Posted inNetworking

IS-IS on Linux: Why ISPs Choose It Over OSPF (and How to Configure It)

Networking tutorial - IT technology blog
Networking tutorial - IT technology blog

The Scalability Wall: Why OSPF Isn’t Always the Answer

Most networking careers start with OSPF. It is everywhere, well-documented, and works for standard enterprise shops. However, as I have scaled fabrics for large ISPs and high-density data centers, OSPF’s rigid area structure often becomes a liability. I’ve seen OSPF convergence times crawl to several seconds in networks with over 500 nodes because of constant LSA flooding and CPU-intensive SPF recalculations.

Intermediate System to Intermediate System (IS-IS) handles these massive scales with ease. Originally built for the OSI protocol suite, it was later adapted for IP. Because it runs directly on Layer 2, it is invisible to IP-based spoofing or DoS attacks. In my experience, mastering IS-IS is the single most important step if you want to move from basic networking into the world of Tier-1 Service Providers.

Core Concepts: Thinking in IS-IS

Stop thinking in OSPF areas and start thinking in Levels. While both protocols use the Dijkstra algorithm, IS-IS builds its hierarchy differently.

1. Levels instead of Areas

Forget Area 0. In IS-IS, the backbone is a collection of Level 2 routers.

  • Level 1 (L1): Local routing. Routers only care about their own area.
  • Level 2 (L2): The backbone. This connects different L1 areas.
  • Level 1-2 (L1L2): The bridge. These routers act as the boundary, similar to an OSPF ABR.

2. The NET Address

IS-IS does not use a 32-bit Router ID. Instead, it uses a Network Entity Title (NET). A typical NET looks like 49.0001.1921.6800.1001.00. It follows a strict 20-byte logic.

  • 49: The Authority Identifier (Private use).
  • 0001: The Area ID.
  • 1921.6800.1001: The System ID. A pro tip: take your Loopback IP (192.168.0.1), pad it (192.168.000.001), and regroup it into three blocks of four digits.
  • 00: The N-Selector. This is always 00 for the router itself.

Hands-on Practice: Deploying IS-IS with FRRouting

I use FRRouting (FRR) for this setup. It provides a Cisco-like CLI (vtysh) and is the production standard for open-source routing on Linux. Let’s link two nodes.

Step 1: Get the Binaries

Update your packages and install the FRR suite. This example uses Ubuntu 22.04.

sudo apt update && sudo apt install frr -y

The IS-IS daemon is off by default. You must wake it up in /etc/frr/daemons.

# Change isisd=no to isisd=yes
sudo sed -i 's/isisd=no/isisd=yes/' /etc/frr/daemons
sudo systemctl restart frr

Step 2: Configure via VTYSH

I prefer the shell over editing raw files. It catches syntax errors immediately.

sudo vtysh

Now, build the IS-IS process. We will set this as a Level-2 router to form a backbone link. This is common in spine-leaf architectures where every node is part of the backbone.

conf t
router isis CORE
  net 49.0001.0000.0000.0001.00
  is-type level-2-only
  topology ipv4-unicast
exit

Step 3: Activating Interfaces

Unlike BGP, you don’t define neighbors by IP. You enable IS-IS on the interface, and it finds its peers automatically.

interface eth1
  ip router isis CORE
  isis network point-to-point
exit

interface lo
  ip router isis CORE
exit
write memory

Note the point-to-point command. In modern data centers, we use P2P links to skip the DIS (Designated Intermediate System) election. This can shave 2-3 seconds off neighbor formation time.

Verification: Checking the Link

Configure your second node with a unique System ID (like 0000.0000.0002). Then, check the adjacency.

show isis neighbor

If the state is “Up,” you’re golden. If it says “Init,” check your MTU. IS-IS Hello packets are padded to the full MTU (usually 1500 bytes), and if your link can’t handle it, the adjacency will fail.

To see the actual routes:

show ip route isis

This is the ultimate proof. If you see your remote loopbacks here, the SPF algorithm has successfully calculated the shortest path across your fabric.

Conclusion

Learning IS-IS feels like picking up a new dialect. Its elegance in large networks is unmatched. By separating the routing logic from the IP stack, you get a level of stability that OSPF lacks at scale. Whether you are building a modern CLOS topology or managing a regional backbone, FRRouting on Linux offers a rock-solid, free way to run the world’s most scalable protocol.

Success with IS-IS depends on two things: a clean NET addressing plan and knowing when to use P2P links. Master those, and your network will stay stable long after OSPF would have buckled.

Share:
Tags: