IS-IS 基础 | NSAP 地址详解

注：机翻，未校。

---

IS-IS Fundamentals _Cisco

IS-IS (Intermediate System -to- Intermediate System) is a standardized link-state protocol that was developed to be the definitive routing protocol for the OSI (Open Systems Interconnect) Model, which was developed by ISO (International Standards Organization). IS-IS shares many similarities to OSPF. Though it was designed as an interior gateway protocol (IGP), IS-IS is predominantly used by ISPs, due to its scalability.

IS-IS（中间系统到中间系统）是一种标准化的链路状态协议，旨在成为 OSI（开放系统互连）模型的最终路由协议，该模型由 ISO（国际标准化组织）开发。IS-IS 与 OSPF 有许多相似之处。尽管 IS-IS 被设计为内部网关协议 （IGP），但由于其可扩展性，它主要由 ISP 使用。

IS-IS adheres to the following Link State characteristics:
IS-IS 遵循以下链路状态特征：

• IS-IS allows for a hierarchical network design using Areas.
  IS-IS 允许使用 Areas 进行分层网络设计。

• IS-IS will form neighbor relationships with adjacent routers of the same IS-IS type.
  IS-IS 将与相同 IS-IS 类型的相邻路由器形成邻居关系。

• Instead of advertising the distance to connected networks, IS-IS advertises the status of directly connected “links” in the form of Link-State Packets (LSPs). IS-IS will only send out updates when there is a change to one of its links, and will only send the change in the update.
  IS-IS 不向连接的网络通告距离，而是以链路状态数据包 （LSP） 的形式通告直接连接的“链路”的状态。IS-IS 仅在其其中一个链接发生更改时发送更新，并且只会发送更新中的更改。

• IS-IS uses the Dijkstra Shortest Path First algorithm to determine the shortest path.
  IS-IS 使用 Dijkstra 最短路径优先算法来确定最短路径。

• IS-IS is a classless protocol, and thus supports VLSMs.
  IS-IS 是一种无类协议，因此支持 VLSM（Variable-Length Subnet Masks，可变长度子网掩码）。

Other characteristics of IS-IS include:
IS-IS 的其他特性包括：

• IS-IS was originally developed to route the ISO address space, and thus is not limited to IP routing.
  IS-IS 最初是为了路由 ISO 地址空间而开发的，因此不限于 IP 路由。

• IS-IS routes have an administrative distance is 115.
  IS-IS 路由的管理距离为 115。

• IS-IS uses an arbitrary cost for its metric. IS-IS additionally has three optional metrics: delay, expense, and error. Cisco does not support these optional metrics.
  IS-IS 对其指标使用任意成本。IS-IS 还有三个可选指标：delay、expense 和 error。Cisco 不支持这些可选指标。

• IS-IS has no hop-count limit.
  IS-IS 没有跃点计数限制。

The IS-IS process builds and maintains three separate tables:
IS-IS 进程构建和维护三个独立的表：

• A neighbor table – contains a list of all neighboring routers.
  邻居表 – 包含所有相邻路由器的列表。

• A topology table – contains a list of all possible routes to all known networks within an area.
  拓扑表 – 包含到一个区域内所有已知网络的所有可能路由的列表。

• A routing table – contains the best route for each known network.
  路由表 – 包含每个已知网络的最佳路由。

IS-IS is only available on enterprise versions of the Cisco IOS.
IS-IS 仅在 Cisco IOS 的企业版上可用。

IS-IS consists of three sub-protocols that work in tandem to achieve end-to- end routing which ISO defined as Connectionless Network Service (CLNS):
IS-IS 由三个子协议组成，它们协同工作以实现端到端路由，ISO 将其定义为无连接网络服务 （CLNS）：

• CLNP (Connectionless Network Protocol) – serves as the Layer-3 protocol for IS-IS (and was developed by ISO).
  CLNP（无连接网络协议）– 用作 IS-IS 的第 3 层协议（由 ISO 开发）。

• ES-IS (End System -to- Intermediate System) – used to route between hosts and routers.
  ES-IS（终端系统到中间系统）— 用于在主机和路由器之间路由。

• IS-IS (Intermediate System -to- Intermediate System) – used to route between routers.
  IS-IS（中间系统到中间系统） – 用于在路由器之间路由。

IS-IS was originally developed to route ISO CLNP addresses (outlined in RFC 1142). However, CLNP addressing never became prominently used. Thus, IS-IS was modified to additionally support IP routing, and became **Integrated (**or Dual) IS-IS (outlined in RFC 1195).

IS-IS 最初开发用于路由 ISO CLNP 地址（在 RFC 1142 中概述）。但是，CLNP 寻址从未得到广泛使用。因此，IS-IS 被修改为额外支持 IP 路由，并成为集成（或双）IS-IS（在 RFC 1195 中概述）。

The IS-IS CLNP address is hexadecimal and of variable length, and can range from 64 to 160 bits in length. The CLNP address contains three “sections,” including:

IS-IS CLNP 地址是十六进制的，长度可变，长度范围为 64 到 160 位。CLNP 地址包含三个“部分”，包括：

• Area field – (variable length)
  Area field （区域字段） -（可变长度）
• ID field – (from 8 to 64 bits, though usually 48 bits)
  ID 字段 – （从 8 到 64 位，但通常为 48 位）
• Selector (SEL) field - (8 bits)
  选择器 （SEL） 字段 - （8 位）

Thus, the CLNP address identifies the “Area” in which a device is located, the actual host “ID,” and the destination application on that host, in the form of the “SEL” field. The CNLP address is logically segmented even further, as demonstrated by the following table:

因此，CLNP 地址以 “SEL” 字段的形式标识设备所在的 “Area”、实际主机 “ID” 以及该主机上的目标应用程序。CNLP 地址在逻辑上进一步分段，如下表所示：

Observe the top row of the above figure. The ISO CLNP address provides granular control by separating internal and external routing information:

观察上图的第一行。ISO CLNP 地址通过分隔内部和外部路由信息来提供精细控制：

• The IDP (Initial Domain Part) portion of the address identifies the Autonomous System of the device (and is used to route to or between Autonomous Systems)
  地址的 IDP（初始域部分）部分标识设备的自治系统（用于路由到自治系统或在自治系统之间路由）

• The DSP (Domain Specific Part) portion of the address is used to route within the autonomous system.
  地址的 DSP （Domain Specific Part） 部分用于在自治系统内进行路由。

The IDP portion of the address is separated into two “sections,” including:

地址的 IDP 部分分为两个“部分”，包括：

• AFI (Authority and Format Identifier) – specifies the organization authorized to assign addresses, and the format and length of the rest of the CLNP address. The AFI is always 8 bits.
  AFI （Authority and Format Identifier） （授权和格式标识符） – 指定有权分配地址的组织，以及 CLNP 地址其余部分的格式和长度。AFI 始终为 8 位。

• IDI (Initial Domain Identifier) – identifies the “sub- organization” under the parent AFI organization. The length of the IDI is dependent on the chosen AFI.
  IDI（初始域标识符） – 标识父 AFI 组织下的“子组织”。IDI 的长度取决于所选的 AFI。

An AFI of 0x49 indicates a private CLNP address, which cannot be routed globally (the equivalent of an IPv4 private address).

AFI 0x49 / 0x47

AFI 为 0x49 表示私有 CLNP 地址，该地址不能全局路由（相当于 IPv4 私有地址）。

An AFI of 0x47 is commonly used for global IS-IS networks, with the IDI section identifying specific organizations.

AFI 为 0x47 的通常用于全球 IS-IS 网络，其中 IDI 部分用于标识特定组织。

The AFI plus the IDI essentially identify the autonomous system of the address. However, this is not the equivalent of a BGP AS number, nor is it compatible with BGP as an exterior routing protocol.

AFI 加上 IDI 基本上标识了地址的自治系统。但是，这并不等同于 BGP AS 编号，也与作为外部路由协议的 BGP 不兼容。

The DSP portion of the address is separated into three “sections,” including:

地址的 DSP 部分分为三个“部分”，包括：

• HO-DSP (High Order DSP) – identifies the area within an autonomous system
  HO-DSP （High Order DSP） – 识别自主系统内的区域

• System ID – identifies the specific host. Usually 48 bits (or 6 octets) in length, to accommodate MAC addresses
  系统 ID – 标识特定主机。通常为 48 位（或 6 个八位字节）以适应 MAC 地址

• NSEL – identifies the destination upper layer protocol of the host (always 8 bits)
  NSEL – 标识主机的目标上层协议（始终为 8 位）

Two “types” of CLNP addresses are defined:

定义了两种 “类型” 的 CLNP 地址：

• NET address – does not contain upper-layer information (in other words, the SEL field is always set to 0x00)
  NET address – 不包含上层信息（换句话说，SEL 字段始终设置为 0x00）

• NSAP address – the “full” CLNP address, with populated Area, ID, and SEL fields.
  NSAP 地址 – “完整”CLNP 地址，其中填充了 Area、ID 和 SEL 字段。

Please note: A NET address is simply an NSAP address with a zero value in the SEL field.

请注意：NET 地址只是 SEL 字段中值为零的 NSAP 地址。

The following is an example of a full ISO CLNS address: 47.1234.5678.9abc.def0.0001.1111.2222.3333.00
以下是完整 ISO CLNS 地址的示例：47.1234.5678.9abc.def0.0001.1111.2222.3333.00

Correlating the above address to the appropriate fields:

将上述地址与相应的字段相关联：

The System-ID is usually populated by the device’s MAC address or IPv4 address.

系统 ID 通常由设备的 MAC 地址或 IPv4 地址填充。

Recall that CLNS addresses are of variable length. We can specify addresses without an IDI field:
回想一下，CLNS 地址的长度是可变的。我们可以指定没有 IDI 字段的地址：

47.0001.1111.2222.3333.00

Thus, the above address contains an AFI (Autonomous System), HO-DSP (Area), System-ID (in this example, a MAC Address), and the *NSEL (*SEL). Because the SEL field has a zero value (0x00), the above address is defined as a NET address, and not an NSAP address.

因此，上述地址包含 AFI（自治系统）、HO-DSP（区域）、System-ID（在本例中为 MAC 地址）和 *NSEL （*SEL）。由于 SEL 字段的值为零（0x00） ，因此上述地址定义为 NET 地址，而不是 NSAP 地址。

ISO CLNS addresses are not applied on an interface-by-interface basis. Instead, a single CLNS address is applied to the entire device.

ISO CLNS 地址不是逐个接口应用的。相反，单个 CLNS 地址将应用于整个设备。

Even if Integrated IS-IS is being used (thus indicating that IPv4 is being routed instead of CLNS), a CLNS address is still required on the IS-IS router. This is configured under the IS-IS router process.

即使正在使用集成 IS-IS（即表示路由的是 IPv4 而不是 CLNS），IS-IS 路由器上仍需要 CLNS 地址。这是在 IS-IS 路由器进程下配置的。

Routers within the same area must share identical AFI, IDI, and HO-DSP values, but each must have a unique System-ID

同一区域内的路由器必须共享相同的 AFI、IDI 和 HO-DSP 值，但每个值都必须具有唯一的系统 ID

IS-IS Packet Types IS-IS 数据包类型

IS-IS defines two categories of network devices:

IS-IS 定义了两类网络设备：

• ES (End System) – identifies an end host.
  ES （End System） （终端节点系统） – 标识终端节点主机。
• IS (Intermediate System) – identifies a Layer 3 router.
  IS（中间系统） – 标识第 3 层路由器。

IS-IS additionally defines four categories of packet types:

IS-IS 还定义了四类数据包类型：

• Hello

  Hello packets are exchanged for neighbor discovery. Three types of IS-IS Hello packets exist:

  Hello 数据包交换用于邻居发现。IS-IS Hello 数据包分为三种类型：

  • IIH (IS-IS Hello) – exchanged between routers (or IS’s) to form neighbor adjacencies.
    IIH – 在路由器（或 IS）之间交换以形成邻接关系。

  • ESH (ES Hello) – sent from an ES to discover a router.
    ESH – 从 ES 发送以发现路由器。

  • ISH (IS Hello) – sent from an IS to announce its presence to ES’s
    ISH – 从 IS 发送，向 ES 的

• LSP

An LSP (Link State Packet) is used to share topology information between routers. There are separate LSPs for Level 1 and Level 2 routing. LSP’s are covered in great detail shortly.

LSP（链路状态数据包）用于在路由器之间共享拓扑信息。第 1 级和第 2 级路由有单独的 LSP。

• CSNP

A CSNP (Complete Sequence Number PDU) is an update containing the full link-state database. IS-IS routers will refresh the full database every 15 minutes.

CSNP （Complete Sequence Number PDU） 是包含完整链路状态数据库的更新。IS-IS 路由器将每 15 分钟刷新一次完整数据库。

• PSNP

A PSNP (Partial Sequence Number PDU) is used by IS-IS routers to both request and acknowledge a link-state update.

IS-IS 路由器使用 PSNP（部分序列号 PDU）来同时请求并确认链路状态更新。

IS-IS routers form neighbor relationships, called adjacencies, by exchanging Hello packets (often referred to as IS-IS Hellos or IIH’s). Hello packets are sent out every 10 seconds, regardless of media type. Only after an adjacency is formed can routers share routing information.

IS-IS 路由器通过交换 Hello 数据包（通常称为 IS-IS Hello 或 IIH）来形成邻接关系，称为邻接关系。Hello 数据包每 10 秒发送一次，与媒体类型无关。只有形成邻接关系后，路由器才能共享路由信息。

IS-IS supports three IIH packet formats; one for point-to-point links, and two for broadcast (or LAN) links (Level-1 and Level-2 broadcast Hellos).

IS-IS 支持三种 IIH 数据包格式; 一个用于点对点链路，两个用于广播（或 LAN）链路（级别 1 和 2 级广播 Hello）。

Unlike OSPF, IS-IS neighbors do not have to share a common IP subnet to form an adjacency. Adjacencies are formed across CLNP connections, not IP connections, even when using Integrated IS-IS. Thus, IS-IS actually requires no IP connectivity between its routers to route IP traffic!

与 OSPF 不同，IS-IS 邻居不必共享公共 IP 子网即可形成邻接关系。邻接关系是通过 CLNP 连接而不是 IP 连接形成的，即使在使用集成 IS-IS 时也是如此。因此，IS-IS 实际上不需要其路由器之间的 IP 连接来路由 IP 流量！

There are two types of adjacencies:

有两种类型的邻接关系：

• Level-1 adjacency – for routing within an area (intra-area routing，区域内路由)

• Level-2 adjacency – for routing between areas (inter-area routing，区域间路由)

IS-IS routers must share a common physical link to become neighbors, and the System-ID must be unique on each router. Additionally, the following parameters must be identical on each router:

IS-IS 路由器必须共享一条公共物理链路才能成为邻居，并且每个路由器上的 System-ID 必须是唯一的。此外，每个路由器上的以下参数必须相同：

• Hello packet format (point-to-point or broadcast)

• Hello timers

• Router “level” (explained shortly，稍后解释)

• Area (only for Level-1 adjacencies)

• Authentication parameters (Cisco devices currently support only clear-text authentication for IS-IS).

• MTU

Neighbors will elect a DIS (Designated Intermediate System) on broadcast links. A DIS is the equivalent of an OSPF DR (Designated Router). Unlike OSPF, however, there is no Backup DIS, and thus a new election will occur immediately if the DIS fails. Additionally, the DIS election is preemptive.

邻居将在广播链路上选择一个 DIS（指定中间系统）。DIS 相当于 OSPF DR（指定路由器）。但是，与 OSPF 不同的是，没有备份 DIS，因此如果 DIS 失败，将立即进行新的选举。此外，DIS 选举是先发制人的。

Whichever IS-IS router has the highest priority will be elected the DIS (default priority is 64). In the event of a tie, whichever IS-IS router has the highest SNPA (*usually MAC*) address will become the DIS. The DIS sends out hello packets every 3.3 seconds, instead of every 10 seconds.

优先级最高的 IS-IS 路由器将被选为 DIS（默认优先级为 64）。如果出现平局，则具有最高 SNPA（通常是 MAC）地址的 IS-IS 路由器将成为 DIS。DIS 每 3.3 秒发送一次你好数据包，而不是每 10 秒发送一次。

The IS-IS Hierarchy IS-IS 层次结构

IS-IS defines three types of IS-IS routers:

IS-IS 定义了三种类型的 IS-IS 路由器：

• Level-1 Router – contained within a single area, with a topology table limited to only its local area (called the Level-1 Database)
  Level-1 Router – 包含在单个区域内，拓扑表仅限于其本地区域（称为 Level-1 数据库）
• Level-2 Router - a backbone router that routes between areas, and builds a Level-2 Database.
  Level-2 Router - 在区域之间路由并构建 Level-2 数据库的主干路由器。
• Level-1-2 Router – similar to an area border router. Interfaces between a local area and the backbone area, and builds both a Level-1 and a Level-2 database.
  Level-1-2 Router – 类似于区域边界路由器。本地和主干区域之间的接口，并构建 Level-1 和 Level-2 数据库。

Each type of IS-IS router will form only specific adjacencies:

每种类型的 IS-IS 路由器将仅形成特定的邻接关系：

• Level-1 routers form Level-1 adjacencies with other Level-1 routers and Level-1-2 routers.
  1 级路由器与其他 1 级路由器和 1-2 级路由器形成 1 级邻接关系。
• Level-2 routers form Level-2 adjacencies with other Level-2 routers and Level-1-2 routers.
  2 级路由器与其他 2 级路由器和 1-2 级路由器形成 2 级邻接关系。
• Level-1-2 routers form both Level-1 and Level-2 adjacencies with other Level-1-2 routers.
  1-2 级路由器与其他 1-2 级路由器形成 1 级和 2 级邻接关系。
• Level-1 routers will never form adjacencies with Level-2 routers.
  1 级路由器永远不会与 2 级路由器形成邻接关系。

The IS-IS backbone consists of multiple contiguous Level-2 routers, each of which can exist in a separate area.

IS-IS 主干网由多个连续的 2 级路由器组成，每个路由器都可以存在于单独的区域中。

Neighbors build their topology tables by sharing LSP’s (Link-State Packets), which are roughly the equivalent of OSPF LSA’s. Depending on the type of adjacency, a router will send out either a Level-1 or Level-2 LSP.

邻居通过共享 LSP（链路状态数据包）来构建其拓扑表，LSP 大致相当于 OSPF LSA。根据邻接类型，路由器将发出 1 级或 2 级 LSP。

Level-1 routers share Level-1 LSP’s, and will build a Level-1 topology table consisting of solely its own area (thus forming the equivalent of an OSPF Totally Stubby area). If a Level-1 router has a packet destined for the local area, it simply routes the packet to the System ID by using the local topology table (Level-1 database).

1 级路由器共享 1 级 LSP，并将构建一个仅由其自身区域组成的 1 级拓扑表（从而形成相当于 OSPF Totally Stubby 区域）。如果 Level-1 路由器有一个发往本地区域的数据包，则它只需使用本地拓扑表（Level-1 数据库）将数据包路由到系统 ID。

If a Level-1 router has a packet destined for a remote area, it forwards it to the nearest Level-1-2 router. Level-1-2 routers set an Attach (ATT) bit in their Level-1 LSP’s, informing other Level-1 routers that they are attached to another area.

如果 Level-1 路由器有发往远程区域的数据包，它会将其转发到最近的 Level-1-2 路由器。1-2 级路由器在其 1 级 LSP 中设置一个 Attach （ATT） 位，通知其他 1 级路由器它们已连接到另一个区域。

Level-2 routers share Level-2 LSP’s, and will build a Level-2 topology table, which contains a list of reachable areas across the IS-IS domain.

2 级路由器共享 2 级 LSP，并将构建一个 2 级拓扑表，其中包含跨 IS-IS 域的可访问区域列表。

Level-1-2 routers will share both Level-1 and Level-2 LSP’s with its appropriate adjacencies. Level-1-2 routers maintain separate Level-1 and Level-2 topology tables.

1-2 级路由器将与其相应的邻接共享 1 级和 2 级 LSP。1-2 级路由器维护单独的 1 级和 2 级拓扑表。

Level-1 routes (locally originated) are always preferred over Level-2 routes (originated from another area).

1 级路由（本地源自）始终优先于 2 级路由（源自其他区域）。

IS-IS routers will refresh the Link-State topology table every 15 minutes (as opposed to every 30 minutes for OSPF).

IS-IS 路由器将每 15 分钟刷新一次链路状态拓扑表（而不是 OSPF 每 30 分钟刷新一次）。

To configure IS-IS, the IS-IS process must first be established:

要配置 IS-IS，必须先建立 IS-IS 进程：

Router(config)# router isis

The router must then be configured with a CLNP address:

然后，必须为路由器配置 CLNP 地址：

Router(config)# router isis

Router(config-router)# net 49.0001.1921.6800.5005.00

To globally dictate the router-type of all interfaces (default is level-1-2):

要全局指定所有接口的路由器类型（默认为 level-1-2）：

Router(config)# router isis

Router(config-router)# is-type level-1

Router(config-router)# is-type level-1-2

Router(config-router)# is-type level-2

Finally, IS-IS must be explicitly enabled on the interface:

最后，必须在接口上显式启用 IS-IS：

Router(config)# interface fa0/0

Router(config-if)# ip router isis

This not only allows IS-IS to form neighbor relationships out of this interface, it also adds the interface’s network to the routing table.

这不仅允许 IS-IS 在此接口之外形成邻接关系，还将接口的网络添加到路由表中。

The globally configured router-type can be overridden on each individual interface:

可以在每个单独的接口上覆盖全局配置的路由器类型：

Router(config)# interface fa0/0

Router(config-if)# isis circuit-type level-1

Router(config-if)# isis circuit-type level-1-2

Router(config-if)# isis circuit-type level-2

路由器（config）# 接口 fa0/0 路由器（config-if）# isis电路型 1级 路由器（config-if）# isis电路型 1-2级 路由器（config-if）# isis电路型 2级

To adjust the priority (default is 64) of interface, increasing the likelihood that the router will be elected the DIS:

要调整接口的优先级（默认值为 64），增加路由器被选为 DIS 的可能性：

Router(config)# interface e0/0

Router(config-if)# isis priority 100

It is possible to control which router interfaces will participate in the IS-IS process. Just as with EIGRP and OSPF, we can use the passive-interface command.

可以控制哪些路由器接口将参与 IS-IS 进程。与 EIGRP 和 OSPF 一样，我们可以使用 passive-interface 命令。

However, please note that the passive-interface command works differently with IS-IS than with RIP or IGRP. IS-IS will no longer form neighbor relationships out of a “passive” interface, thus this command prevents updates from being sent or received out of this interface:
但是，请注意，passive-interface 命令与 IS-IS 的工作方式不同于与 RIP 或 IGRP 一起使用。IS-IS 将不再从“被动”接口形成邻居关系，因此此命令会阻止从此接口发送或接收更新：

RouterC(config)# router isis

RouterC(config-router)# passive-interface s0

Router C will not form a neighbor adjacency with Router B.

路由器 C 不会与路由器 B 形成邻接方邻接关系。

We can configure all interfaces to be passive using the passive-interface default command, and then individually use the no passive-interface command on the interfaces we do want neighbors to be formed on:

我们可以使用 passive-interface default 命令将所有接口配置为被动接口，然后在我们希望形成邻居的接口上单独使用 no passive-interface 命令：

RouterC(config)# router isis

RouterC(config-router)# passive-interface default

RouterC(config-router)# no passive-interface e0

Always remember, that the passive-interface command will prevent IS-IS (and OSPF) from forming neighbor relationships out of that interface. No routing updates are passed in either direction.

请始终记住，passive-interface 命令将阻止 IS-IS（和 OSPF）从该接口形成邻居关系。不会在任一方向传递路由更新。

However, unlike OSPF, using the passive-interface command will still inject that interface’s network into the routing table. Thus, the passive- interface command can be useful when creating “stub” networks.

但是，与 OSPF 不同的是，使用 passive-interface 命令仍会将该接口的网络注入到路由表中。因此，在创建 “stub” 网络时，passive- interface 命令可能很有用。

IS-IS utilizes an arbitrary cost for its metric (the optional metrics of delay, expense, and error are not supported by Cisco). By default, interfaces of all types (regardless of speed) are assigned a metric of 10.

IS-IS 对其度量使用任意成本（Cisco 不支持延迟、费用和错误的可选度量）。默认情况下，所有类型的接口（无论速度如何）都分配有 10 的度量。

To adjust the metric on an interface:

要调整接口上的指标，请执行以下操作：

Router(config)# interface e0/0

Router(config-if)# isis metric 30

IS-IS Authentication IS-IS 身份验证

IS-IS authentication can be applied to a link, to an area, or to a domain. Remember, Cisco supports only clear-text authentication for IS-IS.

IS-IS 身份验证可应用于链路、区域或域。请记住，Cisco 仅支持 IS-IS 的明文身份验证。

To configuration authentication on an interface-by-interface basis:

要逐个接口配置身份验证：

Router(config)# interface fa0/0

Router(config-if)# isis password MYPASSWORD level-1

Router(config-if)# isis password MYPASSWORD2 level-2

Note that separate authentication passwords can be applied to Level-1 or Level-2 Adjacencies. To configure authentication for an entire IS-IS area:

请注意，单独的身份验证密码可以应用于 1 级或 2 级邻接。要为整个 IS-IS 区域配置身份验证：

Router(config)# router isis

Router(config-router)# area-password MYPASSWORD

IS-IS Summarization IS-IS 汇总

IS-IS supports both inter-area and external summarization, and uses the same command to accomplish both. If we wished to summarize the following networks into one summary route:

IS-IS 支持区域间汇总和外部汇总，并使用相同的命令来完成这两项操作。如果我们希望将以下网络汇总为一个汇总路由：

172.16.0.0/16
172.17.0.0/16
172.18.0.0/16
172.19.0.0/16
172.20.0.0/16
172.21.0.0/16
172.22.0.0/16
172.23.0.0/16

The following command would be required:

RouterC(config)# router isis

RouterC(config-router)# summary-address 172.16.0.0 255.248.0.0

When configuring IS-IS over Frame-Relay, additional map statements are required:
在帧中继上配置 IS-IS 时，需要额外的 map 语句：

Router(config)# interface s0/0

Router(config-if)# frame-relay map clns 105 broadcast

Router(config-if)# frame-relay map clns 106 broadcast

Additionally, we can map CLNP addresses in ISDN:

此外，我们可以在 ISDN 中映射 CLNP 地址：

Router(config)# interface bri0

Router(config-if)# dialer map clns 49.0001.1921.6800.5005.00 name MYNAME broadcast 3331111

IS-IS Troubleshooting IS-IS 故障排除

To view any CLNS neighbors, including the type of adjacency:
要查看任何 CLNS 邻接方，包括邻接类型：

Router# show clns neighbors

To view only IS neighbors:

Router# show clns is-neighbors

To view specific IS-IS information about an interface:
要查看有关接口的特定 IS-IS 信息：

Router# show clns interface e0/0

To view the IS-IS link-state topology table:
要查看 IS-IS 链路状态拓扑表：

Router# show isis database

To view a list of all known IS-IS routers in all areas:
要查看所有区域中所有已知 IS-IS 路由器的列表：

Router# show isis topology

IS-IS is often compared and contrasted to OSPF. Both protocols share several similarities, including:
IS-IS 经常与 OSPF 进行比较和对比。这两种协议有几个相似之处，包括：

• Both are Link-State routing protocols.
  两者都是链路状态路由协议。

• Both use the Dijkstra algorithm to determine the shortest path.
  两者都使用 Dijkstra 算法来确定最短路径。

• Both are classless and support VLSMs.
  两者都是无类的，都支持 VLSM。

• Both use a cost metric.
  两者都使用成本指标。

• Both use areas to minimize the size of topology and routing tables.
  两者都使用区域来最小化拓扑和路由表的大小。

• Both elect a designated router on broadcast links to contain link-state update traffic.
  两者都在广播链路上选择指定的路由器，以包含链路状态更新流量。

Despite these similarities, there are a multitude of crucial differences between IS-IS and OSPF, including:
尽管存在这些相似之处，但 IS-IS 和 OSPF 之间仍存在许多关键差异，包括：

• OSPF supports only IP, IS-IS supports both IP and CLNS.
  OSPF 仅支持 IP，IS-IS 同时支持 IP 和 CLNS。

• IS-IS does not require IP connectivity between routers to share routing information. Updates are sent via CLNS instead of IP.
  IS-IS 不需要路由器之间的 IP 连接来共享路由信息。更新通过 CLNS 而不是 IP 发送。

• In OSPF, interfaces belong to areas. In IS-IS, the entire router belongs to an area.
  在 OSPF 中，接口属于区域。在 IS-IS 中，整个路由器属于某个区域。

• An IS-IS router belongs to only one Level-2 area, which results in less LSP traffic. IS-IS is thus more efficient and scalable than OSPF, and supports more routers per area.
  IS-IS 路由器只属于一个 Level-2 区域，这会导致 LSP 流量较少。因此，IS-IS 比 OSPF 更高效、更具可扩展性，并且每个区域支持更多路由器。

• There is no Area 0 backbone area for IS-IS. The IS-IS backbone is a contiguous group of Level 1-2 and Level 2 routers.
  IS-IS 没有 Area 0 主干区域。IS-IS 主干网是一组连续的 1-2 级和 2 级路由器。

• IS-IS does not elect a backup DIS. Additionally, DIS election is preemptive.
  IS-IS 不会选择备份 DIS。此外，DIS 选择是抢占式的。

• On broadcast networks, even with an elected DIS, IS-IS routers still form adjacencies with all other routers. In OSPF, routers will only form adjacencies with the DR and BDR on broadcast links.
  在广播网络上，即使选择了 DIS，IS-IS 路由器仍会与所有其他路由器形成邻接关系。在 OSPF 中，路由器只会在广播链路上与 DR 和 BDR 形成邻接关系。

• IS-IS uses an arbitrary cost metric. OSPF’s cost metric is based on the bandwidth of the link.
  IS-IS 使用任意成本指标。OSPF 的成本指标基于链路的带宽。

• IS-IS provides far more granular control of link-state and SPF timers than OSPF.
  IS-IS 提供比 OSPF 更精细的链路状态和 SPF 计时器控制。

---

NSAP Addresses

NSAP 地址

Network Service Access Point (NSAP) address aka ISO address is the network-layer address for CLNS packets (Connectionless Network Service- CLNS is similar to IP Service; a CLNS entity communicates using CLNP protocol with peer CLNS entity).

网络服务接入点 （NSAP） 地址（又名 ISO 地址）是 CLNS 数据包的网络层地址（无连接网络服务 - CLNS 类似于 IP 服务；CLNS 实体使用 CLNP 协议与对等 CLNS 实体通信）。

NSAP addresses are subdivided into two parts- Initial Domain Part (IDP) and Domain Specific Part (DSP).

NSAP 地址细分为两部分 - 初始域部分 （IDP） 和域特定部分 （DSP） 。

The IDP consists of-

IDP 包括 -

AFI- Authority and Format Identifier (1-byte)

AFI- 授权和格式标识符（1 字节）

IDI- Initial Domain Identifier (variable length)

IDI - 初始域标识符（可变长度）

The DSP consists of-

DSP 包括 -

HO-DSP- High-Order of DSP

HO-DSP - 高位 DSP

ID- System Identifier (6-bytes)

ID- 系统标识符（6 字节）

SEL- NSAP Selector (1-byte)

SEL-NSAP 选择器 （1 字节）

The HO-DSP may use any format as defined by the authority identified by IDP. The combination of [IDP, HO-DSP] identify both the routing domain and the area within the routing domain. Hence the combination [IDP, HO-DSP] is called the “Area Address”. All nodes within the area must have same Area address.

HO-DSP 可以使用 IDP 确定的机构定义的任何格式。[IDP， HO-DSP] 的组合可识别路由域和路由域中的区域。因此 [IDP， HO-DSP] 组合称为 “ 区域地址 ”。Area 内的所有节点必须具有相同的 Area 地址。

The AFI has a binary value between 0 and 99; this value identifies the IDI and DSP format. AFI set to 49 indicates private address space.

AFI 的二进制值介于 0 和 99 之间；此值标识 IDI 和 DSP 格式。AFI 设置为 49 表示私有地址空间。

A Network Entity Title (NET) is an NSAP address with NSEL set to 0. The NSAP address for all routers (ISes) are set with NSEL equal to 0.

网络实体标题 （NET） 是 NSEL 设置为 0 的 NSAP 地址。所有路由器 （IS） 的 NSAP 地址都设置为 NSEL 等于 0。

A router can be configured with multiple NETs in following cases

在以下情况下，路由器可以配置多个 NET：

a) During Area Address migration from some area address A to another area address B.

a）在区域地址从某个区域地址 A 迁移到另一个区域地址 B 期间。

b) During merging of two areas A & B

b）在合并两个区域 A 和 B 期间

c) During partitioning of area C into two areas A & B.

c）在将 C 区划分为 A 和 B 两个区域期间。

The following are sample NETs

以下是示例 NET-

1) 49.0001.1111.1111.1111.00

Area address = 49.0001

System ID = 1111.1111.1111

NSEL = 00

2) 49.0001.1234.AAAA.AAAA.AAAA.00

Area address = 49.0001.1234

System ID = AAAA.AAAA.AAAA

NSEL = 00

---

via:

• Knowledge Base - NSAP Addresses

  https://sites.google.com/site/amitsciscozone/is-is/nsap-addresses

---

Understanding IS-IS NSAP Addresses

March 16, 2021

OK, OK, most students find this whole competing IGP to OSPF strange enough to being with, but when they learn they have to configure an NSAP (also called a NET) address, that is when their eyes really glaze over. But in all actuality, this address is not that bad to work with, and the story of why we need it is even more interesting.

好的，好的，大多数学生发现整个与 OSPF 竞争的 IGP 已经够奇怪的了，但当他们得知必须配置一个 NSAP（也称为 NET）地址时，他们的眼睛真的开始变得呆滞。但实际上，这个地址并不难处理，而我们为什么需要它的故事更有趣。

Remember, the IS-IS routing protocol still uses the ISO Connectionless Network Protocol (CLNP) in its operation. In fact, you can consider this the main protocol that it is using in its operation. The IPv4 or IPv6 prefixes that it is carrying for us is quite secondary. In fact, in academic routing terms, the prefixes being carried by the protocol are considered leaves hanging off of a tree that makes up the graph of shortest path first destinations.

记住，IS-IS 路由协议在其操作中仍然使用 ISO 无连接网络协议（CLNP）。实际上，你可以认为这是它在其操作中使用的主要协议。它为我们携带的 IPv4 或 IPv6 前缀是相当次要的。实际上，在学术路由术语中，由协议携带的前缀被认为是挂在构成最短路径第一目的地图的树上的叶子。

So the routing for CLNP that still exists is the reason we must configure an NSAP address. First, let’s remind ourselves of what this configuration looks like at the CLI:

所以，仍然存在的 CLNP 路由就是我们必须要配置 NSAP 地址的原因。首先，让我们提醒自己这种配置在 CLI 中看起来是什么样子：

router isisnet 49.0001.0000.0000.000a.00
interface ethernet0/0
ip address 10.1.1.1 255.255.255.0
ip router isis
interface serial 2/0
ip router isis
ip address 192.168.1.2 255.255.255.0

So we can really see where the NET is the only thing that looks strange to us. Notice how simple it is to establish the IS-IS router process, and how straightforward it is to configure IS-IS at the interface level where appropriate.

所以我们真的可以看到 NET 是我们唯一觉得奇怪的东西。注意建立 IS-IS 路由器进程是多么简单，以及在适当的地方配置 IS-IS 在接口级别上是多么直接。

So what is that NET all about. Well – here is the breakdown:

那么 NET 到底是什么。好吧 —— 这里是分解：

Let’s take a sample NET as follows:

我们来看一个样本 NET 如下：

49.0011.2222.0000.0000.000A.00

The 49 is called the authority format identifier (AFI) and you will often see it set to 49 out of habit. This indicates “private assignment” and speaks to how IS-IS was thought to be the protocol that would make the Internet a reality when IS-IS was first being designed. The first part of the NET would be effectively advertising the domain to the world (think the AS in BGP). Since IS-IS is now used exclusively as an IGP, we like to just set this first part to 49 and be done with it.

49 被称为权威格式标识符（AFI），你通常会看到它被习惯性地设置为 49。这表示 “私有分配”，并说明了当 IS-IS 最初被设计时，人们认为 IS-IS 是将使互联网成为现实的协议。NET 的第一部分将有效地向世界宣传域（想想 BGP 中的 AS）。由于 IS-IS 现在仅作为 IGP 使用，我们喜欢只将这部分设置为 49，然后完成。

The next part of our address is 00 and this is the Initial Domain Identifier or IDI. The original idea here was that you could use this value to indicate subdomains within your “AS” like routing domain. Today, we just typically ignore this value by setting it to 00.

我们地址的下一部分是 00，这是初始域标识符或 IDI。这里最初的设想是你可以使用这个值来指示你的 “AS” 内的子域，比如路由域。今天，我们通常通过将其设置为 00 来忽略这个值。

Next up is the high-order domain specific part. Once again, this is an opportunity for you to get create if you want to identify certain portions of your network – I have this set to 11 in our example.
接下来是高阶域特定部分。再一次，如果你想要识别网络的某些部分，这是一个你可以创造的机会 —— 我在我们的例子中将其设置为 11。

Finally, we have a part of the address that we can really feel comfortable with. This is the area identifier. Notice I have set mine to 2222.

最后，我们有一个我们真正感到舒适的地址部分。这是区域标识符。注意我已经将我的设置为 2222。

Next up is the system identifier. This must be a unique value for each of our IS-IS routers. Sure, you could generate this from the MAC address of an interface or the backplane, but notice that we can easily just set it to be unique ourself. In my example, you will note that I have set the system ID to:

接下来是系统标识符。这必须是我们每个 IS-IS 路由器的唯一值。当然，你可以从接口或背板的 MAC 地址生成这个值，但注意我们可以很容易地自己将其设置为唯一。在我的示例中，你会注意到我已经将系统 ID 设置为：

0000.0000.000A

Finally, we have the N selector value that we set to 00.

最后，我们有 N 选择器值，我们将其设置为 00。

So, let’s examine 6 NET addresses I might construct for three different areas. I can configure them as follows:

那么，让我们检查我为三个不同区域构建的 6 个 NET 地址。我可以如下配置它们：

Area 1111

49.0011.1111.0000.0000.0001.00

49.0011.1111.0000.0000.0002.00

Area 2222

49.0011.2222.0000.0000.0003.00

49.0011.2222.0000.0000.0004.00

Area 3333

49.0011.3333.0000.0000.0005.00

49.0011.3333.0000.0000.0006.00

Notice that this is really simple and nothing to get upset about! Sure there is a chance for typos that can mess everything up, but just call upon the remarkable Notepad to assist with this. Construct your NETs there and then paste them in to the appropriate routers.

注意这真的很简单，没有什么好担心的！当然，有可能出现打字错误，可能会把一切都搞砸，但只需要调用出色的记事本来协助。在那里构建你的 NET，然后粘贴到适当的路由器中。

---

via:

• Understanding IS-IS NSAP Addresses - Todd Lammle, LLC

  https://www.lammle.com/post/understanding-is-is-nsap-addresses/

---

IS-IS Addresses

IS-IS (Intermediate System to Intermediate System) Protocol was developed as a OSI network protocol, not TCP/IP. So, normally IS-IS Protocol does not uses IP address, but it uses NET (Network Entity Title) addresses. Inn this lesson, we will focus on these IS-IS Addresses.

IS-IS（中间系统到中间系统）协议是作为 OSI 网络协议开发的，而不是 TCP/IP。因此，通常 IS-IS 协议不使用 IP 地址 ，而是使用 NET（网络实体标题）地址 。在本文中，我们将重点介绍这些 IS-IS 地址。

In IS-IS Protocol, NSAP (Network Service Access Point) is used as network layer address. These addresses are assigned per node, not per interface.

在 IS-IS 协议中，NSAP（网络服务接入点）用作网络层地址。这些地址是按节点分配的，而不是按接口分配的。

And SNPA (Subnetwork Point of Attachment) is the Layer 2 addresses for IS-IS Protocol.

SNPA（子网连接点）是 IS-IS 协议的第 2 层地址。

NSAP (Network Service Access Point) consist of three parts. These are:

NSAP（网络服务接入点）由三部分组成。这些是：

• Area-address 区域地址
• SystemID 系统 ID
• N-Selector N 选择器

Area address also has some parts inside it. These parts are AFI, IDI and HODSP.

Area address 内部也有一些部分。这些部分是 AFI、IDI 和 HODSP 。

ISIS Address Format

ISIS 地址格式

Above, we have checked an example ISIS address, 49.0115.125a.ab44.1234.11111.0123.abcd.aaaa.00. As you can see,

上面，我们检查了一个示例 ISIS 地址 49.0115.125a.ab44.1234.11111.0123.abcd.aaaa.00。如您所见，

• 49 is the AFI

  49 是 AFI

• 0115.125a.ab44.1234 is the IDI part

  0115.125a.ab44.1234 是 IDI 部分

• For Area Address, last part is HODSP and its value is 1111

  对于 Area Address，最后一部分是 HODSP，其值为 1111

• System ID part of this example address is 0123.abcd.aaaa

  此示例地址的系统 ID 部分为 0123.abcd.aaaa

• SEL part is 00

  SEL 不分为 00

---

via:

• IS-IS Addresses ⋆ | IS-IS NET Addresses | 49.0115.125a.ab44.1234

  https://ipcisco.com/lesson/is-is-addresses/

---

ISIS 地址结构 --NSAP 地址

杨玉庭的博客 于 2020-05-06 16:52:05 发布

ISIS 地址结构

CLNP 协议：无网络连接协议（Connectionless Network Protocol）

CLNP是网络连接协议，可以用于终端系统的网络实体之间或网络层中继系统中。CLNP 使用 NSAP 地址和标题来识别网络设备，就像 IP 一样，CLNP 协议头的校验和提供了一种认证，该认证用于处理 CLNP 数据报是否已正确传输，以及提供了生命周期控制机制 ，该机制限制了数据报停留在因特网系统中的时间。

NSAP 地址：网络服务访问点（Network Service Access Point）是 OSI 协议中用于定位资源的地址。NSAP 的地址结构如图所示，它由 IDP（Initial Domain Part）和 DSP（Domain Specific Part） 组成。IDP 和 DSP 的长度都是可变的，NSAP 总长最多是 20 个字节，最少 8 个字节。

1、IDP 相当于 IP 地址中的主网络号，由 AFI 和 IDI 两部分组成。

AFI：表示地址分配机构和地址格式

IDI：用来标识域

2、DSP 相当于 IP 地址中的子网号和主机地址，由 High Order DSP、System ID、SEL 组成。

High Order DSP：用来分割区域

System ID：用来区分主机

SEL：用来指示服务类型

3、Area ID：由 High Order DSP 和 AFI 和 IDI 组成。既能标识路由域，也能标识路由域中的区域。

4、System ID：用来标识区域内唯一主机或路由器，长度固定为 48bit（6 字节）

5、NET：是一类特殊的 NSAP（SEL=00)，NET 长度与 NSAP 相同，最多为 20 个字节，最少为 8 个字节。

---

ISIS 简介、NSAP 与 NET 地址、Router-Id 转换成 NET 地址

Hades_Ling 于 2023-01-25 17:17:33 发布

2.0.0 ISIS 简介、NSAP 与 NET 地址、Router-Id 转换成 NET 地址

ISIS 简介

IS-IS（Intermediate System-to-Intermediate System）中间系统到中间系统。

1、该协议最初是 ISO 国际标准化组织为 CLNP（Connection Less Network Protocol，无连接网络协议）所以设计的一种动态路由协议 [IP 协议前身]。

2、IS-IS 与其它路由协议不一样，它是基于 OSI 七层模型设计的路由协议，在 OSI 七层模型中，网络层中的路由设备又称为中间系统，IS-IS 用于多个中间系统之间工作，故 IS-IS 又称为中间系统到中间系统。

3、IS-IS具有良好的扩展能力，相比 OSPF 更快适应网络快速发展的步伐。IS-IS 靠的是其内部的 TLV（Type-Length-Value，类型长度值）字段，它好比积木一般需要使用到什么功能模块就向其中进行添加相应所需参数即可。如：需要 IS-IS 支持 IPv6，则命令行开启 ipv6 功能，IS-IS 会在下次发送新报文的时候在 TLV 上添加 ipv6 所需的 TLV 信息。

IS-IS 特点：IS-IS 工作在 数据链路层 为 网络层 提供服务。同时仅支持工作在 广播、点到点 网络类型。

NSAP 地址与 NET 地址

NSAP（Network Service Access Point，网络服务访问点）

NSAP 地址与 IP 地址一样，都是用于定位资源的地址，主要用于提供网络层和上层应用之间的接口。

字段介绍

• IDP（Initail Domain Part，初始化域部分），类似 IP 地址的网络位。

• AFI（Authority and Format Identifier，权限和格式标识符），用于标识地址所属的分配机构【该地址由谁分配的？】。

• IDI（Initail Domain Identifier，初始化域标识符），标识所属机构中的某一个区域【更细致的标识】。

• DSP（ Domain Specific Part，域特定部分），类似 IP 地址的主机位。

• High Order DSP（高阶域特定部分），预留用于网络地址的扩展【用于扩展 IDP 的大小】。

• System ID（系统 ID），标识区域内的主机【主机地址】。

• SEL（NSAP Selector，NSAP 选择器），用于选择服务类型，常规情况下都是 00。

NSAP 地址

• 规范的 NSAP 地址最短 8Byte、最长 20Byte。
• 以下是某一个规范的 NSAP 地址，表示 代号 49 的机构、0001 区域、主机 0001 的地址

49.0001.0000.0001.00

49 = AFI 分配机构标识

0001 = IDI 网络区域

0000 = DSP 扩展区域

0001 = SystemID

00 = SEL标识

NET (Network Entity Title，网络实体名称)

NET 格式总体都与 NSAP 地址相同，主要用于路由计算。

字段介绍

• Area ID，相似于 NSAP 的 IDP、High Order DSP 的结合，其都是标识网络区域部分。
• System ID，此部分对应 NSAP 的 SystemID，标识主机部分。
• SEL 无变化。

关于 NET 地址

每台运行 IS-IS 的网络设备至少需要拥有一个 NET 地址，一台设备可以同时配置多个 NET，但是这些 NET 的SystemID 必须相同。

在华为设备上，SystmeID 的长度总是固定 6Byte。

设备的 SystemID 在网络中必须唯一，为了便于管理，一般会根据设备的 Router-ID 进行配置 SystemID。

Router-Id 转换成 NET 地址

例子 1：已知 NET 地址的 AreaID 为 49.0001、SEL 为 00，router-id 为 10.0.1.1，求基于 router-id 地址转换后的 NET 地址。

• 第一步，router-id 所以地址都扩展为 3 位数：010.000.001.001

• 第二步，从右边开始每 4 位一组，组成 3 组：0100.0000.1001

• 第三步，将转换后的 SystemID 与 AreaID、SEL 结合：49.0001.0100.0000.1001.00

例子 2：已知 NET 地址的 AreaID 为 49.0001，router-id 为 192.168.1.1，求基于 router-id 地址转换后的 NET 地址。

• 第一步，router-id 所以地址都扩展为 3 位数：192.168.001.001

• 第二步，从右边开始每 4 位一组，组成 3 组：1921.6800.1001

• 第三步，将转换后的 SystemID 与 AreaID、SEL 结合：49.0001.1921.6800.1001.00

图形介绍

---

via:

• ISIS 地址结构 --NSAP 地址 - CSDN 博客 杨玉庭的博客 于 2020-05-06 16:52:05 发布

  https://blog.csdn.net/qq_40124864/article/details/105954216

• ISIS 简介、NSAP 与 NET 地址、Router-Id 转换成 NET 地址_nsap 地址 - CSDN 博客 Hades_Ling 于 2023-01-25 17:17:33 发布

  https://blog.csdn.net/qq_45443704/article/details/128761557

---

OSI NSAP vs. GOSIP NSAP

---

Question about IS-IS NSAP address

讨论 1

rthakker

12-08-2005 08:55 AM - edited ‎03-03-2019 11:11

Friends,

I am bit confused about IS-IS NSAP addressing and need some clarification.

* Addresses starting with value 49 (AFI = 49) are considered as private addresses; Addresses starting with AFI values 39 and 47 represent ISO Data Country Code and ISO International Code Designator, respectively.

* The last byte is the N-Selector (NSEL) and must be specified as a single byte length (preceded by a “.”). A NET definition must set the N-Selector to “00”.

This are some examples I have seen:

1.The NSAP 47.0001.aaaa.bbbb.cccc.00 consists of:

for IS-IS:

– Area = 47.0001

– System ID = aaaa.bbbb.cccc

– N-Selector = 00

for ISO-IGRP:

– Domain = 47

– Area = 0001

– System ID = aaaa.bbbb.cccc

– N-Selector = 00

2.The NSAP 39.0f01.0002.0000.0c00.1111.00 is regarded:

by IS-IS:

– Area = 39.0f01.0002

– System ID = 0000.0c00.1111

– N-Selector = 00

by ISO-IGRP:

– Domain = 39.0f01

– Area = 0002

– System ID = 0000.0c00.1111

– N-Selector = 00

I have seen some different address at client side and want to know if it’s valid or not and if yes then could you tell me if I am right or wrong?

89.0900.0211.2074.2220.2100

89.0900.1511.2074.2220.9600

89.0900.0111.2074.2222.1700

89.0900.0711.2074.2220.0100

n by IS-IS:

– Area = 89.0900.0211 (Can you use 89? or you must always use 49 ? if i will use 89 then any implications?

– System ID = 2074.2220.2100

– N-Selector = ?? (Missing don’t know why? Is it ok if you miss NSEL value or if it’s not specified then it’s considered by default to 00 ??? )

Plz help me understanding this

Thanks,

Rits

–

4 赞 回复

raju_raghavan

12-09-2005 02:50 AM

Ritz,

The last octect is allways the system id irresective of the " . " delimiter.

4 赞回复中三处拼写错误。
 
【The last octet is always the system ID irrespective of the " . " delimiter.】
 
无论使用点分隔符（" . "）与否，最后一个八位字节总是系统 ID。

So for 89.0900.0211.2074.2220.2100

SEl = 00

Sys ID = 1120.7422.2021

Area Address = 89.0900.02

You can see this from " sh clns protocols " command…

---

via:

• IS-IS NSAP address - Cisco Community

  https://community.cisco.com/t5/routing/is-is-nsap-address/td-p/417266

---

讨论 2

ngkin2010

08-20-2021 11:43 PM

Dear Community,

I am taking over a network with ISIS as underlay IGP, which mainly for the connectivity between routers’ loopback address. It’s working fine, but I found their NSAP’s AFI is not 49 (private addressing). Instead, the AFI currently in-use is 10.

For example, the NSAP assigned to router is:

router isis
net 10.0123.9999.9999.9999.00

I know that the NSAP format is based on AFI :

For example, we usually assign AFI=49 for private addressing, and such that the length of IDI=0, while the length of HO-DSP=12

AFI	Length of IDI (octets)	Length of HO-DSP (octets)	Description
49	0	12 (area number)	Private Addressing
39	2 (country code)	10 (area number)	ISO 3166
45	8 (phone number)	4 (area number)	ITU-T E.164
47	2 (Organization code)	10 (area number)	ISO 6523

My question is, how router will treat the NSAP not fall into neither category listed in the above?

For example, given an NSAP = 49.0123.9999.9999.9999.00

Then I know, AFI is 49; Area number is 0123; System-id is 9999.9999.9999; and SEL is 00.

But what if NSAP = 10.0123.9999.9999.9999.00 ?

Any documentation defined the “default rule” for parsing the NSAP?

Thanks!!

–

5 赞 回复

Georg Pauwen

In response to ngkin2010

08-21-2021 01:49 AM

Hello,

as far as I recall, the proposed area IDs are just recommendations, just like RFC 1918 IPv4 addresses. As long as everything stays private, you can use whatever addressing you want. In IPv4, you could use eg. 1.1.1.0/24, or 163.17.0.0/28. it doesn’t matter.

据我所知，提议的区域 ID 只是建议，就像 RFC 1918 IPv4 地址一样。只要一切保持私有，你可以使用任何你想要的地址。在 IPv4 中，你可以使用例如 1.1.1.0/24，或者 163.17.0.0/28。这没关系。

The proof is actually that your IS-IS networks works just fine, even with area ID 10.0123.

实际上，你的 IS-IS 网络即使使用区域 ID 10.0123 也能正常工作。

You are correct about the format of the address. The format needs to conform to the octet length, the numbers you use do not matter.

你对地址格式的理解是正确的。格式需要符合八位字节长度，使用的数字并不重要。

08-21-2021 12:03 AM

Hello,

not really sure what you mean by ‘the “default rule” for parsing the NSAP’, but is this IS-IS network somehow connected to the ‘outside’?

不太确定你所说的 “解析 NSAP 的‘默认规则’” 是什么意思，但是这个 IS-IS 网络是否以某种方式连接到了‘外部’？

If not, that is, if it is strictly private, the chosen area ID (10.0123 in your case) is completely arbitrary (similar to IPv4 RFC 1918 addresses), and you can chose whatever you want.

如果不是，也就是说，如果它完全是私有的，那么所选择的区域 ID（在你的例子中是 10.0123）是完全任意的（类似于 IPv4 RFC 1918 地址），你可以选择任何你想要的。

---

via:

• Solved: Question about ISIS NSAP addressing - Cisco Community

  https://community.cisco.com/t5/routing/question-about-isis-nsap-addressing/td-p/4452789

---