NETWORK-L2 Supplemental 91: IS-IS Protocol in ISP Networks: Why Operators Prefer It
Supplemental 91: IS-IS Protocol in ISP Networks: Why Operators Prefer It
Author: Patrick Luan de Mattos
Category: network-l2
Level: Advanced
Generated: 2026-04-22T15:49:58.193Z
SUPPLEMENTAL CHAPTER 91
IS-IS Protocol in ISP Networks: Why Operators Prefer It
Introduction:
In the complex and demanding environment of Internet Service Provider (ISP) networks, the choice of an Interior Gateway Protocol (IGP) is paramount. While OSPF has seen widespread adoption, many large-scale ISPs gravitate towards the Intermediate System to Intermediate System (IS-IS) protocol. This chapter delves into the reasons behind this preference, exploring IS-IS's robust architecture, efficient operation, and inherent advantages for large, dynamic networks. We will dissect its PDU types, understand the significance of Level 1/2 routing, and examine the intricacies of its link-state database. Furthermore, we will conduct a comparative analysis of IS-IS and OSPF, highlighting their respective strengths and weaknesses in an ISP context, and provide practical insights into configuration, security, and troubleshooting.
While discussions around cybersecurity vulnerabilities, such as potential zerosday exploits or the disclosure of cve-2026-5281 exploit or cve-2026-5281 poc, are critical for network security, our focus here is on the fundamental routing protocols that underpin network stability and performance. Understanding the inner workings of IS-IS is a foundational step in building resilient and secure network infrastructures, which indirectly contributes to mitigating the impact of such vulnerabilities.
1. Understanding IS-IS: A Link-State Protocol Designed for Scale
IS-IS (Intermediate System to Intermediate System) is a link-state routing protocol, meaning each router maintains a complete map of the network topology. This allows for efficient path calculation and rapid convergence in the event of network changes. Unlike OSPF, which was originally designed for IP networks, IS-IS is protocol-agnostic, meaning it can route traffic for multiple network layer protocols, including IP, CLNP (Connectionless Network Protocol), and others. This inherent flexibility has made it a popular choice for ISPs that often manage diverse traffic types and protocols.
1.1 IS-IS PDU Types: The Building Blocks of Information Exchange
IS-IS routers communicate by exchanging Protocol Data Units (PDUs). Understanding these PDUs is crucial for comprehending how IS-IS operates and for troubleshooting network issues.
IIH (Intermediate-to-Intermediate Hello) PDU: These are sent periodically to discover neighbors and establish adjacencies. They contain information about the sending router's System ID, Network Entity Title (NET), circuit type, and supported protocol options.
- Circuit Type: Determines the type of adjacency formed (e.g., Level 1, Level 2, Level 1/2).
- System ID: A unique 6-byte identifier for each IS-IS router within a routing domain.
- NET (Network Entity Title): A hierarchical address that defines a router's location within an IS-IS domain. It typically consists of an Area ID and a System ID.
LSP (Link State Packet) PDU: These PDUs carry information about a router's directly connected links and their states. LSPs are flooded throughout the IS-IS routing domain and form the basis of the link-state database. Each LSP contains:
- LSP ID: Unique identifier for an LSP, usually composed of the originating router's System ID and a fragment number.
- Attached bit: Indicates if the router is connected to an end system.
- Overhead/Metric: Information about the cost of the link.
- Neighbor information: Details about directly connected neighbors.
SNP (Sequence Number Packet) PDU: Used to manage the flooding of LSPs.
- CSNP (Complete Sequence Number Packet): Sent periodically (e.g., every 15 minutes) to synchronize the link-state database between routers. It contains a summary of all LSPs in the database.
- PSNP (Partial Sequence Number Packet): Sent in response to a request for specific LSPs or to acknowledge received LSPs. It contains a list of LSP IDs.
RA (Routing Advertisement) PDU: Used in Level 1 routing to carry information about the default route and routes to other areas.
1.2 Level 1 and Level 2 Routing: Hierarchical Design for Scalability
IS-IS employs a hierarchical routing approach, dividing the network into areas. This hierarchy is crucial for managing large networks and reducing the size of routing tables.
Level 1: Routers within a Level 1 area maintain a link-state database for their local area only. They do not exchange routing information with routers in other areas. To reach destinations outside their area, Level 1 routers rely on a default route learned from a Level 1/2 router.
- Purpose: Efficiently route within a local administrative domain or a segment of a larger network.
- Database: Contains LSPs for all routers within the same Level 1 area.
- Default Route: Level 1 routers will install a default route to reach outside their area, typically learned from a Level 1/2 router.
Level 2: Routers within a Level 2 backbone exchange routing information for the entire IS-IS routing domain. They form a backbone that connects different Level 1 areas.
- Purpose: Provide reachability across different IS-IS areas and form the core of the routing domain.
- Database: Contains LSPs for all routers in the entire IS-IS routing domain, including those in other Level 1 areas.
Level 1/2 Routers: These routers participate in both Level 1 and Level 2 routing. They maintain separate link-state databases for each level and can translate routing information between them. They act as gateways between Level 1 areas and the Level 2 backbone.
- Function: Connect Level 1 areas to the Level 2 backbone and advertise summarized routes from Level 1 areas into Level 2, and vice-versa.
Topology Example:
+-------------------+ +-------------------+
| ISP Core |------| ISP Core |
| (Level 2 Backbone)| | (Level 2 Backbone)|
+-------------------+ +-------------------+
| |
| |
+-------------------+ +-------------------+
| Area 1 (L1/L2) |------| Area 2 (L1/L2) |
| (L1/L2 Router) | | (L1/L2 Router) |
+-------------------+ +-------------------+
| |
| |
+-------------------+ +-------------------+
| Area 3 (L1) | | Area 4 (L1) |
| (L1 Router) | | (L1 Router) |
+-------------------+ +-------------------+
| |
| |
+-------------------+ +-------------------+
| Customer A | | Customer B |
+-------------------+ +-------------------+In this topology, the "ISP Core" routers form the Level 2 backbone. "Area 1" and "Area 2" contain Level 1/2 routers that connect to the backbone and also manage their respective Level 1 areas. "Area 3" and "Area 4" are pure Level 1 areas, with their routers relying on the Level 1/2 routers for external reachability.
1.3 The Link-State Database (LSDB): The Network's Map
Each IS-IS router maintains a Link-State Database (LSDB) that contains a complete representation of the network topology within its routing domain or area. The LSDB is populated by LSPs received from other routers.
- LSDB Structure: The LSDB is organized into different types of Link State Advertisements (LSAs), similar to OSPF. In IS-IS, these are essentially the LSPs.
- SPF Calculation: Once the LSDB is populated and synchronized, each router runs the Shortest Path First (SPF) algorithm (Dijkstra's algorithm) on its LSDB to calculate the best paths to all destinations.
- Database Synchronization: Routers periodically send CSNP PDUs to ensure their LSDBs are synchronized with their neighbors. PSNP PDUs are used for more targeted updates and acknowledgments.
2. IS-IS vs. OSPF: A Comparative Analysis for ISPs
While both IS-IS and OSPF are link-state IGPs, they have distinct characteristics that make IS-IS often preferred in large ISP environments.
| Feature | IS-IS | OSPF | ISP Preference Rationale
This chapter is part of the "From Zero to Network Doctor" open textbook series. All examples are educational and use safe, lab-only environments.