)
TSI:
Page 0 idx 1 Type 1 val db31a80
Nexthop: Self
AS path: [69] 10458 14203 2914 4788 4788 I
Communities: 2914:410 2914:2403 2914:3400
Source: 192.168.69.71
State: <Active Ext>

IS-IS Feature Guide

Age: 6d 10:44:45 Metric2: 0
Task: BGP_10458.192.168.69.71+179
Announcement bits (3): 0-KRT 2-BGP RT Background 3-Resolve tree
1
AS path: 10458 14203 2914 4788 4788 I
Communities: 2914:410 2914:2403 2914:3400
Accepted
Localpref: 100
Router ID: 207.17.136.192
Next hop: 192.168.167.254 via fxp0.0
Node path count: 1
Nexthop: 192.168.167.254 via fxp0.0
show route protocol bgp terse

user@host> show route protocol bgp 192.168.64.0/21 terse


192.168.64.0/21 B 170 100 >172.16.100.1 10023 21 I
show route protocol direct

user@host> show route protocol direct
172.16.8.0/24 *[Direct/0] 17w0d 10:31:49

> via fe-1/3/1.0
10.255.165.1/32 *[Direct/0] 25w4d 04:13:18
> via lo0.0
172.16.30.0/24 *[Direct/0] 17w0d 23:06:26
> via fe-1/3/2.0
192.168.164.0/22 *[Direct/0] 25w4d 04:13:20
> via fxp0.0

47.0005.80ff.f800.0000.0108.0001.0102.5516.5001/152
*[Direct/0] 25w4d 04:13:21
> via lo0.0


2001:db8::10:255:165:1/128
*[Direct/0] 25w4d 04:13:21
> via lo0.0
fe80::2a0:a5ff:fe12:ad7/128
*[Direct/0] 25w4d 04:13:21
> via lo0.0
show route protocol frr

user@host> show route protocol frr
cust1.inet.0: 1033 destinations, 2043 routes (1033 active, 0 holddown, 0 hidden)

20.20.1.3/32 *[FRR/200] 00:05:38, from 20.20.1.1

> to 20.20.1.3 via ge-4/1/0.0
20.20.1.4/32 *[FRR/200] 00:05:38, from 20.20.1.1
> to 20.20.1.4 via ge-4/1/0.0
20.20.1.5/32 *[FRR/200] 00:05:35, from 20.20.1.1
> to 20.20.1.5 via ge-4/1/0.0
20.20.1.6/32 *[FRR/200] 00:05:37, from 20.20.1.1
> to 20.20.1.6 via ge-4/1/0.0
20.20.1.7/32 *[FRR/200] 00:05:38, from 20.20.1.1
> to 20.20.1.7 via ge-4/1/0.0
20.20.1.8/32 *[FRR/200] 00:05:38, from 20.20.1.1
> to 20.20.1.8 via ge-4/1/0.0
20.20.1.9/32 *[FRR/200] 00:05:38, from 20.20.1.1
> to 20.20.1.9 via ge-4/1/0.0
20.20.1.10/32 *[FRR/200] 00:05:38, from 20.20.1.1
...
show route protocol l2circuit detail

user@host> show route protocol l2circuit detail

Next hop: via ge-2/0/0.0, selected
Label operation: Pop Offset: 4
State: <Active Int>
Local AS: 99
Age: 9:52
Task: Common L2 VC
AS path: I

IS-IS Feature Guide
ge-2/0/0.0 (1 entry, 1 announced)

Label operation: Push 100000, Push 100000(top)[0] Offset: -4
Push 100000 Offset: -4
Indirect next hop: 86af0c0 298
State: <Active Int>
Local AS: 99
Age: 9:52
Task: Common L2 VC
AS path: I

State: <Active Int>
Local AS: 99
Age: 10:21
Task: l2 circuit
AS path: I
show route protocol l2vpn extensive

user@host> show route protocol l2vpn extensive

TSI:
KRT in-kernel 800001 /36 -> {so-0/0/0.0}
*L2VPN Preference: 7
Next hop: via so-0/0/0.0 weight 49087 balance 97%, selected
Label operation: Pop Offset: 4
State: <Active Int>
Local AS: 69
Age: 7:48
Task: Common L2 VC
AS path: I
so-0/0/0.0 (1 entry, 1 announced)

TSI:
KRT in-kernel so-0/0/0.0.0 /16 -> {indirect(288)}


Label operation: Push 800000 Offset: -4
Push 800000 Offset: -4
Indirect next hop: 85142a0 288
State: <Active Int>
Local AS: 69
Age: 7:48
Task: Common L2 VC
AS path: I
Communities: target:69:1 Layer2-info: encaps:PPP,
control flags:2, mtu: 0
show route protocol ldp

user@host> show route protocol ldp

192.168.16.1/32 *[LDP/9] 1d 23:03:35, metric 1

> via t1-4/0/0.0, Push 100000
192.168.17.1/32 *[LDP/9] 1d 23:03:35, metric 1
> via t1-4/0/0.0

100064 *[LDP/9] 1d 23:03:35, metric 1

> via t1-4/0/0.0, Pop
100064(S=0) *[LDP/9] 1d 23:03:35, metric 1
> via t1-4/0/0.0, Pop
100080 *[LDP/9] 1d 23:03:35, metric 1
> via t1-4/0/0.0, Swap 100000
show route protocol ldp extensive

user@host> show route protocol ldp extensive
192.168.16.1/32 (1 entry, 1 announced)

State: <FlashAll>
*LDP Preference: 9
Next hop: via t1-4/0/0.0, selected
State: <Active Int>
Local AS: 64500
Age: 1d 23:03:58 Metric: 1
Task: LDP
AS path: I
192.168.17.1/32 (1 entry, 1 announced)

State: <FlashAll>

IS-IS Feature Guide
*LDP Preference: 9
State: <Active Int>
Local AS: 64500
Age: 1d 23:03:58 Metric: 1
Task: LDP
AS path: I

TSI:
KRT in-kernel 100064 /36 -> {t1-4/0/0.0}
*LDP Preference: 9
State: <Active Int>
Local AS: 64500
Age: 1d 23:03:58 Metric: 1
Task: LDP
AS path: I
Prefixes bound to route: 192.168.17.1/32

TSI:
KRT in-kernel 100064 /40 -> {t1-4/0/0.0}
*LDP Preference: 9
State: <Active Int>
Local AS: 64500
Age: 1d 23:03:58 Metric: 1
Task: LDP
AS path: I

TSI:
KRT in-kernel 100080 /36 -> {t1-4/0/0.0}
*LDP Preference: 9
State: <Active Int>
Local AS: 64500
Age: 1d 23:03:58 Metric: 1
Task: LDP
AS path: I
show route protocol ospf (Layer 3 VPN)

user@host> show route protocol ospf


10.39.1.4/30 *[OSPF/10] 00:05:18, metric 4

> via t3-3/2/0.0
10.39.1.8/30 [OSPF/10] 00:05:18, metric 2
> via t3-3/2/0.0
10.255.14.171/32 *[OSPF/10] 00:05:18, metric 4
> via t3-3/2/0.0
10.255.14.179/32 *[OSPF/10] 00:05:18, metric 2
> via t3-3/2/0.0
172.16.233.5/32 *[OSPF/10] 20:25:55, metric 1
VPN-AB.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

10.39.1.16/30 [OSPF/10] 00:05:43, metric 1

> via so-0/2/2.0
10.255.14.173/32 *[OSPF/10] 00:05:43, metric 1
> via so-0/2/2.0
172.16.233.5/32 *[OSPF/10] 20:26:20, metric 1
show route protocol ospf detail

user@host> show route protocol ospf detail


OSPF Preference: 10
Nexthop: via so-0/2/2.0, selected
State: <Int>
Age: 6:25 Metric: 1
Area: 0.0.0.0
Task: VPN-AB-OSPF
AS path: I
Communities: Route-Type:0.0.0.0:1:0
...
show route protocol rip

user@host> show route protocol rip


10.255.14.177/32 *[RIP/100] 20:24:34, metric 2
> to 10.39.1.22 via t3-0/2/2.0
172.16.233.9/32 *[RIP/100] 00:03:59, metric 1
show route protocol rip detail

user@host> show route protocol rip detail

IS-IS Feature Guide


10.255.14.177/32 (1 entry, 1 announced)
*RIP Preference: 100
Nexthop: 10.39.1.22 via t3-0/2/2.0, selected
State: <Active Int>
Age: 20:25:02 Metric: 2
Task: VPN-AB-RIPv2
Announcement bits (2): 0-KRT 2-BGP.0.0.0.0+179
AS path: I
Route learned from 10.39.1.22 expires in 96 seconds
show route protocol ripng table inet6

user@host> show route protocol ripng table inet6

1111::1/128 *[RIPng/100] 02:13:33, metric 2

> to fe80::2a0:a5ff:fe3d:56 via t3-0/2/0.0
1111::2/128 *[RIPng/100] 02:13:33, metric 2
1111::3/128 *[RIPng/100] 02:13:33, metric 2
1111::4/128 *[RIPng/100] 02:13:33, metric 2
1111::5/128 *[RIPng/100] 02:13:33, metric 2
1111::6/128 *[RIPng/100] 02:13:33, metric 2
show route protocol static detail

user@host> show route protocol static detail

Address: 0x9274010
Session Id: 0x0
Age: 7w3d 21:24:25
Task: RT
AS path: I

Address: 0x9274010


Session Id: 0x0
Age: 7w3d 21:24:25
Task: RT
AS path: I
10.13.10.0/23 (1 entry, 1 announced)

Address: 0x9274010
Session Id: 0x0
Age: 7w3d 21:24:25
Task: RT
AS path: I

IS-IS Feature Guide
show route receive-protocol

Syntax show route receive-protocol protocol neighbor-address

<logical-system (all | logical-system-name)
Syntax (EX Series show route receive-protocol protocol neighbor-address


Description Display the routing information as it was received through a particular neighbor using a
particular dynamic routing protocol.

protocol neighbor-address—Protocol transmitting the route (bgp, dvmrp, msdp, pim, rip,
or ripng) and address of the neighboring router from which the route entry was
received.
Additional Information The output displays the selected routes and the attributes with which they were received,
but does not show the effects of import policy on the routing attributes.

Level
List of Sample Output show route receive-protocol bgp on page 869

show route receive-protocol bgp extensive on page 869
show route receive-protocol bgp table extensive on page 870
show route receive-protocol bgp logical-system extensive on page 870
show route receive-protocol bgp detail (Layer 2 VPN) on page 871
show route receive-protocol bgp extensive (Layer 2 VPN) on page 871
show route receive-protocol bgp (Layer 3 VPN) on page 872
show route receive-protocol bgp detail (Layer 3 VPN) on page 872
show route receive-protocol bgp detail (Long-Lived Graceful Restart) on page 873
show route receive-protocol bgp detail (Labeled Unicast) on page 874
show route receive-protocol bgp extensive (Layer 3 VPN) on page 874
Show route receive protocol (Segment Routing Traffic Engineering) on page 875

Output Fields Table 42 on page 867 describes the output fields for the show route receive-protocol
Table 42: show route receive-protocol Output Fields
routing-table-name Name of the routing table—for example, inet.0. All levels
number Number of destinations for which there are routes in the routing table. All levels
destinations
number routes Number of routes in the routing table and total number of routes in the following All levels
states:
• active
• holddown (routes that are in pending state before being declared inactive)
Prefix Destination prefix. none brief
MED Multiple exit discriminator value included in the route. none brief
destination-prefix Destination prefix. The entry value is the number of routes for this destination, detail extensive
(entry, announced) and the announced value is the number of routes being announced for this
destination.
Accepted The LongLivedStale flag indicates that the route was marked LLGR-stale by detail extensive
LongLivedStale this router, as part of the operation of LLGR receiver mode. Either this flag or
the LongLivedStaleImport flag may be displayed for a route. Neither of these
flags are displayed at the same time as the Stale (ordinary GR stale) flag.
Accepted The LongLivedStaleImport flag indicates that the route was marked LLGR-stale detail extensive
LongLivedStaleImport when it was received from a peer, or by import policy. Either this flag or the
LongLivedStale flag may be displayed for a route. Neither of these flags are
displayed at the same time as the Stale (ordinary GR stale) flag.
Accept all received BGP long-lived graceful restart (LLGR) and LLGR stale
routes learned from configured neighbors and import into the inet.0 routing
table
ImportAccepted Accept all received BGP long-lived graceful restart (LLGR) and LLGR stale detail extensive
LongLivedStaleImport routes learned from configured neighbors and imported into the inet.0 routing
table
The LongLivedStaleImport flag indicates that the route was marked LLGR-stale
when it was received from a peer, or by import policy.
Route Distinguisher 64-bit prefix added to IP subnets to make them unique. detail extensive
Label-Base, range First label in a block of labels and label block size. A remote PE routing device detail extensive
uses this first label when sending traffic toward the advertising PE routing device.

IS-IS Feature Guide
Table 42: show route receive-protocol Output Fields (continued)
VPN Label Virtual private network (VPN) label. Packets are sent between CE and PE routing detail extensive
devices by advertising VPN labels. VPN labels transit over either an RSVP or an
LDP label-switched path (LSP) tunnel.
Next hop Next hop to the destination. An angle bracket (>) indicates that the route is the All levels
selected route.
Localpref or Lclpref Local preference value included in the route. All levels
AS path Autonomous system (AS) path through which the route was learned. The letters All levels
at the end of the AS path indicate the path origin, providing an indication of the
state of the route at the point at which the AS path originated:
• I—IGP.
• E—EGP.
• [ ]—Brackets enclose the number that precedes the AS path. This number
represents the number of ASs present in the AS path, when calculated as
defined in RFC 4271. This value is used the AS-path merge process, as defined
in RFC 4893.
• [ ]—If more than one AS number is configured on the router, or if AS path
prepending is configured, brackets enclose the local AS number associated
with the AS path.
• { }—Braces enclose AS sets, which are groups of AS numbers in which the
order does not matter. A set commonly results from route aggregation. The
numbers in each AS set are displayed in ascending order.
NOTE: In Junos OS Release 10.3 and later, the AS path field displays an
unrecognized attribute and associated hexadecimal value if BGP receives
attribute 128 (attribute set) and you have not configured an independent domain
in any routing instance.
Route Labels Stack of labels carried in the BGP route update. detail extensive
Cluster list (For route reflected output only) Cluster ID sent by the route reflector. detail extensive
Originator ID (For route reflected output only) Address of routing device that originally sent detail extensive
the route to the route reflector.
Communities Community path attribute for the route. See the Output Field table in the show detail extensive
route detail command for all possible values for this field.
AIGP Accumulated interior gateway protocol (AIGP) BGP attribute. detail extensive
Attrset AS Number, local preference, and path of the AS that originated the route. These detail extensive
values are stored in the Attrset attribute at the originating routing device.

Table 42: show route receive-protocol Output Fields (continued)
Layer2-info: encaps Layer 2 encapsulation (for example, VPLS). detail extensive
control flags Control flags: none or Site Down. detail extensive
mtu Maximum transmission unit (MTU) of the Layer 2 circuit. detail extensive
Sample Output
show route receive-protocol bgp

user@host> show route receive-protocol bgp 10.255.245.215

Prefix Next hop MED Lclpref AS path
10.22.1.0/24 10.255.245.215 0 100 I
10.22.2.0/24 10.255.245.215 0 100 I
show route receive-protocol bgp extensive

user@host> show route receive-protocol bgp 10.255.245.63 extensive

172.16.1.0/24 (1 entry, 1 announced)
Next hop: 10.0.50.3
Localpref: 100
AS path: I <Orginator>
172.16.163.0/16 (1 entry, 1 announced)
Next hop: 111.222.5.254
Localpref: 100
AS path: I <Originator>
172.16.164.0/16 (1 entry, 1 announced)
Next hop: 111.222.5.254
Localpref: 100
172.16.195.0/24 (1 entry, 1 announced)
Next hop: 111.222.5.254
Localpref: 100

IS-IS Feature Guide

show route receive-protocol bgp table extensive

user@host> show route receive-protocol bgp 207.17.136.192 table inet.0 66.117.68.0/24 extensive

* 66.117.63.0/24 (1 entry, 1 announced)
Nexthop: 207.17.136.29
Localpref: 100
AS path: AS2 PA[6]: 14203 2914 3356 29748 33437 AS_TRANS
AS path: AS4 PA[2]: 33437 393219
AS path: Merged[6]: 14203 2914 3356 29748 33437 393219 I
Communities: 2914:420
show route receive-protocol bgp logical-system extensive

user@host> show route receive-protocol bgp 10.0.0.9 logical-system PE4 extensive

* 10.0.0.0/30 (1 entry, 1 announced)
Accepted
Route Label: 3
Nexthop: 10.0.0.9
AS path: 13979 I
* 10.0.0.4/30 (1 entry, 1 announced)

Accepted
Route Label: 3
Nexthop: 10.0.0.9
AS path: 13979 I

Accepted
Route Label: 3
Nexthop: 10.0.0.9
AS path: 13979 I
* 10.9.9.1/32 (1 entry, 1 announced)

Accepted
Route Label: 3
Nexthop: 10.0.0.9
AS path: 13979 I
* 10.100.1.1/32 (1 entry, 1 announced)

Accepted
Route Label: 3
Nexthop: 10.0.0.9
AS path: 13979 I
* 172.16.44.0/24 (1 entry, 1 announced)

Accepted
Route Label: 300096
Nexthop: 10.0.0.9
AS path: 13979 I
AIGP: 203
* 172.16.55.0/24 (1 entry, 1 announced)

Accepted
Route Label: 300112
Nexthop: 10.0.0.9
AS path: 13979 7018 I
AIGP: 25
* 172.16.66.0/24 (1 entry, 1 announced)

Accepted
Route Label: 300144
Nexthop: 10.0.0.9
AS path: 13979 7018 I
* 172.16.99.0/24 (1 entry, 1 announced)

Accepted
Route Label: 300160
Nexthop: 10.0.0.9
AS path: 13979 7018 I
show route receive-protocol bgp detail (Layer 2 VPN)

user@host> show route receive-protocol bgp 10.255.14.171 detail

frame-vpn.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0
hidden)
10.255.245.35:1:5:1/96 (1 entry, 1 announced)
Label-base : 800000, range : 4, status-vector : 0x0
Nexthop: 10.255.245.35
Localpref: 100
AS path: I
Communities: target:65299:100 Layer2-info: encaps:FRAME RELAY,
control flags: 0, mtu: 0
10.255.245.35:1:5:1/96 (1 entry, 0 announced)
Nexthop: 10.255.245.35
Localpref: 100
AS path: I
show route receive-protocol bgp extensive (Layer 2 VPN)



IS-IS Feature Guide

frame-vpn.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
10.255.245.35:1:5:1/96 (1 entry, 1 announced)
Nexthop: 10.255.245.35
Localpref: 100
AS path: I
10.255.245.35:1:5:1/96 (1 entry, 0 announced)
Nexthop: 10.255.245.35
Localpref: 100
AS path: I
show route receive-protocol bgp (Layer 3 VPN)

user@host> show route receive-protocol bgp 10.255.14.171

VPN-A.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
10.255.14.175/32 10.255.14.171 100 2 I
10.255.14.179/32 10.255.14.171 2 100 I
VPN-B.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
10.255.14.175/32 10.255.14.171 100 2 I
10.255.14.177/32 10.255.14.171 100 I
10.255.14.171:300:10.255.14.177/32
10.255.14.171 100 I
10.255.14.171:100:10.255.14.179/32
10.255.14.171 2 100 I
10.255.14.171:200:10.255.14.175/32
10.255.14.171 100 2 I
show route receive-protocol bgp detail (Layer 3 VPN)



vpna.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
* 10.49.0.0/30 (1 entry, 1 announced)
VPN Label: 101264
Nexthop: 10.255.14.174
Localpref: 100
AS path: I
AttrSet AS: 100
Localpref: 100
AS path: I
* 10.255.14.172/32 (1 entry, 1 announced)
VPN Label: 101280
Nexthop: 10.255.14.174
Localpref: 100
AS path: I
AttrSet AS: 100
Localpref: 100
AS path: I
* 10.255.14.174:2:10.49.0.0/30 (1 entry, 0 announced)
VPN Label: 101264
Nexthop: 10.255.14.174
Localpref: 100
AS path: I
AttrSet AS: 100
Localpref: 100
AS path: I
* 10.255.14.174:2:10.255.14.172/32 (1 entry, 0 announced)
VPN Label: 101280
Nexthop: 10.255.14.174
Localpref: 100
AS path: I
AttrSet AS: 100
Localpref: 100
AS path: I
show route receive-protocol bgp detail (Long-Lived Graceful Restart)


* 172.16.1.4:100:172.16.1.4/96 AD (1 entry, 1 announced)
Accepted LongLivedStale LongLivedStaleImport
Nexthop: 10.4.12.11
Localpref: 100
AS path: I

IS-IS Feature Guide
show route receive-protocol bgp detail (Labeled Unicast)


Accepted
Route Labels: 1000123(top) 1000124 1000125 1000126
Nexthop: 1.1.1.4
Localpref: 100
AS path: I
Entropy label capable, next hop field matches route next hop
* 100::1/128 (2 entries, 2 announced)

Accepted
Route Labels: 1000123(top) 1000124 1000125 1000126
Localpref: 100
AS path: I
show route receive-protocol bgp extensive (Layer 3 VPN)


172.16.1.0/24 (1 entry, 1 announced)
Nexthop: 10.0.50.3
Localpref: 100
172.16.163.0/16 (1 entry, 1 announced)
Nexthop: 111.222.5.254
Localpref: 100
172.16.164.0/16 (1 entry, 1 announced)
Nexthop: 111.222.5.254
Localpref: 100
172.16.195.0/24 (1 entry, 1 announced)
Nexthop: 111.222.5.254
Localpref: 100


Show route receive protocol (Segment Routing Traffic Engineering)

show route receive protocol bgp 10.1.1.4
bgp.inetcolor.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
* 50-4.4.4.4-1234<sr6>/96 (1 entry, 0 announced)

Import Accepted
Distinguisher: 50
Color: 1234
Nexthop: 10.1.1.4
Localpref: 100
AS path: 3 I
Communities: target:1.1.1.1:1
inetcolor.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)

* 4.4.4.4-1234<c6>/64 (1 entry, 1 announced)
Import Accepted
Color: 1234
Nexthop: 10.1.1.4
Localpref: 100
AS path: 3 I
user@host# run show route receive-protocol bgp 5001:1::4
bgp.inet6color.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
* 50-2001:1::4-1234<sr6>/192 (1 entry, 0 announced)

Import Accepted
Distinguisher: 50
Color: 1234
Localpref: 100
AS path: 3 I
inet6color.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)

* 2001::5-1234<c6>/160 (1 entry, 1 announced)
Import Accepted
Color: 1234
Localpref: 100
AS path: 3 I

IS-IS Feature Guide
show route table

Syntax (EX Series Switches, QFX Series Switches) on page 876
Syntax show route table routing-table-name

Syntax (EX Series show route table routing-table-name

Switches, QFX Series <brief | detail | extensive | terse>
Switches)

Statement introduced in Junos OS Release 14.1X53-D15 for QFX Series switches.
Show route table evpn statement introduced in Junos OS Release 15.1X53-D30 for QFX
Series switches.
Description Display the route entries in a particular routing table.

routing-table-name—Display route entries for all routing tables whose names begin with
this string (for example, inet.0 and inet6.0 are both displayed when you run the show
route table inet command).

Level
Related • show route summary

Documentation
List of Sample Output show route table bgp.l2.vpn on page 888

show route table bgp.l3vpn.0 on page 888
show route table bgp.l3vpn.0 detail on page 888
show route table bgp.rtarget.0 (When Proxy BGP Route Target Filtering Is
Configured) on page 890
show route table bgp.evpn.0 on page 890
show route table evpna.evpn.0 on page 891
show route table inet.0 on page 891
show route table inet.3 on page 891
show route table inet.3 protocol ospf on page 891

show route table inet6.0 on page 892

show route table inet6.3 on page 892
show route table inetflow detail on page 892
show route table inetflow.0 extensive (BGP Flowspec Redirect to IP) on page 893
show route table lsdist.0 extensive on page 894
show route table l2circuit.0 on page 896
show route table lsdist.0 on page 896
show route table mpls on page 897
show route table mpls extensive on page 897
show route table mpls.0 on page 897
show route table mpls.0 detail (PTX Series) on page 898
show route table mpls.0 ccc ge-0/0/1.1004 detail on page 899
show route table mpls.0 protocol evpn on page 900
show route table mpls.0 protocol ospf on page 906
show route table mpls.0 extensive (PTX Series) on page 906
show route table mpls.0 (RSVP Route—Transit LSP) on page 907
show route table vpls_1 detail on page 907
show route table vpn-a on page 908
show route table vpn-a.mdt.0 on page 908
show route table VPN-A detail on page 908
show route table VPN-AB.inet.0 on page 909
show route table VPN_blue.mvpn-inet6.0 on page 909
show route table vrf1.mvpn.0 extensive on page 910
show route table inetflow detail on page 910
show route table bgp.evpn.0 extensive |no-more (EVPN) on page 913
show route table default-switch.evpn.0 extensive on page 917
show route table evpn1.evpn-mcsn on page 917
show route table evpn1 (Multihomed Proxy MAC and IP Address) on page 917
Output Fields Table 32 on page 724 describes the output fields for the show route table command.
Table 43: show route table Output Fields

IS-IS Feature Guide
Table 43: show route table Output Fields (continued)
Restart complete All protocols have restarted for this routing table.
Restart state:
• Pending:protocol-name—List of protocols that have not yet completed graceful restart for this
routing table.
• Complete—All protocols have restarted for this routing table.
For example, if the output shows-
• LDP.inet.0 : 5 routes (4 active, 1 holddown, 0 hidden)

Restart Pending: OSPF LDP VPN
This indicates that OSPF, LDP, and VPN protocols did not restart for the LDP.inet.0 routing table.
• vpls_1.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
Restart Complete
This indicates that all protocols have restarted for the vpls_1.l2vpn.0 routing table.


route-destination Route destination (for example:10.0.0.1/24). The entry value is the number of routes for this destination,

• inclusive multicast Ethernet tag route—Type of route destination represented by (for example,
3:100.100.100.10:100::0::10::100.100.100.10/384):
• route distinguisher—(8 octets) Route distinguisher (RD) must be the RD of the EVPN instance
(EVI) that is advertising the NLRI.
• Ethernet tag ID—(4 octets) Identifier of the Ethernet tag. Can set to 0 or to a valid Ethernet tag
value.
• IP address length—(1 octet) Length of IP address in bits.
• originating router’s IP address—(4 or 16 octets) Must set to the provider edge (PE) device’s IP
address. This address should be common for all EVIs on the PE device, and may be the PE device's
loopback address.
labels.
• S=0 route indicates that a packet with an incoming label stack depth of 2 or more exits this routing
device with one fewer label (the label-popping operation is performed).
forwarding table.

IS-IS Feature Guide
Level (IS-IS only). In IS-IS, a single AS can be divided into smaller groups called areas. Routing between
areas is organized hierarchically, allowing a domain to be administratively divided into smaller areas.
This organization is accomplished by configuring Level 1 and Level 2 intermediate systems. Level 1
systems route within an area. When the destination is outside an area, they route toward a Level 2
system. Level 2 intermediate systems route between areas and toward other ASs.
Next-hop type Type of next hop. For a description of possible values for this field, see Table 35 on page 769.

count
Flood nexthop Indicates that the number of flood next-hop branches exceeded the system limit of 32 branches, and
branches exceed only a subset of the flood next-hop branches were installed in the kernel.
maximum message

lsp-path-name
to derive a forwarding next hop.
Indirect next hop Index designation used to specify the mapping between protocol next hops, tags, kernel export policy,
and the forwarding next hops.
State State of the route (a route can be in more than one state). See Table 36 on page 771.

Local AS AS number of the local routing devices.
Metricn Cost value of the indicated route. For routes within an AS, the cost is determined by IGP and the
Announcement bits The number of BGP peers or protocols to which Junos OS has announced this route, followed by the
list of the recipients of the announcement. Junos OS can also announce the route to the kernel routing
table (KRT) for installing the route into the Packet Forwarding Engine, to a resolve tree, a Layer 2 VC,
or even a VPN. For example, n-Resolve inet indicates that the specified route is used for route resolution
for next hops found in the routing table.
• n—An index used by Juniper Networks customer support only.
• I—IGP.
• E—EGP.
• [ ]—Brackets enclose the number that precedes the AS path. This number represents the number
of ASs present in the AS path, when calculated as defined in RFC 4271. This value is used in the
AS-path merge process, as defined in RFC 4893.
• [ ]—If more than one AS number is configured on the routing device, or if AS path prepending is
configured, brackets enclose the local AS number associated with the AS path.
ascending order.

IS-IS Feature Guide
FECs bound to route Indicates point-to-multipoint root address, multicast source address, and multicast group address
when multipoint LDP (M-LDP) inband signaling is configured.
Primary Upstream When multipoint LDP with multicast-only fast reroute (MoFRR) is configured, indicates the primary
upstream path. MoFRR transmits a multicast join message from a receiver toward a source on a
primary path, while also transmitting a secondary multicast join message from the receiver toward
the source on a backup path.
RPF Nexthops When multipoint LDP with MoFRR is configured, indicates the reverse-path forwarding (RPF) next-hop
Prefixes bound to route Forwarding equivalent class (FEC) bound to this route. Applicable only to routes installed by LDP.
Communities Community path attribute for the route. See Table 37 on page 773 for all possible values for this field.

Accepted Multipath Current active path when BGP multipath is configured.
Accepted The LongLivedStale flag indicates that the route was marked LLGR-stale by this router, as part of the
LongLivedStale operation of LLGR receiver mode. Either this flag or the LongLivedStaleImport flag might be displayed
for a route. Neither of these flags is displayed at the same time as the Stale (ordinary GR stale) flag.
Accepted The LongLivedStaleImport flag indicates that the route was marked LLGR-stale when it was received
LongLivedStaleImport from a peer, or by import policy. Either this flag or the LongLivedStale flag might be displayed for a
route. Neither of these flags is displayed at the same time as the Stale (ordinary GR stale) flag.
Accept all received BGP long-lived graceful restart (LLGR) and LLGR stale routes learned from
configured neighbors and import into the inet.0 routing table
ImportAccepted Accept all received BGP long-lived graceful restart (LLGR) and LLGR stale routes learned from
LongLivedStaleImport configured neighbors and imported into the inet.0 routing table
The LongLivedStaleImport flag indicates that the route was marked LLGR-stale when it was received
from a peer, or by import policy.
Accepted Path currently contributing to BGP multipath.

MultipathContrib
Table 35 on page 769 describes all possible values for the Next-hop Types output field.
Table 44: Next-hop Types Output Field Values
Broadcast (bcast) Broadcast next hop.
Deny Deny next hop.
Discard Discard next hop.
Flood Flood next hop. Consists of components called branches,

up to a maximum of 32 branches. Each flood next-hop
branch sends a copy of the traffic to the forwarding
interface. Used by point-to-multipoint RSVP,
point-to-multipoint LDP, point-to-multipoint CCC, and
multicast.

IS-IS Feature Guide
Hold Next hop is waiting to be resolved into a unicast or

multicast type.
Indexed (idxd) Indexed next hop.
Indirect (indr) Used with applications that have a protocol next hop
address that is remote. You are likely to see this next-hop
type for internal BGP (IBGP) routes when the BGP next
hop is a BGP neighbor that is not directly connected.
Interface Used for a network address assigned to an interface. Unlike

the router next hop, the interface next hop does not
reference any specific node on the network.
Local (locl) Local address on an interface. This next-hop type causes

packets with this destination address to be received locally.
Multicast (mcst) Wire multicast next hop (limited to the LAN).
Multicast discard (mdsc) Multicast discard.
Multicast group (mgrp) Multicast group member.
Receive (recv) Receive.
Reject (rjct) Discard. An ICMP unreachable message was sent.
Resolve (rslv) Resolving next hop.
Routed multicast (mcrt) Regular multicast next hop.
Router A specific node or set of nodes to which the routing device

forwards packets that match the route prefix.
To qualify as a next-hop type router, the route must meet

the following criteria:
• Must not be a direct or local subnet for the routing

device.
• Must have a next hop that is directly connected to the
routing device.
Table Routing table next hop.
Unicast (ucst) Unicast.
Unilist (ulst) List of unicast next hops. A packet sent to this next hop
goes to any next hop in the list.

Table 36 on page 771 describes all possible values for the State output field. A route can
be in more than one state (for example, <Active NoReadvrt Int Ext>).
Table 45: State Output Field Values
Value Description
Accounting Route needs accounting.
Active Route is active.
Always Compare MED Path with a lower multiple exit discriminator (MED) is
available.
AS path Shorter AS path is available.
Cisco Non-deterministic MED Cisco nondeterministic MED is enabled, and a path with a
selection lower MED is available.
Clone Route is a clone.
Cluster list length Length of cluster list sent by the route reflector.
Delete Route has been deleted.
Ex Exterior route.
Ext BGP route received from an external BGP neighbor.
FlashAll Forces all protocols to be notified of a change to any route,

active or inactive, for a prefix. When not set, protocols are
informed of a prefix only when the active route changes.
Hidden Route not used because of routing policy.
IfCheck Route needs forwarding RPF check.
IGP metric Path through next hop with lower IGP metric is available.
Inactive reason Flags for this route, which was not selected as best for a
particular destination.
Initial Route being added.
Int Interior route.
Int Ext BGP route received from an internal BGP peer or a BGP
confederation peer.
Interior > Exterior > Exterior via Direct, static, IGP, or EBGP path is available.
Interior

IS-IS Feature Guide
Value Description
Local Preference Path with a higher local preference value is available.
Martian Route is a martian (ignored because it is obviously invalid).
MartianOK Route exempt from martian filtering.
Next hop address Path with lower metric next hop is available.
No difference Path from neighbor with lower IP address is available.
NoReadvrt Route not to be advertised.
NotBest Route not chosen because it does not have the lowest MED.
Not Best in its group Incoming BGP AS is not the best of a group (only one AS can
be the best).
NotInstall Route not to be installed in the forwarding table.
Number of gateways Path with a greater number of next hops is available.
Origin Path with a lower origin code is available.
Pending Route pending because of a hold-down configured on another

route.
Release Route scheduled for release.
RIB preference Route from a higher-numbered routing table is available.
Route Distinguisher 64-bit prefix added to IP subnets to make them unique.
Route Metric or MED comparison Route with a lower metric or MED is available.
Route Preference Route with lower preference value is available.
Router ID Path through a neighbor with lower ID is available.
Secondary Route not a primary route.
Unusable path Path is not usable because of one of the following conditions:
• The route is damped.

• The route is rejected by an import policy.
• The route is unresolved.
Update source Last tiebreaker is the lowest IP address value.

Table 37 on page 773 describes the possible values for the Communities output field.
Table 46: Communities Output Field Values
Value Description
area-number 4 bytes, encoding a 32-bit area number. For AS-external routes, the value is 0. A nonzero value
identifies the route as internal to the OSPF domain, and as within the identified area. Area
numbers are relative to a particular OSPF domain.
bandwidth: local AS Link-bandwidth community value used for unequal-cost load balancing. When BGP has
number:link-bandwidth-number several candidate paths available for multipath purposes, it does not perform unequal-cost
load balancing according to the link-bandwidth community unless all candidate paths have
this attribute.
domain-id Unique configurable number that identifies the OSPF domain.
domain-id-vendor Unique configurable number that further identifies the OSPF domain.
link-bandwidth-number Link-bandwidth number: from 0 through 4,294,967,295 (bytes per second).
local AS number Local AS number: from 1 through 65,535.
options 1 byte. Currently this is only used if the route type is 5 or 7. Setting the least significant bit in
the field indicates that the route carries a type 2 metric.
origin (Used with VPNs) Identifies where the route came from.
ospf-route-type 1 byte, encoded as 1 or 2 for intra-area routes (depending on whether the route came from a
type 1 or a type 2 LSA); 3 for summary routes; 5 for external routes (area number must be0);
7 for NSSA routes; or 129 for sham link endpoint addresses.
route-type-vendor Displays the area number, OSPF route type, and option of the route. This is configured using
rte-type Displays the area number, OSPF route type, and option of the route. This is configured using
target Defines which VPN the route participates in; target has the format 32-bit IP address:16-bit
number. For example, 10.19.0.0:100.
unknown IANA Incoming IANA codes with a value between 0x1 and 0x7fff. This code of the BGP extended
unknown OSPF vendor Incoming IANA codes with a value above 0x8000. This code of the BGP extended community
evpn-mcast-flags Identifies the value in the multicast flags extended community and whether snooping is
enabled. A value of 0x1 indicates that the route supports IGMP proxy.

IS-IS Feature Guide
Table 46: Communities Output Field Values (continued)
Value Description
evpn-l2-info Identifies whether Multihomed Proxy MAC and IP Address Route Advertisement is enabled.
A value of 0x20 indicates that the proxy bit is set. .
Use the show bridge mac-ip-table extensive statement to determine whether the MAC and IP
address route was learned locally or from a PE device.
Sample Output
show route table bgp.l2.vpn

user@host> show route table bgp.l2.vpn

192.168.24.1:1:4:1/96
AS path: I
> to 10.0.16.2 via fe-0/0/1.0, label-switched-path am
show route table bgp.l3vpn.0

user@host> show route table bgp.l3vpn.0

10.255.71.15:100:10.255.71.17/32
*[BGP/170] 00:03:59, MED 1, localpref 100, from
10.255.71.15
AS path: I
> via so-2/1/0.0, Push 100020, Push 100011(top)
10.255.71.15:200:10.255.71.18/32
*[BGP/170] 00:03:59, MED 1, localpref 100, from
10.255.71.15
AS path: I
show route table bgp.l3vpn.0 detail

user@host> show route table bgp.l3vpn.0 detail
10.255.245.12:1:172.16.4.0/8 (1 entry, 1 announced)

Source: 10.255.245.12
Push 182449
Indirect next hop: 863a630 297


Task: BGP_35.10.255.245.12+179
AS path: 30 10458 14203 2914 3356 I (Atomic) Aggregator: 3356 4.68.0.11
Communities: 2914:420 target:11111:1 origin:56:78

VPN Label: 182449
Localpref: 100
Router ID: 10.255.245.12
10.255.245.12:1:4.17.225.0/24 (1 entry, 1 announced)

Source: 10.255.245.12
Push 182465
Indirect next hop: 863a8f0 305
Task: BGP_35.10.255.245.12+179
AS path: 30 10458 14203 2914 11853 11853 11853 6496 6496 6496 6496 6496 6496 I
Communities: 2914:410 target:12:34 target:11111:1 origin:12:34
VPN Label: 182465
Localpref: 100
Router ID: 10.255.245.12
10.255.245.12:1:4.17.226.0/23 (1 entry, 1 announced)

Source: 10.255.245.12
Push 182465
Indirect next hop: 86bd210 330
Task: BGP_35.10.255.245.12+179
AS path: 30 10458 14203 2914 11853 11853 11853 6496 6496 6496 6496 6496
6496 I
VPN Label: 182465
Localpref: 100
Router ID: 10.255.245.12
10.255.245.12:1:4.17.251.0/24 (1 entry, 1 announced)

Source: 10.255.245.12

IS-IS Feature Guide
Push 182465
Indirect next hop: 86bd210 330
Task: BGP_35.10.255.245.12+179
AS path: 30 10458 14203 2914 11853 11853 11853 6496 6496 6496 6496 6496
6496 I
VPN Label: 182465
Localpref: 100
show route table bgp.rtarget.0 (When Proxy BGP Route Target Filtering Is Configured)
user@host> show route table bgp.rtarget.o
bgp.rtarget.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

100:100:100/96
*[RTarget/5] 00:03:14
Type Proxy
for 10.255.165.103
for 10.255.166.124
Local
show route table bgp.evpn.0

user@host> show route table bgp.evpn.0
bgp.evpn.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

2:100.100.100.2:100::0::00:26:88:5f:67:b0/304
AS path: I, validation-state: unverified
> to 100.64.12.2 via xe-2/2/0.0, label-switched-path R0toR1
2:100.100.100.2:100::0::00:51:51:51:51:51/304
2:100.100.100.3:100::0::00:52:52:52:52:52/304
> to 100.64.13.3 via ge-2/0/8.0, label-switched-path R0toR2
2:100.100.100.3:100::0::a8:d0:e5:5b:01:c8/304
3:100.100.100.2:100::1000::100.100.100.2/304
3:100.100.100.2:100::2000::100.100.100.2/304

show route table evpna.evpn.0

user@host> show route table evpna.evpn.0
evpna.evpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

3:100.100.100.10:100::0::10::100.100.100.10/384
*[EVPN/170] 01:37:09
Indirect
3:100.100.100.2:100::2000::100.100.100.2/304
*[EVPN/170] 01:37:12
Indirect
show route table inet.0

user@host> show route table inet.0

0.0.0.0/0 *[Static/5] 00:51:57

> to 172.16.5.254 via fxp0.0
10.0.0.1/32 *[Direct/0] 00:51:58
> via at-5/3/0.0
10.0.0.2/32 *[Local/0] 00:51:58
Local
10.12.12.21/32 *[Local/0] 00:51:57
Reject
10.13.13.13/32 *[Direct/0] 00:51:58
> via t3-5/2/1.0
10.13.13.14/32 *[Local/0] 00:51:58
Local
10.13.13.21/32 *[Local/0] 00:51:58
Local
10.13.13.22/32 *[Direct/0] 00:33:59
> via t3-5/2/0.0
127.0.0.1/32 [Direct/0] 00:51:58
> via lo0.0
10.222.5.0/24 *[Direct/0] 00:51:58
> via fxp0.0
10.222.5.81/32 *[Local/0] 00:51:58
Local
show route table inet.3

user@host> show route table inet.3

10.0.0.5/32 *[LDP/9] 00:25:43, metric 10, tag 200

to 10.2.94.2 via lt-1/2/0.49
> to 10.2.3.2 via lt-1/2/0.23
show route table inet.3 protocol ospf

user@host> show route table inet.3 protocol ospf

IS-IS Feature Guide

1.1.1.20/32 [L-OSPF/10] 1d 00:00:56, metric 2

> to 10.0.10.70 via lt-1/2/0.14, Push 800020
to 10.0.6.60 via lt-1/2/0.12, Push 800020, Push 800030(top)
1.1.1.30/32 [L-OSPF/10] 1d 00:01:01, metric 3
> to 10.0.10.70 via lt-1/2/0.14, Push 800030
to 10.0.6.60 via lt-1/2/0.12, Push 800030
1.1.1.40/32 [L-OSPF/10] 1d 00:01:01, metric 4
> to 10.0.10.70 via lt-1/2/0.14, Push 800040
to 10.0.6.60 via lt-1/2/0.12, Push 800040
1.1.1.50/32 [L-OSPF/10] 1d 00:01:01, metric 5
> to 10.0.10.70 via lt-1/2/0.14, Push 800050
to 10.0.6.60 via lt-1/2/0.12, Push 800050
1.1.1.60/32 [L-OSPF/10] 1d 00:01:01, metric 6
> to 10.0.10.70 via lt-1/2/0.14, Push 800060
to 10.0.6.60 via lt-1/2/0.12, Pop
show route table inet6.0

user@host> show route table inet6.0

+ = Active Route, - = Last Route, * = Both
fec0:0:0:3::/64 *[Direct/0] 00:01:34

>via fe-0/1/0.0
fec0:0:0:3::/128 *[Local/0] 00:01:34

>Local
fec0:0:0:4::/64 *[Static/5] 00:01:34

>to fec0:0:0:3::ffff via fe-0/1/0.0
show route table inet6.3

user@router> show route table inet6.3

::10.255.245.195/128
*[LDP/9] 00:00:22, metric 1
> via so-1/0/0.0
::10.255.245.196/128
*[LDP/9] 00:00:08, metric 1
> via so-1/0/0.0, Push 100008
show route table inetflow detail

user@host> show route table inetflow detail
inetflow.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

10.12.44.1,*/48 (1 entry, 1 announced)
State: <Active Ext>

Age: 4
Task: BGP_64500.10.12.99.5+3792
Announcement bits (1): 0-Flow
AS path: 64500 I
Communities: traffic-rate:0:0
Validation state: Accept, Originator: 10.12.99.5
Via: 10.12.44.0/24, Active
Localpref: 100
Router ID: 10.255.71.161
10.12.56.1,*/48 (1 entry, 1 announced)

*Flow Preference: 5
State: <Active>
Local AS: 64502
Age: 6:30
Task: RT Flow
Announcement bits (2): 0-Flow 1-BGP.0.0.0.0+179
AS path: I
Communities: 1:1
show route table inetflow.0 extensive (BGP Flowspec Redirect to IP)

user@host> show route table inetflow.0 extensive

2.2.2.2,*/term:1 (1 entry, 1 announced)
TSI:
KRT in dfwd;
Page 0 idx 0, (group ibgp type Internal) Type 1 val 0xb209500 (adv_entry)
Advertised metrics:
Nexthop: 21.1.4.5
Localpref: 100
AS path: [100] I
Communities: redirect-to-ip:21.1.4.5:0
Action(s): accept,count
*Flow Preference: 5
Address: 0xa2b931c
Next-hop reference count: 1Next hop:
State: <Active> L
ocal AS: 69
Age: 2
Task: RT Flow
AS path: I
Communities: redirect-to-ip:21.1.4.5:0
user@host> show route table inetflow.) extensive

TSI:
KRT in dfwd;
Page 0 idx 0, (group ibgp type Internal) Type 1 val 0xb209500 (adv_entry)
Advertised metrics:
Nexthop: 21.1.4.5
Localpref: 100
AS path: [100] I

IS-IS Feature Guide
Communities: redirect-to-nexthop
*Flow Preference: 5
Address: 0xa2b931c
Next hop:
State: <Active>
Local AS: 69
Age: 2
Task: RT Flow
AS path: I
[email protected]> show route table inetflow.0 extensive
TSI:
KRT in dfwd;
Address: 0xc5e3c30
Next hop: 21.1.4.5
Age: 10
Task: BGP_100.1.1.1.1+179
AS path: I
Accepted
Localpref: 100
Router ID: 1.1.1.1
show route table lsdist.0 extensive

user@host> show route table lsdist.0 extensive

NODE { AS:4170512532 BGP-LS ID:4170512532 ISO:3245.3412.3456.00 ISIS-L1:0 }/1152
(1 entry, 1 announced)
TSI:
Page 0 idx 0, (group ibgp type Internal) Type 1 val 0xa62f378 (adv_entry)
Advertised metrics:
Nexthop: Self
Localpref: 100
AS path: [4170512532] I
Communities:
Path NODE { AS:4170512532 BGP-LS ID:4170512532 ISO:3245.3412.3456.00 ISIS-L1:0 }
Vector len 4. Val: 0
Level: 1
Address: 0x95dfc64

Local AS: 4170512532

Age: 6:05
Task: IS-IS
AS path: I
IPv4 Router-ids:
128.220.11.197
Area membership:
47 00 05 80 ff f8 00 00 00 01 08 00 01
SPRING-Capabilities: - SRGB block [Start: 800000,
Range: 256, Flags: 0xc0]
SPRING-Algorithms:
- Algo: 0
LINK { Local { AS:4170512532 BGP-LS ID:4170512532 ISO:3245.3412.3456.00 }.{
IPv4:8.65.1.105 } Remote { AS:4170512532 BGP-LS ID:4170512532 ISO:4284.3300.5067)
TSI:
Page 0 idx 0, (group ibgp type Internal) Type 1 val 0xa62f3cc (adv_entry)
Advertised metrics:
Nexthop: Self
Localpref: 100
AS path: [4170512532] I
Communities:
Path LINK { Local { AS:4170512532 BGP-LS ID:4170512532 ISO:3245.3412.3456.00 }.{
IPv4:8.65.1.105 } Remote { AS:4170512532 BGP-LS ID:4170512532 ISO:4284.33000
Level: 1
Address: 0x95dfc64
Local AS: 4170512532
Age: 6:05
Task: IS-IS
AS path: I
Color: 32768
Reservable bandwidth: 1000Mbps
Unreserved bandwidth by priority:
0 1000Mbps
1 1000Mbps
2 1000Mbps
3 1000Mbps
4 1000Mbps
5 1000Mbps
6 1000Mbps
7 1000Mbps
Metric: 10
TE Metric: 10
LAN IPV4 Adj-SID - Label: 299776, Flags: 0x30,
Weight: 0, Nbr: 10.220.1.83
PREFIX { Node { AS:4170512532 BGP-LS ID:4170512532 ISO:3245.3412.3456.00 } {

IPv4:128.220.11.197/32 } ISIS-L1:0 }/1152 (1 entry, 1 announced) TSI: Page 0 idx
0, (group ibgp type Internal) Type 1 val 0xa62f43c (adv_entry)
Advertised metrics:
Nexthop: Self
Localpref: 100

IS-IS Feature Guide
AS path: [4170512532] I
Communities:
Path PREFIX { Node { AS:4170512532 BGP-LS ID:4170512532 ISO:3245.3412.3456.00 }
{ IPv4:128.220.11.197/32 } ISIS-L1:0 } Vector len 4. Val: 0
Level: 1
Address: 0x95dfc64
State:<Active NotInstall>
Local AS: 4170512532
Age: 6:05
Task: IS-IS
AS path: I
show route table l2circuit.0

user@host> show route table l2circuit.0

10.1.1.195:NoCtrlWord:1:1:Local/96
*[L2CKT/7] 00:50:47
> via so-0/1/2.0, Push 100049
via so-0/1/3.0, Push 100049
10.1.1.195:NoCtrlWord:1:1:Remote/96
*[LDP/9] 00:50:14
Discard
10.1.1.195:CtrlWord:1:2:Local/96
*[L2CKT/7] 00:50:47
> via so-0/1/2.0, Push 100049
via so-0/1/3.0, Push 100049
10.1.1.195:CtrlWord:1:2:Remote/96
*[LDP/9] 00:50:14
Discard
show route table lsdist.0

user@host> show route table lsdist.0

LINK { Local { AS:4 BGP-LS ID:100 IPv4:4.4.4.4 }.{ IPv4:4.4.4.4 } Remote { AS:4
BGP-LS ID:100 IPv4:7.7.7.7 }.{ IPv4:7.7.7.7 } Undefined:0 }/1152
*[BGP-LS-EPE/170] 00:20:56
Fictitious
LINK { Local { AS:4 BGP-LS ID:100 IPv4:4.4.4.4 }.{ IPv4:4.4.4.4 IfIndex:339 }
Remote { AS:4 BGP-LS ID:100 IPv4:7.7.7.7 }.{ IPv4:7.7.7.7 } Undefined:0 }/1152
*[BGP-LS-EPE/170] 00:20:56
Fictitious
LINK { Local { AS:4 BGP-LS ID:100 IPv4:4.4.4.4 }.{ IPv4:50.1.1.1 } Remote { AS:4
BGP-LS ID:100 IPv4:5.5.5.5 }.{ IPv4:50.1.1.2 } Undefined:0 }/1152

*[BGP-LS-EPE/170] 00:20:56
Fictitious
show route table mpls

user@host> show route table mpls

0 *[MPLS/0] 00:13:55, metric 1

Receive
1 *[MPLS/0] 00:13:55, metric 1
Receive
2 *[MPLS/0] 00:13:55, metric 1
Receive
1024 *[VPN/0] 00:04:18
to table red.inet.0, Pop
show route table mpls extensive

user@host> show route table mpls extensive

TSI:
KRT in-kernel 100000 /36 -> {so-1/0/0.0}
*LDP Preference: 9
Pop
State: <Active Int>
Task: LDP
AS path: I
show route table mpls.0

user@host> show route table mpls.0

0 *[MPLS/0] 11:39:56, metric 1

to table inet.0
0(S=0) *[MPLS/0] 11:39:56, metric 1
to table mpls.0
1 *[MPLS/0] 11:39:56, metric 1
Receive
2 *[MPLS/0] 11:39:56, metric 1
to table inet6.0
2(S=0) *[MPLS/0] 11:39:56, metric 1
to table mpls.0
13 *[MPLS/0] 11:39:56, metric 1
Receive
303168 *[EVPN/7] 11:00:49, routing-instance pbbn10, route-type
Ingress-MAC, ISID 0
to table pbbn10.evpn-mac.0

IS-IS Feature Guide
Ingress-IM, ISID 1000

[EVPN/7] 11:00:53, routing-instance pbbn10, route-type
Ingress-IM, ISID 2000
303264 *[EVPN/7] 11:00:53, remote-pe 100.100.100.2, routing-instance
pbbn10, route-type Egress-IM, ISID 1000
pbbn10, route-type Egress-IM, ISID 2000
pbbn10, route-type Egress-MAC, ISID 0
Egress-MAC, ISID 0, BMAC 00:26:88:5f:67:b0
Egress-MAC, ISID 0, BMAC 00:51:51:51:51:51
Egress-MAC, ISID 0, BMAC a8:d0:e5:5b:01:c8
Egress-MAC, ISID 0, BMAC 00:52:52:52:52:52
show route table mpls.0 detail (PTX Series)

user@host> show route table mpls.0 detail

Address: 0x9438f34
Load balance label: Label 299808:None;
Session Id: 0x1
Label operation: Push 299872 Offset: 252
Label TTL action: no-prop-ttl
Load balance label: Label 299872:Flow label PUSH;
Composite next hop: 0x9438ed8 570 INH Session ID: 0x2
Indirect next hop: 0x9448208 262142 INH Session ID: 0x2
State: <Active Int>
Age: 21 Metric2: 1

Task: Common L2 VC
AS path: I
show route table mpls.0 ccc ge-0/0/1.1004 detail

user@host>show route table mpls.0 ccc ge-0/0/1.1004 detail

*EVPN Preference: 7
Next hop type: List, Next hop index: 1048577
Address: 0xdc14770
Next hop: ELNH Address 0xd011e30
Address: 0xd011e30
Composite next hop: 0xd011dc0 754 INH Session ID: 0x146
Indirect next hop: 0xb69a890 1048615 INH Session ID: 0x146
Address: 0xd00e530
Next hop: 100.46.1.2 via ge-0/0/5.0
Label-switched-path pe4_to_pe1
Label element ptr: 0xd00e580
Next hop: ELNH Address 0xd012070
Address: 0xd012070
Composite next hop: 0xd012000 755 INH Session ID: 0x143
Indirect next hop: 0xb69a9a0 1048641 INH Session ID: 0x143
Address: 0xd00e710
Next hop: 100.46.1.2 via ge-0/0/5.0
Label element ptr: 0xd00e760
Next hop: ELNH Address 0xd0121f0, selected
Address: 0xd0121f0

IS-IS Feature Guide

Composite next hop: 0xd012180 756 INH Session ID: 0x145
Indirect next hop: 0xb69aab0 1048642 INH Session ID: 0x145
Address: 0xd010ed0
Next hop: 100.46.1.2 via ge-0/0/5.0
Label element ptr: 0xd0108c0
Age: 2:06:50
Task: evpn global task
AS path: I
show route table mpls.0 protocol evpn

user@host>show route table mpls.0 protocol evpn

299872 *[EVPN/7] 02:30:58, routing-instance mhevpn, route-type

Ingress-IM, vlan-id 10
to table mhevpn.evpn-mac.0
300016 *[EVPN/7] 02:30:38, routing-instance VS-1, route-type
to table VS-1.evpn-mac.0
Egress-MAC, ESI 00:44:44:44:44:44:44:44:44:44
> to 100.46.1.2 via ge-0/0/5.0, label-switched-path pe4_to_pe3
Ingress-Aliasing
to table mhevpn.evpn-mac.0
Egress-MAC, ESI 00:44:44:44:44:44:44:44:44:44


Ingress-Aliasing
Egress-MAC, ESI 00:44:44:44:44:44:44:44:44:44
Ingress-Aliasing
VS-1, route-type Egress-IM, vlan-id 120
mhevpn, route-type Egress-IM, vlan-id 10
Egress-MAC, ESI 00:11:11:11:11:11:11:11:11:11
to 100.46.1.2 via ge-0/0/5.0, label-switched-path pe4_to_pe1

Egress-MAC, ESI 00:33:33:33:33:33:33:33:33:33

Egress-MAC, ESI 00:33:33:33:33:33:33:33:33:33

Egress-MAC, ESI 00:11:11:11:11:11:11:11:11:11

Egress-MAC, ESI 00:33:33:33:33:33:33:33:33:33

IS-IS Feature Guide

Egress-MAC, ESI 00:11:11:11:11:11:11:11:11:11

VS-1, route-type Egress-MAC
300608 *[EVPN/7] 02:29:23
> via ge-0/0/1.1001, Pop
300624 *[EVPN/7] 02:29:23
> via ge-0/0/1.2001, Pop
301232 *[EVPN/7] 02:29:17
> via ge-0/0/1.1002, Pop
301296 *[EVPN/7] 02:29:10
> via ge-0/0/1.1003, Pop
301312 *[EVPN/7] 02:27:06
> via ae10.2003, Pop
301360 *[EVPN/7] 02:29:01
> via ge-0/0/1.1004, Pop
vpws1004, route-type Egress, vlan-id 2004
301456 *[EVPN/7] 02:27:06
Egress-MAC, ESI 00:22:22:22:22:22:22:22:22:22
Egress-MAC, ESI 00:22:22:22:22:22:22:22:22:22
mhevpn, route-type Egress-MAC
Egress-MAC, ESI 00:22:22:22:22:22:22:22:22:22


vpws1003, route-type Egress Protection, vlan-id 2003
VS-2, route-type Egress-SH, vlan-id 230

IS-IS Feature Guide



mhevpn, route-type Egress-SH, vlan-id 10
302400 *[EVPN/7] 02:26:21
> via ge-0/0/1.3001, Pop
302480 *[EVPN/7] 02:26:14
> via ge-0/0/1.3016, Pop
302560 *[EVPN/7] 02:26:06
302656 *[EVPN/7] 02:25:59
ge-0/0/1.1001 *[EVPN/7] 02:29:23
> via ge-0/0/1.2001
ge-0/0/1.2001 *[EVPN/7] 02:29:23
> via ge-0/0/1.1001
ge-0/0/1.1002 *[EVPN/7] 02:27:06
ae10.2003 *[EVPN/7] 02:29:10
> via ge-0/0/1.1003
ge-0/0/1.1003 *[EVPN/7] 02:27:06

IS-IS Feature Guide
> via ae10.2003

ge-0/0/1.1004 *[EVPN/7] 02:27:06

ae10.1010 *[EVPN/7] 02:27:06
ge-0/0/1.3001 *[EVPN/7] 02:26:20

ge-0/0/1.3016 *[EVPN/7] 02:26:13
ae10.3011 *[EVPN/7] 02:26:06
ae10.3006 *[EVPN/7] 02:25:59
show route table mpls.0 protocol ospf

user@host> show route table mpls.0 protocol ospf

299952 *[L-OSPF/10] 23:59:42, metric 0

> to 10.0.10.70 via lt-1/2/0.14, Pop
to 10.0.6.60 via lt-1/2/0.12, Swap 800070, Push 800030(top)
299952(S=0) *[L-OSPF/10] 23:59:42, metric 0
> to 10.0.10.70 via lt-1/2/0.14, Pop
to 10.0.6.60 via lt-1/2/0.12, Swap 800070, Push 800030(top)
299968 *[L-OSPF/10] 23:59:48, metric 0
> to 10.0.6.60 via lt-1/2/0.12, Pop
show route table mpls.0 extensive (PTX Series)

user@host> show route table mpls.0 extensive

TSI:
KRT in-kernel ge-0/0/2.600.0 /32 -> {composite(570)}
Address: 0x9438f34

Load balance label: Label 299808:None;

Session Id: 0x1
State: <Active Int>
Age: 47 Metric2: 1
Task: Common L2 VC
AS path: I
Composite next hops: 1
Next hop: 10.0.0.1 via ge-0/0/1.0
Session Id: 0x1
Nexthop: 10.0.0.1 via ge-0/0/1.0
show route table mpls.0 (RSVP Route—Transit LSP)

user@host> show route table mpls.0

0 *[MPLS/0] 00:37:31, metric 1

Receive
1 *[MPLS/0] 00:37:31, metric 1
Receive
2 *[MPLS/0] 00:37:31, metric 1
Receive
13 *[MPLS/0] 00:37:31, metric 1
Receive
300352 *[RSVP/7/1] 00:08:00, metric 1
> to 10.64.0.106 via ge-1/0/1.0, label-switched-path lsp1_p2p
300352(S=0) *[RSVP/7/1] 00:08:00, metric 1
> to 10.64.0.106 via ge-1/0/1.0, label-switched-path lsp1_p2p
300384 *[RSVP/7/2] 00:05:20, metric 1
> to 10.64.1.106 via ge-1/0/0.0, Pop
300384(S=0) *[RSVP/7/2] 00:05:20, metric 1
> to 10.64.1.106 via ge-1/0/0.0, Pop
show route table vpls_1 detail

user@host> show route table vpls_1 detail

IS-IS Feature Guide
vpls_1.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

Restart Complete
172.16.1.11:1000:1:1/96 (1 entry, 1 announced)

Receive table: vpls_1.l2vpn.0
Age: 4:29:47 Metric2: 1
Task: vpls_1-l2vpn
AS path: I
Communities: Layer2-info: encaps:VPLS, control flags:Site-Down
Label-base: 800000, range: 8, status-vector: 0xFF
show route table vpn-a

user@host> show route table vpn-a
vpn-a.l2vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

192.168.16.1:1:1:1/96
*[VPN/7] 05:48:27
Discard
192.168.24.1:1:2:1/96
AS path: I
192.168.24.1:1:3:1/96
AS path: I
show route table vpn-a.mdt.0

user@host> show route table vpn-a.mdt.0
vpn-a.mdt.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

1:1:0:10.255.14.216:232.1.1.1/144
*[MVPN/70] 01:23:05, metric2 1
Indirect
1:1:1:10.255.14.218:232.1.1.1/144
AS path: I
> via so-0/0/0.0, label-switched-path r0e-to-r1
1:1:2:10.255.14.217:232.1.1.1/144
AS path: I
> via so-0/0/1.0, label-switched-path r0-to-r2
show route table VPN-A detail

user@host> show route table VPN-A detail

10.255.179.9/32 (1 entry, 1 announced)


Source: 10.255.179.13
Push 299824
Indirect next hop: 8f275a0 1048574
State: (Secondary Active Int Ext)
Age: 3:41:06 Metric: 1 Metric2: 1
Task: BGP_1.10.255.179.13+64309
Announcement bits (2): 0-KRT 1-BGP RT Background
AS path: I
Communities: target:1:200 rte-type:0.0.0.0:1:0
Import Accepted
VPN Label: 299824 TTL Action: vrf-ttl-propagate
Localpref: 100
Router ID: 10.255.179.13
show route table VPN-AB.inet.0

user@host> show route table VPN-AB.inet.0

10.39.1.0/30 *[OSPF/10] 00:07:24, metric 1

> via so-7/3/1.0
10.39.1.4/30 *[Direct/0] 00:08:42
> via so-5/1/0.0
10.39.1.6/32 *[Local/0] 00:08:46
Local
10.255.71.16/32 *[Static/5] 00:07:24
> via so-2/0/0.0
10.255.71.17/32 *[BGP/170] 00:07:24, MED 1, localpref 100, from
10.255.71.15
AS path: I
10.255.71.18/32 *[BGP/170] 00:07:24, MED 1, localpref 100, from
10.255.71.15
AS path: I
10.255.245.245/32 *[BGP/170] 00:08:35, localpref 100
AS path: 2 I
> to 10.39.1.5 via so-5/1/0.0
10.255.245.246/32 *[OSPF/10] 00:07:24, metric 1
> via so-7/3/1.0
show route table VPN_blue.mvpn-inet6.0

user@host> show route table VPN_blue.mvpn-inet6.0
vpn_blue.mvpn-inet6.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)


IS-IS Feature Guide
1:10.255.2.202:65536:10.255.2.202/432
AS path: I
> via so-0/1/3.0
1:10.255.2.203:65536:10.255.2.203/432
AS path: I
> via so-0/1/0.0
1:10.255.2.204:65536:10.255.2.204/432
*[MVPN/70] 00:57:23, metric2 1
Indirect
5:10.255.2.202:65536:128:::192.168.90.2:128:ffff::1/432
AS path: I
> via so-0/1/3.0
6:10.255.2.203:65536:64500:128:::10.12.53.12:128:ffff::1/432
*[PIM/105] 00:02:37
Multicast (IPv6)
7:10.255.2.202:65536:64500:128:::192.168.90.2:128:ffff::1/432
*[MVPN/70] 00:02:37, metric2 1
Indirect
show route table vrf1.mvpn.0 extensive

user@host> show route table vrf1.mvpn.0 extensive
1:10.255.50.77:1:10.255.50.77/240 (1 entry, 1 announced)

*MVPN Preference: 70
PMSI: Flags 0x0: Label 0: RSVP-TE:
Session_13[10.255.50.77:0:25624:10.255.50.77]
Address: 0xbb2c944
Indirect next hop: 0x0 - INH Session ID: 0x0
Task: mvpn global task
Announcement bits (3): 0-PIM.vrf1 1-mvpn global task 2-rt-export
AS path: I
show route table inetflow detail

user@host> show route table inetflow detail

10.12.44.1,*/48 (1 entry, 1 announced)
State: <Active Ext>
Age: 4
Task: BGP_64500.10.12.99.5+3792
AS path: 64500 I
Communities: traffic-rate:0:0

Validation state: Accept, Originator: 10.12.99.5

Via: 10.12.44.0/24, Active
Localpref: 100
Router ID: 10.255.71.161
10.12.56.1,*/48 (1 entry, 1 announced)

*Flow Preference: 5
State: <Active>
Local AS: 64502
Age: 6:30
Task: RT Flow
Announcement bits (2): 0-Flow 1-BGP.0.0.0.0+179
AS path: I
Communities: 1:1
user@host> show route table green.l2vpn.0 (VPLS Multihoming with FEC 129)

10.1.1.2:100:10.1.1.2/96 AD
*[VPLS/170] 1d 03:11:03, metric2 1
Indirect
10.1.1.4:100:10.1.1.4/96 AD
*[BGP/170] 1d 03:11:02, localpref 100, from 10.1.1.4
> via ge-1/2/1.5
10.1.1.2:100:1:0/96 MH
*[VPLS/170] 1d 03:11:03, metric2 1
Indirect
10.1.1.4:100:1:0/96 MH
*[BGP/170] 1d 03:11:02, localpref 100, from 10.1.1.4
> via ge-1/2/1.5
10.1.1.4:NoCtrlWord:5:100:100:10.1.1.2:10.1.1.4/176
*[VPLS/7] 1d 03:11:02, metric2 1
> via ge-1/2/1.5
10.1.1.4:NoCtrlWord:5:100:100:10.1.1.4:10.1.1.2/176
*[LDP/9] 1d 03:11:02
Discard
user@host> show route table red extensive
red.inet.0: 364481 destinations, 714087 routes (364480 active, 48448 holddown, 1

hidden)
State: <OnList CalcForwarding>
TSI:
KRT in-kernel 10.0.0.0/32 -> {composite(1048575)} Page 0 idx 1 Type 1 val 0x934342c
Nexthop: Self
AS path: [2] I
@BGP Preference: 170/-1
Route Distinguisher: 2:1
Address: 0x258059e4

IS-IS Feature Guide

Source: 2.2.0.0
Session Id: 0x17d8
Push 16
Composite next hop: 0x25805988 - INH Session ID: 0x193c
Indirect next hop: 0x23eea900 - INH Session ID: 0x193c
State: <Secondary Active Int Ext ProtectionPath ProtectionCand>
Age: 23 Metric2: 35
Task: BGP_172.16.2.0.0+34549
AS path: I
Import Accepted
VPN Label: 16
Localpref: 0
Router ID: 10.2.0.0
Push 16
Indirect next hop: 0x23eea900 - INH Session ID: 0x193c
Next hop: 10.1.1.1 via ge-1/1/9.0
Session Id: 0x17d8
Nexthop: 10.1.1.1 via ge-1/1/9.0
Address: 0x9347028
Source: 10.3.0.0
Session Id: 0x17d9
Push 16
Composite next hop: 0x93463a0 1048575 INH Session ID: 0x17da
Indirect next hop: 0x91e8800 1048574 INH Session ID: 0x17da
State: <Secondary NotBest Int Ext ProtectionPath ProtectionCand>
Inactive reason: Not Best in its group - IGP metric

Task: BGP_172.16.3.0.0+32805
Announcement bits (2): 0-KRT 1-BGP_RT_Background
AS path: I

Import Accepted
VPN Label: 16
Localpref: 0
Router ID: 10.3.0.0
Push 16
Composite next hop: 0x93463a0 1048575 INH Session ID:
0x17da
Indirect next hop: 0x91e8800 1048574 INH Session ID:
0x17da
Next hop: 10.1.4.2 via ge-1/0/0.0
Session Id: 0x17d9
Nexthop: 10.1.4.2 via ge-1/0/0.0
#Multipath Preference: 255
Address: 0x24afca30
Session Id: 0x17d8
Next hop: 10.1.4.2 via ge-1/0/0.0
Session Id: 0x17d9
Push 16
Indirect next hop: 0x23eea900 - INH Session ID: 0x193c Weight 0x1

Push 16
Composite next hop: 0x93463a0 1048575 INH Session ID: 0x17da
Indirect next hop: 0x91e8800 1048574 INH Session ID: 0x17da Weight
0x4000
State: <ForwardingOnly Int Ext>
Inactive reason: Forwarding use only
Age: 23 Metric2: 35
Task: RT
AS path: I
show route table bgp.evpn.0 extensive |no-more (EVPN)

show route table bgp.evpn.0 extensive | no-more
bgp.evpn.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

2:1000:10::100::00:aa:aa:aa:aa:aa/304 (1 entry, 0 announced)

IS-IS Feature Guide

Address: 0x9420fd0
Source: 10.2.3.4
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
State: Local AS: 17 Peer AS:17 Age:21:12 Metric2:1 Validation State:
unverified
Task: BGP_17.1.2.3.4+50756
AS path: I
Communities: target:1111:8388708 encapsulation0:0:0:0:3
Import Accepted
Route Label: 100
ESI: 00:00:00:00:00:00:00:00:00:00
Localpref: 100
Router ID: 10.2.3.4
Secondary Tables: default-switch.evpn.0
Next hop: 10.10.10.1 via xe-0/0/1.0
Session Id: 0x2
Nexthop: 10.92.78.102 via em0.0
2:1000:10::200::00:bb:bb:bb:bb:bb/304 (1 entry, 0 announced)

Address: 0x9420fd0
Source: 10.2.3.4
State: Local AS:17 Peer AS:17 Age:19:43 Metric2:1 Validation
State:unverified
Task: BGP_17.1.2.3.4+50756
AS path: I
Import Accepted
Route Label: 200
ESI: 00:00:00:00:00:00:00:00:00:00
Localpref: 100
Router ID: 10.2.3.4
Next hop: 10.10.10.1 via xe-0/0/1.0
Session Id: 0x2

Nexthop: 10.92.78.102 via em0.0
2:1000:10::300::00:cc:cc:cc:cc:cc/304 (1 entry, 0 announced)

Address: 0x9420fd0
Source: 10.2.3.4
State: Local AS:17 Peer AS:17 Age:17:21 Metric2:1 Validation State:
unverified Task: BGP 17,1,2,3,4+50756
AS path: I
Import Accepted
Route Label: 300
ESI: 00:00:00:00:00:00:00:00:00:00
Localpref: 100
Router ID: 10.2.3.4
Next hop: 10.10.10.1 via xe-0/0/1.0
Session Id: 0x2
Nexthop: 10.92.78.102 via em0.0
3:1000:10::100::1.2.3.4/304 (1 entry, 0 announced)

PMSI: Flags 0x0: Label 100: Type INGRESS-REPLICATION 1.2.3.4
Address: 0x9420fd0
Source: 10.2.3.4
State: Local AS:17 Peer AS:17 Age:37:01 Metric2:1 Validation State:
unverified Task: BGP 17.1.2.3.4+50756
AS path: I
Import Accepted
Localpref: 100
Router ID: 10.2.3.4
Next hop: 10.10.10.1 via xe-0/0/1.0
Session Id: 0x2

IS-IS Feature Guide
Nexthop: 10.92.78.102 via em0.0
3:1000:10::200::1.2.3.4/304 (1 entry, 0 announced)

Address: 0x9420fd0
Source: 10.2.3.4
State: Local AS: 17 Peer AS: 17 Age:35:22 Metric2:1 Validation
State:unverified Task: BGP 17.1.2.3.4+50756
AS path:I Communities: target:2222:22 encapsulation):0:0:0:0:3
Import Accepted
Localpref: 100
Router ID: 10.2.3.4
Next hop: 10.10.10.1 via xe-0/0/1.0
Session Id: 0x2
Nexthop: 10.92.78.102 via em0.0
3:1000:10::300::1.2.3.4/304 (1 entry, 0 announced)

Address: 0x9420fd0
Source: 10.2.3.4
State: Local AS: 17 Peer AS: 17 Age 35:22 Metric2:1 Validation State:
unverified Task: BGP 17.1.2.3.4+5075
6 AS path: I Communities: target:3333:33 encapsulation0:0:0:0:3
Import Accepted Localpref:100
Router ID: 10.2.3.4
Next hop: 10.10.10.1 via xe-0/0/1.0
Session Id: 0x2
Nexthop: 10.92.78.102 via em0.0

show route table default-switch.evpn.0 extensive
The following shows the partial output listing for the EVPN VNI table.
user@host> show route table default-switch.evpn.0 extensive
3:1000:10::100::00:aa:aa:aa:aa:aa/304 (1 entry, 1 announced)

Address: 0xcebfad0
Source: 10.255.0.1
Age: 1:35:30 Metric2: 2
Task: BGP_100.10.255.0.1
Announcement bits (1): 0-default-switch-evpn
AS path: I
Communities: target:100:100 encapsulation:vxlan (0x8)
evpn-mcast-flags:0x1:snooping-enabled
. . .
show route table evpn1.evpn-mcsn
The following shows the output listing for the multicast information used by the rpd and
mcsnoopd.
user@host> show route table default-switch.evpn-mcsn.1
default-switch.evpn-mcsn.1: 9 destinations, 9 routes (9 active, 0 holddown, 0

hidden)
0.14,0.0,0.0/48 *[Multicast/180] 00:01:02

to 1.1.1.1 via vtep.32770
to 1.2.2.2 via vtep.32771
to 1.6.6.6 via vtep.32769
to 1.3.3.3 via vtep.32772
0.14,0.0,0.0,224.0.0.0/52*[Multicast/180] 00:01:02
to 1.1.1.1 via vtep.32770
to 1.2.2.2 via vtep.32771
to 1.6.6.6 via vtep.32769
0.14,0.0,0.0,225.1.1.1/80*[Multicast/180] 00:00:06
to 1.1.1.1 via vtep.32770
to 1.2.2.2 via vtep.32771
to 1.6.6.6 via vtep.32769
to 1.3.3.3 via vtep.32772
show route table evpn1 (Multihomed Proxy MAC and IP Address)
The following shows a partial output listing for an EVPN instance. This indicates when
Multihomed Proxy MAC and IP Address Route Advertisement is enabled.
user@host> show route table evpn-1

IS-IS Feature Guide
2:666:11010003::1002::00:00:00:00:00:02::102.1.1.2/304 MAC/IP (1 entry, 1

announced)
TSI:
Page 0 idx 0, (group vteps type Internal) Type 1 val 0xb20eb10 (adv_entry)
Advertised metrics:
Nexthop: 103.1.1.1
Localpref: 100
AS path: [666] I
Communities: target:666:1002 evpn-l2-info:0x20:proxy (mtu 0)
Path 2:666:11010003::1002::00:00:00:00:00:02::102.1.1.2 Vector len 4. Val: 0
*EVPN Preference: 170
Address: 0xc3a9cf0
Indirect next hop: 0x0 - INH Session ID: 0x0

show route terse

Syntax show route terse

Syntax (EX Series show route terse

Switches)

Description Display a high-level summary of the routes in the routing table.
NOTE: For BGP routes, the show route terse command displays the local
preference attribute and MED instead of the metric1 and metric2 values. This
is mostly due to historical reasons.
To display the metric1 and metric2 value of a BGP route, use the show route
extensive command.
Options none—Display a high-level summary of the routes in the routing table.


Level
List of Sample Output show route terse on page 921
Output Fields Table 47 on page 919 describes the output fields for the show route terse command. Output
Table 47: show route terse Output Fields

IS-IS Feature Guide
Table 47: show route terse Output Fields (continued)

route key Key for the state of the route:
forwarding table.
A Active route. An asterisk (*) indicates this is the active route.
V Validation status of the route:
• ?—Not evaluated. Indicates that the route was not learned through BGP.
• I—Invalid. Indicates that the prefix is found, but either the corresponding AS received from the EBGP
• N—Unknown. Indicates that the prefix is not among the prefixes or prefix ranges in the database.
• V—Valid. Indicates that the prefix and autonomous system pair are found in the database.
Destination Destination of the route.
P Protocol through which the route was learned:
• A—Aggregate
• B—BGP
• C—CCC
• D—Direct
• G—GMPLS
• I—IS-IS
• L—L2CKT, L2VPN, LDP, Local
• K—Kernel
• M—MPLS, MSDP
• O—OSPF
• P—PIM
• R—RIP, RIPng
• S—Static
• T—Tunnel
Prf Preference value of the route. In every routing metric except for the BGP LocalPref attribute, a lesser
value is preferred. In order to use common comparison routines, Junos OS stores the 1's complement
of the LocalPref value in the Preference2 field. For example, if the LocalPref value for Route 1 is 100,
the Preference2 value is -101. If the LocalPref value for Route 2 is 155, the Preference2 value is -156.
Route 2 is preferred because it has a higher LocalPref value and a lower Preference2 value.

Table 47: show route terse Output Fields (continued)
Metric 1 First metric value in the route. For routes learned from BGP, this is the MED metric.
Metric 2 Second metric value in the route. For routes learned from BGP, this is the IGP metric.
Next hop Next hop to the destination. An angle bracket (>) indicates that the route is the selected route.
• I—IGP.
• E—EGP.
Sample Output
show route terse

user@host> show route terse

A V Destination P Prf Metric 1 Metric 2 Next hop AS path

* ? 172.16.1.1/32 O 10 1 >10.0.0.2
? B 170 100 I
unverified >10.0.0.2
* ? 172.16.1.1/32 D 0 >lo0.2
* V 2.2.0.2/32 B 170 110 200 I
valid >10.0.0.2
* ? 10.0.0.0/30 D 0 >lt-1/2/0.1
? B 170 100 I
* ? 10.0.0.1/32 L 0 Local
* ? 10.0.0.4/30 B 170 100 I
* ? 10.0.0.8/30 B 170 100 I
* I 172.16.1.1/32 B 170 90 200 I
invalid >10.0.0.2
* N 192.168.2.3/32 B 170 100 200 I
unknown >10.0.0.2
* ? 172.16.233.5/32 O 10 1 MultiRecv

IS-IS Feature Guide
show security keychain
Syntax show security keychain

<brief | detail>

Statement introduced in Junos OS Release 12.3X50 for the QFX Series.
Description Display information about authentication keychains configured for the Border Gateway
Protocol (BGP), the Label Distribution Protocol (LDP) routing protocols, the Bidirectional
Forwarding Detection (BFD) protocol, and the Intermediate System-to-Intermediate
System (IS-IS) protocol.
Options none—Display information about authentication keychains.
brief | detail—(Optional) Display the specified level of output.

Level
List of Sample Output show security keychain brief on page 924

show security keychain detail on page 924
Output Fields Table 12 on page 649 describes the output fields for the show security keychain command.
Table 48: show security keychain Output Fields
keychain The name of the keychain in operation. All levels
Active-ID Send Number of routing protocols packets sent with the active key. All levels
Active-ID Receive Number of routing protocols packets received with the active key. All levels
Next-ID Send Number of routing protocols packets sent with the next key. All levels
Next-ID Receive Number of routing protocols packets received with the next key. All levels
Transition Amount of time until the current key will be replaced with the next key All levels
in the keychain.
Tolerance Configured clock-skew tolerance, in seconds, for accepting keys for a All levels
key chain.
Id Identification number configured for the current key. detail

Table 48: show security keychain Output Fields (continued)
Algorithm Authentication algorithm configured for the current key. detail
State State of the current key. detail
The value can be:
• receive
• send
• send-receive
For the active key, the State can be send-receive, send, or receive. For
keys that have a future start time, the State is inactive. Compare the
State field to the Mode field.
Option For IS-IS only, the option determines how Junos OS encodes the detail
message authentication code in routing protocol packets.
The values can be:
• basic—Based on RFC 5304.

• isis-enhanced—Based on RFC 5310.
The default value is basic. When you configure the isis-enhanced option,
Junos OS sends RFC 5310-encoded routing protocol packets and
accepts both RFC 5304-encoded and RFC 5310-encoded routing
protocol packets that are received from other devices.
When you configure basic (or do not include the options statement in
the key configuration) Junos OS sends and receives RFC 5304-encoded
routing protocols packets, and drops 5310-encoded routing protocol
packets that are received from other devices.
Because this setting is for IS-IS only, the TCP and the BFD protocol
ignore the encoding option configured in the key.
Start-time Time that the current key became active. detail
Mode Mode of each key (Informational only.) detail
The value can be
• receive
• send
• send-receive
The mode of the key is based on the configuration. Suppose you

configure two keys, one with a start-time of today and the other with
a start-time of next week. For both keys, the Mode can be send-receive,
send, or receive, regardless of the configured start-time. Compare the
Mode field to the State field.

IS-IS Feature Guide
Sample Output
show security keychain brief

user@host> show security keychain brief
keychain Active-ID Next-ID Transition Tolerance

Send Receive Send Receive
hakr 3 3 1 1 1d 23:58 3600
show security keychain detail

user@host> show security keychain detail
keychain Active-ID Next-ID Transition Tolerance

Send Receive Send Receive
hakr 3 3 1 1 1d 23:58 3600
Id 3, Algorithm hmac-md5, State send-receive, Option basic
Start-time Wed Aug 11 16:28:00 2010, Mode send-receive
Id 1, Algorithm hmac-md5, State inactive, Option basic
Start-time Fri Aug 20 11:30:57 2010, Mode send-receive

test policy
Syntax test policy policy-name prefix

Description Test a policy configuration to determine which prefixes match routes in the routing table.
NOTE: If you are using the test policy command on a logical system, you must
first set the CLI to the logical system context. For example, if you want to test
a routing policy that is configured on logical system R2, first run the set cli
logical-system R2 command.
Options policy-name—Name of a policy.
prefix—Destination prefix to match.
Additional Information All prefixes in the default unicast routing table (inet.0) that match prefixes that are the
same as or longer than the specific prefix are processed by the from clause in the specified
policy. All prefixes accepted by the policy are displayed. The test policy command
evaluates a policy differently from the BGP import process. When testing a policy that
contains an interface match condition in the from clause, the test policy command uses
the match condition. In contrast, BGP does not use the interface match condition when
evaluating the policy against routes learned from internal BGP (IBGP) or external BGP
(EGBP) multihop peers.
When testing a policy, you can see the length of time (in microseconds) required to
evaluate the policy and the number of times it has been executed by running the show
policy policy-name statistics command.

Level
Related • Understanding Routing Policy Tests

Documentation
• Example: Testing a Routing Policy with Complex Regular Expressions
• show policy on page 718
List of Sample Output test policy on page 926

IS-IS Feature Guide
Sample Output
test policy
user@host> test policy test-statics 172.16.0.1/8

Prefixes passing policy:

AS Path: 50888 I
> to 10.11.4.32 via en0.2, label-switched-path l2
172.16.3.1/32 *[IS-IS/18] 2d 00:21:46, metric 0, tag 2
> to 10.0.4.7 via fxp0.0
172.16.3.2/32 *[IS-IS/18] 2d 00:21:46, metric 0, tag 2
> to 10.0.4.7 via fxp0.0
172.16.3.3/32 *[IS-IS/18] 2d 00:21:46, metric 0, tag 2
> to 10.0.4.7 via fxp0.0
172.16.3.4/32 *[IS-IS/18] 2d 00:21:46, metric 0, tag 2
> to 10.0.4.7 via fxp0.0
Policy test-statics: 5 prefixes accepted, 0 prefixes rejected

traceroute clns
Syntax traceroute clns <host>

routing-instance <name>
source <source-address>
ttl <value>
wait <seconds>
Release Information Command introduced in Junos OS Release 8.0
Description Trace the route belonging to Connectionless Network Service (CLNS).
Options host—IP address or name of remote host.
routing-instance name—Name of the routing instance for a traceroute attempt.
source source address—Source address to be used in outgoing packets.
ttl value—CLNP maximum time-to-live value. The range of values is 1 through 255.
wait seconds—Number of seconds to wait for a response. The range of values is 1 second
through 1 day.
Required Privilege network

Level
List of Sample Output traceroute clns on page 927
Output Fields Table 49 on page 927 describes the output fields for the traceroute clns command. Output
Table 49: Traceroute clns Output Fields
source Source address used in outgoing packets.
traceroute to IP address of the receiver.
hops max Maximum number of hops allowed.
byte packets Size of packets being sent.
Sample Output
traceroute clns
user@host>traceroute clns <ISO address of the destination> source <ISO address of the source>

IS-IS Feature Guide
traceroute clns 49.0005.80ff.f800.0000.0108.0001.0102.5522.4145.00 source

47.0005.80ff.f800.0000.0108.0001.0102.5522.4143.00
clnstraceroute to 49.0005.80ff.f800.0000.0108.0001.0102.5522.4145.00 from
47.0005.80ff.f800.0000.0108.0001.0102.5522.4143.00, 30 hops max, 17 byte packets
1 47.0005.80ff.f800.0000.0108.0001.0010.0010.0010.00 7.080 ms 5.579 ms 5.882

ms
2 * * *
3 * * *
4 * * *
5 49.0005.80ff.f800.0000.0108.0001.0102.5522.4145.00 11.325 ms 7.704 ms 5.261
ms

ISIS

Uploaded by

Document Informationclick to expand document informationguide

Document Informationclick to expand document information

Copyright:

Available Formats

ISIS

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISIS

Uploaded by

Copyright:

Available Formats

Junos® OS

IS-IS Feature Guide

Copyright © 2019, Juniper Networks, Inc.

YEAR 2000 NOTICE

END USER LICENSE AGREEMENT

ii Copyright © 2019, Juniper Networks, Inc.

Part 2 Configuring IS-IS

Copyright © 2019, Juniper Networks, Inc. iii

Chapter 3 Configuring IS-IS Authentication and Checksums . . . . . . . . . . . . . . . . . . . . . 33

iv Copyright © 2019, Juniper Networks, Inc.

Understanding IS-IS IPv4 and IPv6 Unicast Topologies . . . . . . . . . . . . . . . . . . . . 177

Copyright © 2019, Juniper Networks, Inc. v

Example: Configuring Anycast and Prefix Segments in SPRING for IS-IS to

Part 3 Monitoring and Troubleshooting Network Issues

vi Copyright © 2019, Juniper Networks, Inc.

Verify the IS-IS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423

Part 4 Configuration Statements and Operational Commands

Copyright © 2019, Juniper Networks, Inc. vii

interface (Protocols IS-IS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494

viii Copyright © 2019, Juniper Networks, Inc.

Copyright © 2019, Juniper Networks, Inc. ix

show isis authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648

x Copyright © 2019, Juniper Networks, Inc.

Part 2 Configuring IS-IS

Copyright © 2019, Juniper Networks, Inc. xi

Part 3 Monitoring and Troubleshooting Network Issues

xii Copyright © 2019, Juniper Networks, Inc.

Part 2 Configuring IS-IS

Part 3 Monitoring and Troubleshooting Network Issues

Part 4 Configuration Statements and Operational Commands

Copyright © 2019, Juniper Networks, Inc. xiii

Table 23: show isis overview Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 692

xiv Copyright © 2019, Juniper Networks, Inc.

• Documentation and Release Notes on page xv

Documentation and Release Notes

Using the Examples in This Manual

Copyright © 2019, Juniper Networks, Inc. xv

Merging a Full Example

xvi Copyright © 2019, Juniper Networks, Inc.

[edit system scripts]

Table 1 on page xvii defines notice icons used in this guide.

Table 1: Notice Icons

Icon Meaning Description

Informational note Indicates important features or instructions.

Warning Alerts you to the risk of personal injury or death.

Tip Indicates helpful information.

Best practice Alerts you to a recommended use or implementation.

Copyright © 2019, Juniper Networks, Inc. xvii

Table 2: Text and Syntax Conventions

Convention Description Examples

• • Junos OS CLI User Guide

| (pipe symbol) Indicates a choice between the mutually broadcast | multicast

Indention and braces ( { } ) Identifies a level in the configuration [edit]

xviii Copyright © 2019, Juniper Networks, Inc.

Table 2: Text and Syntax Conventions (continued)

Convention Description Examples

• E-mail—Send your comments to [email protected]. Include the document

Requesting Technical Support