Example for Configuring Basic IS-IS IPv6 Functions

This part provides an example for interconnecting IPv6 networks through IS-IS.

Networking Requirements

As shown in Figure 1:

RouterA, RouterB, FWC, and FWD belong to the same AS. They are interconnected through IS-IS in the IPv6 network.
RouterA, RouterB, and FWC belong to area 10. FWD belongs to area 20.
RouterA and RouterB are Level-1 routers. FWC is a Level-1-2 router. FWD is a Level-2 router.

Figure 1 Networking diagram of basic IS-IS IPv6 feature

Configuration Roadmap

The configuration roadmap is as follows:

Enable the capability of IPv6 forwarding on each device.
Configure an IPv6 address for each interface.
Enable IS-IS on each device.
Configure the level.
Specify the network entity.

Data Preparation

To complete the configuration, you need the following data:

IPv6 address of each interface on RouterA, RouterB, FWC, and FWD
Area numbers of RouterA, RouterB, FWC, and FWD
Levels of RouterA, RouterB, FWC, and FWD

Procedure

Enable the capability of IPv6 forwarding, and configure IPv6 address for each interface. Take the display on FWC as an example. The configurations of RouterA, RouterB and FWD are similar to that of FWC. The detailed configurations are not mentioned here.

<FW> system-view
[FW] sysname FWC
[FWC] ipv6
[FWC] interface GigabitEthernet0/0/0
[FWC-GigabitEthernet0/0/0] ipv6 enable
[FWC-GigabitEthernet0/0/0] ipv6 address 2001:db8:1::1/64
[FWC-GigabitEthernet0/0/0] quit
[FWC] interface GigabitEthernet0/0/1
[FWC-GigabitEthernet0/0/1] ipv6 enable
[FWC-GigabitEthernet0/0/1] ipv6 address 2001:db8:2::1/64
[FWC-GigabitEthernet0/0/1] quit
[FWC] interface GigabitEthernet0/0/2
[FWC-GigabitEthernet0/0/2] ipv6 enable
[FWC-GigabitEthernet0/0/2] ipv6 address 2001:db8:3::1/64
[FWC-GigabitEthernet0/0/2] quit

Assign interfaces of FWC and FWD to security zones and enable interzone security policies.

# Assign interfaces of FWC to security zones.

[FWC] firewall zone trust
[FWC-zone-trust] add interface GigabitEthernet0/0/0
[FWC-zone-trust] add interface GigabitEthernet0/0/1
[FWC-zone-trust] quit

[FWC] firewall zone untrust
[FWC-zone-untrust] add interface GigabitEthernet0/0/2
[FWC-zone-untrust] quit

# Assign interfaces of FWD to security zones.

[FWD] firewall zone trust
[FWD-zone-trust] add interface GigabitEthernet0/0/1
[FWD-zone-trust] quit

[FWD] firewall zone untrust
[FWD-zone-untrust] add interface GigabitEthernet0/0/0
[FWD-zone-untrust] quit

# Enable Trust-Untrust, Local-Untrust, and Trust-Local interzone policies on FWC to ensure normal packet transmission.

This section provides only required security policy parameters. Set other security policy parameters as required.

[FWC] security-policy
[FWC-policy-security] rule name policy_sec_1
[FWC-policy-security-rule-policy_sec_1] source-zone trust
[FWC-policy-security-rule-policy_sec_1] destination-zone untrust
[FWC-policy-security-rule-policy_sec_1] action permit
[FWC-policy-security-rule-policy_sec_1] quit
[FWC-policy-security] rule name policy_sec_2
[FWC-policy-security-rule-policy_sec_2] source-zone local untrust
[FWC-policy-security-rule-policy_sec_2] destination-zone local untrust
[FWC-policy-security-rule-policy_sec_2] action permit
[FWC-policy-security-rule-policy_sec_2] quit
[FWC-policy-security] quit
[FWC-policy-security] rule name policy_sec_3
[FWC-policy-security-rule-policy_sec_3] source-zone local trust
[FWC-policy-security-rule-policy_sec_3] destination-zone local trust
[FWC-policy-security-rule-policy_sec_3] action permit
[FWC-policy-security-rule-policy_sec_3] quit
[FWC-policy-security] quit

# Enable Trust-Untrust, Local-Untrust, and Trust-Local interzone policies on FWD to ensure normal packet transmission.

This section provides only required security policy parameters. Set other security policy parameters as required.

[FWD] security-policy
[FWD-policy-security] rule name policy_sec_1
[FWD-policy-security-rule-policy_sec_1] source-zone trust
[FWD-policy-security-rule-policy_sec_1] destination-zone untrust
[FWD-policy-security-rule-policy_sec_1] action permit
[FWD-policy-security-rule-policy_sec_1] quit
[FWD-policy-security] rule name policy_sec_2
[FWD-policy-security-rule-policy_sec_2] source-zone local untrust
[FWD-policy-security-rule-policy_sec_2] destination-zone local untrust
[FWD-policy-security-rule-policy_sec_2] action permit
[FWD-policy-security-rule-policy_sec_2] quit
[FWD-policy-security] quit
[FWD-policy-security] rule name policy_sec_3
[FWD-policy-security-rule-policy_sec_3] source-zone local trust
[FWD-policy-security-rule-policy_sec_3] destination-zone local trust
[FWD-policy-security-rule-policy_sec_3] action permit
[FWD-policy-security-rule-policy_sec_3] quit
[FWD-policy-security] quit

Configure IS-IS.

# Configure RouterA.

[RouterA] isis 1
[RouterA-isis-1] is-level level-1
[RouterA-isis-1] network-entity 10.0000.0000.0001.00
[RouterA-isis-1] ipv6 enable
[RouterA-isis-1] quit
[RouterA] interface GigabitEthernet 0/0/0
[RouterA-GigabitEthernet0/0/0] isis ipv6 enable 1
[RouterA-GigabitEthernet0/0/0] quit

# Configure RouterB.

[RouterB] isis 1 
[RouterB-isis-1] is-level level-1
[RouterB-isis-1] network-entity 10.0000.0000.0002.00
[RouterB-isis-1] ipv6 enable
[RouterB-isis-1] quit
[RouterB] interface GigabitEthernet 0/0/0
[RouterB-GigabitEthernet0/0/0] isis ipv6 enable 1
[RouterB-GigabitEthernet0/0/0] quit

# Configure FWC.

[FWC] isis 1
[FWC-isis-1] network-entity 10.0000.0000.0003.00
[FWC-isis-1] ipv6 enable
[FWC-isis-1] quit
[FWC] interface GigabitEthernet 0/0/0
[FWC-GigabitEthernet0/0/0] isis ipv6 enable 1
[FWC-GigabitEthernet0/0/0] quit
[FWC] interface GigabitEthernet 0/0/1
[FWC-GigabitEthernet0/0/1] isis ipv6 enable 1
[FWC-GigabitEthernet0/0/1] quit
[FWC] interface GigabitEthernet 0/0/2
[FWC-GigabitEthernet0/0/2] isis ipv6 enable 1
[FWC-GigabitEthernet0/0/2] isis circuit-level level-2
[FWC-GigabitEthernet0/0/2] quit

# Configure FWD.

[FWD] isis 1 
[FWD-isis-1] is-level level-2
[FWD-isis-1] network-entity 20.0000.0000.0004.00
[FWD-isis-1] ipv6 enable
[FWD-isis-1] quit
[FWD] interface GigabitEthernet 0/0/0
[FWD-GigabitEthernet0/0/0] isis ipv6 enable 1
[FWD-GigabitEthernet0/0/0] quit
[FWD] interface GigabitEthernet 0/0/1
[FWD-GigabitEthernet0/0/1] isis ipv6 enable 1
[FWD-GigabitEthernet0/0/1] quit

Verify the configuration.

# Display the IS-IS routing table of RouterA.

[RouterA] display isis route
                         Route information for ISIS(1)
                         -----------------------------

                        ISIS(1) Level-1 Forwarding Table
                        --------------------------------
IPV4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags
-------------------------------------------------------------------------------
0.0.0.0/0            10         NULL   

IPV6 Dest.     ExitInterface                                    NextHop                  Cost         Flags
----------------------------------------------------------------------------
 ::/0          GigabitEthernet0/0/0          FE80::A83E:0:3ED2:1      10           A/-/-
 2001:db8:1::/64     GigabitEthernet0/0/0          Direct             10           D/L/-
 2001:db8:2::/64     GigabitEthernet0/0/0      FE80::A83E:0:3ED2:1     20          A/-/-

      Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
                                U-Up/Down Bit Set

# Display the IS-IS neighbors of FWC.

[FWC] display isis peer verbose

                          Peer information for ISIS(1)
                          ----------------------------
  System Id    Interface                                          Circuit Id       State HoldTime Type     PRI
0000.0000.0001 GigabitEthernet0/0/0            0000000001        Up   24s      L1       --
  MT IDs supported     : 0(UP)
  Local MT IDs         : 0 
  Area Address(es)     : 10
  Peer IPv6 Address(es): FE80::996B:0:9419:1
  Uptime               : 00:44:43
  Adj Protocol         : IPV6
  Restart Capable      : YES,
  Suppressed Adj       : NO
  Peer System Id          : 0000.0000.0001

0000.0000.0002 GigabitEthernet0/0/1            0000000001        Up   28s      L1       --
  MT IDs supported     : 0(UP)
  Local MT IDs         : 0 
  Area Address(es)     : 10
  Peer IPv6 Address(es): FE80::DC40:0:47A9:1
  Uptime               : 00:46:13
  Adj Protocol         : IPV6
  Restart Capable      : YES,
  Suppressed Adj       : NO
  Peer System Id          : 0000.0000.0002

0000.0000.0004 GigabitEthernet0/0/2            0000000001        Up   24s      L2       --
  MT IDs supported     : 0(UP)
  Local MT IDs         : 0 
  Area Address(es)     : 20
  Peer IPv6 Address(es): FE80::F81D:0:1E24:2
  Uptime               : 00:53:18
  Adj Protocol         : IPV6
  Restart Capable      : YES,
  Suppressed Adj       : NO
  Peer System Id          : 0000.0000.0004

Total Peer(s): 3

# Display the IS-IS LSDB of FWC.

[FWC] display isis lsdb verbose

                        Database information for ISIS(1)
                        --------------------------------
                          Level-1 Link State Database

LSPID                 Seq Num      Checksum      Holdtime      Length  ATT/P/OL
-------------------------------------------------------------------------------

0000.0000.0001.00-00  0x0000000c   0x4e06        1117          113     0/0/0
 SOURCE       0000.0000.0001.00
 NLPID        IPV6
 AREA ADDR    10
 INTF ADDR V6 2001:db8:1::2
 Topology     Standard
 NBR  ID      0000.0000.0003.00  COST: 10
 IPV6         2001:db8:1::/64                       COST: 10
0000.0000.0002.00-00  0x00000009   0x738c        1022          83      0/0/0
 SOURCE       0000.0000.0002.00
 NLPID        IPV6
 AREA ADDR    10
 INTF ADDR V6 2001:db8:2::2
 Topology     Standard
 NBR  ID      0000.0000.0003.00  COST: 10
 IPV6         2001:db8:2::/64                       COST: 10

0000.0000.0003.00-00* 0x00000020   0x6b10        771           140     1/0/0
 SOURCE       0000.0000.0003.00
 NLPID        IPV6
 AREA ADDR    10
 INTF ADDR V6 2001:db8:3::1
 INTF ADDR V6 2001:db8:2::1
 INTF ADDR V6 2001:db8:1::1
 Topology     Standard
 NBR  ID      0000.0000.0002.00  COST: 10
 NBR  ID      0000.0000.0001.00  COST: 10
 IPV6         2001:db8:2::/64                       COST: 10
 IPV6         2001:db8:1::/64                       COST: 10
Total LSP (s): 5
  *(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
          ATT-Attached, P-Partition, OL-Overload

                          Level-2 Link State Database

LSPID                 Seq Num      Checksum      Holdtime      Length  ATT/P/OL
-------------------------------------------------------------------------------

0000.0000.0003.00-00* 0x00000017   0x61b4        771           157     0/0/0
 SOURCE       0000.0000.0003.00
 NLPID        IPV6
 AREA ADDR    10
 INTF ADDR V6 2001:db8:3::1
 INTF ADDR V6 2001:db8:2::1
 INTF ADDR V6 2001:db8:1::1
 Topology     Standard
 NBR  ID      0000.0000.0004.00  COST: 10
 IPV6         2001:db8:3::/64                         COST: 10
 IPV6         2001:db8:2::/64                       COST: 10
 IPV6         2001:db8:1::/64                       COST: 10

0000.0000.0004.00-00  0x0000000b   0x6dfa        1024          124     0/0/0
 SOURCE       0000.0000.0004.00
 NLPID        IPV6
 AREA ADDR    20
 INTF ADDR V6 2001:db8:3::2
 INTF ADDR V6 2001:db8:4::1
 Topology     Standard
 NBR  ID      0000.0000.0003.00  COST: 10
 NBR  ID      0000.0000.0005.00  COST: 10
 IPV6         2001:db8:3::/64                         COST: 10
 IPV6         2001:db8:4::/64                         COST: 10

Total LSP(s): 3
  *(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
          ATT-Attached, P-Partition, OL-Overload

Configuration Files

Configuration file of RouterA

 sysname RouterA

 ipv6

isis 1

 is-level level-1

 network-entity 10.0000.0000.0001.00

interface GigabitEthernet0/0/0

 ipv6 enable

 ipv6 address 2001:db8:1::2/64

 isis ipv6 enable 1

return

Configuration file of RouterB

 sysname RouterB

 ipv6

isis 1

 is-level level-1

 network-entity 10.0000.0000.0002.00

interface GigabitEthernet0/0/0

 ipv6 enable

 ipv6 address 2001:db8:2::2/64

 isis ipv6 enable 1

return

Configuration file of FWC

 sysname FWC

 ipv6

isis 1

 network-entity 10.0000.0000.0003.00

interface GigabitEthernet0/0/0

 ipv6 enable

 ipv6 address 2001:db8:1::1/64

 isis ipv6 enable 1

interface GigabitEthernet0/0/1

 ipv6 enable

 ipv6 address 2001:db8:2::1/64

 isis ipv6 enable 1

interface GigabitEthernet0/0/2

 ipv6 enable

 ipv6 address 2001:db8:3::1/64

 isis ipv6 enable 1

 isis circuit-level level-2

#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/0
 add interface GigabitEthernet0/0/1
#
firewall zone untrust 
 set priority 5 
 add interface GigabitEthernet0/0/2
#
security-policy
  rule name policy_sec_1
    source-zone trust
    destination-zone untrust
    action permit
  rule name policy_sec_2
    source-zone local
    source-zone untrust
    destination-zone local
    destination-zone untrust
    action permit
  rule name policy_sec_3
    source-zone local
    source-zone trust
    destination-zone local
    destination-zone trust
    action permit

return

Configuration file of FWD

 sysname FWD

 ipv6

isis 1

 is-level level-2

 network-entity 20.0000.0000.0004.00

interface GigabitEthernet0/0/0

 ipv6 enable

 ipv6 address 2001:db8:3::2/64

 isis ipv6 enable 1

interface GigabitEthernet0/0/1

 ipv6 enable

 ipv6 address 2001:db8:4::1/64

 isis ipv6 enable 1

#
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/1
#
firewall zone untrust 
 set priority 5 
 add interface GigabitEthernet0/0/0
#
security-policy
  rule name policy_sec_1
    source-zone trust
    destination-zone untrust
    action permit
  rule name policy_sec_2
    source-zone local
    source-zone untrust
    destination-zone local
    destination-zone untrust
    action permit
  rule name policy_sec_3
    source-zone local
    source-zone trust
    destination-zone local
    destination-zone trust
    action permit

return