cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
431
Views
4
Helpful
2
Replies

Bizzarre ISIS routing issue

kagodfrey
Level 3
Level 3

Hi

I have 5 Sites, each with local lan and 2 routers (one connects to upstream site over WAN link, one to downstream site over a WAN link) thus: L1-S1R2-W1/2-S2R1-L2-S2R2-W2/3-S3R1-L3-S3R2-W3/4-S4R1-L4-S4R2-W4/5-S5R1-L5-S5R2-W5/1-S1R1-L1

Essentilally forming a ring if you bend the ends of the depiction around and join the L1s together...

Routing is ISIS. Under normal conditions, routes to a LAN subnet directly connected to site S1 (LAN L1) look like this...

S1R2-C

S2R1-115/30 via w1/2 (i.e. left)

S2R2-115/40 via L2 (i.e. left)

S3R1-115/60 via w2/3 (i.e. left)

S3R2-115/70 via L3 (i.e. left)

S4R1-115/70 via L4 (i.e. right)

S4R2-115/60 via w4/5 (i.e. right)

S5R1-115/40 via L5 (i.e. right)

S5R2-115/30 via w5/1 (i.e. right)

S1R1-C

So, from the point of view of the layout as depicted above, half the routes point "left", and half point "right". So far, so good. Now, if I shut the L1 interface on S1R2, I am expecting all of the routes to the L1 subnet to point "right", as clearly the access to that subnet in the "left" direction is hosed. But, of course, that isn't what happens, and I can't understand why. What I end up with is this:

S1R2-115/150 via w1/2 (i.e. right) - correct

S2R1-115/130 via L2 (i.e. right) - correct

S2R2-115/120 via w2/3 (i.e. right) - correct

S3R1-115/60 via w2/3 (i.e. left) - what?

S3R2-115/70 via L3 (i.e. left) - No!!!

S4R1-115/70 via L4 (i.e. right) - correct

S4R2-115/60 via w4/5 (i.e. right) - correct

S5R1-115/40 via L5 (i.e. right) - correct

S5R2-115/30 via w5/1 (i.e. right) - correct

S1R1-C

As you can see, for some reason the routers at S3 simply refuse to re-route the subnet and it remains pointing "left" whereas devices 'more left' of that site are correctly routing it to the right. Distances metrics 'more left' of S3 are as one would expect, but on the S3 routers themselves they are incorrect - as we are incrementing 10 on the local LAN and 20 across the WAN, I'd expect the routing to be "115/100 via L3" for S3R1 and "115/90 via w3/4" for S3R2... Now of course S2 and S3 are cut off from the L1 subnet.

As an aside, if I shut the WAN interface in S1R2 instead of the LAN, the routes to the L1 subnet do all point "right" as expected

I'm not overly experienced with ISIS so I can't fathom why this is happening. can anyone shed any light on the matter?

TIA

Kev

2 Replies 2

Harold Ritter
Cisco Employee
Cisco Employee

Kevin,

Can you change the network type to point-to-point on the LAN segments and see if it solves the issue.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi

That is certainly a fine idea, and I suspect it would then work correctly. I have done some further testing over the weekend and found a couple of interesting things leading me to believe that the problem lies on the link between W2/3 S2 and S3. Firstly, if we GRE tunnel this link, everything starts working as it should. Secondly, if we switch off network type point-to-point on the link interfaces, the routers don't even see each other as neighbours anymore (whereas on every other link in the circuit the neighbor relationships remain after the change). It would seem that the W2/3 link is not passing certain (non point-to-point network generated) LSPs correctly and thus the S3 routers still believe that the L1 routes exist. We have already had issues with the service provider equipment on the circuits not being entirely "ISIS capable" and it appears that despite their claim that all the equipment has now been upgraded, something spurious on this link remains. We have raised this with the ISP and currently need to leave the configs as-is whilst they investigate.

Moving the LAN segments to point-to-point is a fine idea and should make for a decent workaround (better than GRE anyway!) should the ISP drag their feet on this, although luckily we still have plenty of time before the circuits are due to carry live data.

Many thanks for the input

Kev

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: