IS-IS

IS-IS (Intermediate System to Intermediate System) is an Interior Gateway Protocol (IGP) used to distribute IP routing information throughout a single Autonomous System. Originally developed as a routing protocol for CLNP (Connectionless Network Protocol), it was later extended to include IP routing, making it what is commonly referred to as Integrated IS-IS.

IS-IS belongs to the link-state protocol family, which exchanges topology information between nearest neighbors and floods it throughout the Autonomous System. The main advantage of link-state protocols is that complete knowledge of the network topology allows routers to choose the best path to each destination. IS-IS can also be useful for traffic engineering purposes.

RouterOS implements IS-IS supporting both IPv4 and IPv6 routing, with wide metric support for Traffic Engineering extensions. The protocol provides efficient, scalable routing suitable for large enterprise and service provider networks.

IS-IS Fundamentals

IS-IS operates as a link-state routing protocol where each router maintains a complete map of the network topology within its level. Routers exchange Link State PDUs (LSPs) with neighbors, gradually building a synchronized link-state database (LSDB) that represents the current network state. Each router independently runs the Shortest Path First (SPF) algorithm against this database to compute the shortest path tree to all destinations.

Link-State Concepts

The link-state paradigm provides each router with complete topological awareness within its routing level. Rather than sharing only route metrics with neighbors, IS-IS routers share information about their directly connected links, including interface addresses, networks, and link costs. This information propagates throughout the level, enabling every router to construct an identical representation of the topology.

Link State PDUs describe individual router interfaces and their associated networks. Each LSP contains the router’s system ID, interface information, and metric data that enables other routers to understand the network topology. The LSP flooding mechanism ensures reliable delivery through sequence number tracking and age timers. IS-IS maintains database consistency through periodic Hello packets that detect neighbor failures.

Two-Level Hierarchy

IS-IS implements a two-level hierarchy that provides scalability through area segmentation:

Level-1 (L1): Controls distribution of routing information within an IS-IS area. L1 routing is based on the system ID and provides reachability within a single area.
Level-2 (L2): Controls distribution of routing information between IS-IS areas. L2 routing is based on the area ID and provides inter-area connectivity.

This design allows large networks to scale efficiently, with routers only maintaining LSDB information for their level rather than the entire network. Routers can participate in both levels simultaneously, acting as border routers between areas.

IS-IS Terminology

Understanding IS-IS terminology is essential for proper configuration and troubleshooting:

IS (Intermediate System): A router capable of forwarding traffic between distantly located hosts.
LSP (Link State PDU): Contains information on the router’s local state, including usable interfaces, reachable neighbors, and the cost of each interface.
SPF (Shortest Path First): The Dijkstra algorithm used to calculate optimal routes from the link-state database.
DIS (Designated Intermediate System): Ensures that all routers in the network maintain a synchronized database. Separate DISs are elected for L1 and L2 routing based on the highest interface priority.
System ID: A unique identifier for each IS-IS router, typically derived from the MAC address or configured explicitly.
Area ID: Identifies the IS-IS area to which a router belongs.
NSAP (Network Service Access Point): The network layer address format used in IS-IS, comprising the area ID and system ID.
Three-Way Handshake: A mechanism for establishing point-to-point adjacencies, defined in RFC 5302.

IS-IS Router Types

IS-IS defines specific router roles that determine their responsibilities within the routing domain:

Level-1 Router

Level-1 routers maintain routing information only within their own area. They form adjacencies with other L1 routers in the same area and use the area’s link-state database for path calculation. L1 routers rely on L1/L2 routers to provide connectivity to destinations in other areas.

When sending traffic to a destination outside its area, an L1 router forwards packets toward the closest L1/L2 router, which then routes the traffic to the destination area. This behavior is similar to OSPF stub areas.

Level-2 Router

Level-2 routers maintain routing information between areas and form the backbone of the IS-IS domain. They only participate in L2 adjacencies and maintain the L2 link-state database. All inter-area traffic must pass through L2 routers.

L2 routers can connect to other L2 routers to form the backbone topology and can connect to L1/L2 routers in boundary areas.

Level-1-2 Router

Level-1-2 routers participate in both L1 and L2 routing, maintaining separate link-state databases for each level. These routers act as area border routers, providing connectivity between the local area and the backbone. They generate separate LSPs for each level and perform route summarization between L1 and L2.

IS-IS Configuration

Basic IS-IS Instance

Sub-menu: /routing isis instance

The IS-IS instance configuration establishes the router’s participation in the IS-IS routing domain. Basic configuration requires enabling the instance and setting the area ID and system ID.

Property	Type	Description	Default
name	string	Instance name for identification	default
afi	ip \| ipv6	Address family	ip
areas	list of Area ID	IS-IS areas this instance participates in
system-id	MAC address or System ID	Unique router identifier in format XXXX.XXXX.XXXX	auto
l1.originate-default	yes \| no	Generate default route in L1 area	no
l2.originate-default	yes \| no	Generate default route in L2 backbone	no
l1.circuit-type	l1 \| l1,l2	Circuit type for L1	l1,l2
l2.circuit-type	l2 \| l1,l2	Circuit type for L2	l1,l2
redistribute	list	Route classes to redistribute into IS-IS (`connected`, `static`, `ospf`, `bgp`)
out-filter-chain	string	Routing filter chain applied to redistributed routes before advertisement

Basic Instance Configuration

/routing isis instance
add afi=ip areas=49.2222 disabled=no name=isis-main system-id=90ab.cdef.0001

This creates an IS-IS instance with:

Area ID: 49.2222
System ID: 90ab.cdef.0001 (automatically formatted as 90ab.cdef.0001)

IS-IS Interface Template

Sub-menu: /routing isis interface-template

Interface templates define which interfaces participate in IS-IS and at which levels. Multiple templates can be created for different interface groups.

Property	Type	Description	Default
instance	string	IS-IS instance name
interfaces	list of interface names	Interfaces to include
levels	l1 \| l2 \| l1,l2	IS-IS levels to enable	l1,l2
priority	integer (0-255)	DIS election priority	64
cost	integer	Interface metric cost	10
hello-interval	time	Hello packet interval	10s
hold-time	time	Hello hold time multiplier	3

Basic Interface Configuration

/routing isis interface-template
add instance=isis-main interfaces=ether1 levels=l1,l2

This enables IS-IS on ether1 for both Level-1 and Level-2 routing.

Interface Costs

The cost property on the interface template controls the IS-IS metric for that link. SPF uses the sum of link costs along a path to select the best route. The default cost is 10 for all interfaces.

Assign lower costs to faster or preferred links so IS-IS routes traffic over them:

/routing isis interface-template
# High-speed core link — low cost
add instance=isis-main interfaces=ether1 levels=l1,l2 cost=10

# Slower backup link — higher cost keeps it out of normal SPF paths
add instance=isis-main interfaces=ether2 levels=l1,l2 cost=100

You can set different costs at L1 and L2 independently using l1-cost and l2-cost if supported, or apply separate templates with different levels and cost values to the same interface.

Wide metrics: RouterOS IS-IS uses wide metrics (RFC 5305), which support costs from 0 to 16,777,215. The default narrow metric range (0–63) is not used. This allows fine-grained differentiation between links without metric exhaustion.

Configuration Examples

Basic Three-Router IS-IS Network

This example demonstrates a basic IS-IS setup between three routers in the same area.

R1 Configuration:

/routing isis instance
add afi=ip areas=49.2222 disabled=no name=isis-instance-1 system-id=90ab.cdef.0001

/routing isis interface-template
add instance=isis-instance-1 interfaces=ether1 levels=l1,l2

R2 Configuration:

/routing isis instance
add afi=ip areas=49.2222 disabled=no l1.originate-default=always l2.originate-default=always \
    name=isis-instance-1 system-id=1111.2222.cded

/routing isis interface-template
add instance=isis-instance-1 interfaces=sfp12 levels=l1,l2
add instance=isis-instance-1 interfaces=lo levels=l2

Verification Commands:

View IS-IS neighbors:

[admin@MikroTik] /routing/isis/neighbor> print
 0 instance=isis-instance-1 interface=ether1 level-type=l2 snpa=08:00:27:22:B4:A2 \
    srcid="1111.2222.aded" state=up
 1 instance=isis-instance-1 interface=ether1 level-type=l2 snpa=D4:CA:6D:78:2F:2E \
    srcid="1111.2222.cded" state=up
 2 instance=isis-instance-1 interface=ether1 level-type=l1 snpa=08:00:27:22:B4:A2 \
    srcid="1111.2222.aded" state=up
 3 instance=isis-instance-1 interface=ether1 level-type=l1 snpa=D4:CA:6D:78:2F:2E \
    srcid="1111.2222.cded" state=up

View IS-IS routes:

[admin@MikroTik] /routing/route> print where is-is
Flags: A - ACTIVE; i - IS-IS
Columns: DST-ADDRESS, GATEWAY, AFI, DISTANCE, SCOPE, TARGET-SCOPE, IMMEDIATE-GW
   DST-ADDRESS        GATEWAY                AFI  DISTANCE  SCOPE  TARGET-SCOPE  IMMEDIATE-GW
 i 0.0.0.0/0          10.155.101.214%ether1  ip4       115     20            10  10.155.101.214%ether1
 i 10.155.101.0/24    10.155.101.216%ether1  ip4       115     20            10  10.155.101.216%ether1
Ai 10.255.255.162/32  10.155.101.216%ether1  ip4       115     20            10  10.155.101.216%ether1

Multi-Area IS-IS Configuration

For larger networks requiring area segmentation, configure multiple areas:

# L1-L2 Router connecting Area 49.1111 to backbone Area 49.2222
/routing isis instance
add afi=ip areas=49.1111,49.2222 name=isis-border system-id=1111.2222.abcd

/routing isis interface-template
add instance=isis-border interfaces=ether1 levels=l2
add instance=isis-border interfaces=ether2 levels=l1

This router participates in both areas:

L2 on ether1 connects to the backbone (Area 49.2222)
L1 on ether2 connects to the local area (Area 49.1111)

Route Redistribution

IS-IS can redistribute routes from other sources into the IS-IS domain, and IS-IS routes can be redistributed into other protocols. RouterOS 7 separates what to redistribute from how to filter it: the redistribute instance parameter selects route classes, and an optional out-filter-chain controls which individual routes are advertised.

Redistributing into IS-IS

Set the redistribute parameter on the IS-IS instance. Accepted values:

Value	Routes redistributed
`connected`	Directly connected interface prefixes
`static`	Manually configured static routes
`ospf`	Routes learned from OSPF
`bgp`	Routes learned from BGP

Multiple classes are specified as a comma-separated list:

# Redistribute connected and static routes into IS-IS
/routing isis instance
set isis-main redistribute=connected,static

Without a filter, all routes from the selected classes are advertised with the default metric.

Filtering Redistributed Routes

Attach a routing filter chain to control which routes are redistributed and what metric they carry:

# 1. Define the filter chain
/routing filter rule
# Redistribute only the loopback — advertise as low-cost
add chain=isis-ext-out rule="if (protocol connected && dst in 10.0.0.1/32) { \
    set isis-metric 1; accept }"

# Redistribute specific static aggregates
add chain=isis-ext-out rule="if (protocol static && dst in 10.100.0.0/16 && dst-len <= 24) { \
    set isis-metric 10; accept }"

# Block everything else
add chain=isis-ext-out rule="reject"

# 2. Attach the filter to the instance
/routing isis instance
set isis-main redistribute=connected,static out-filter-chain=isis-ext-out

Redistributing BGP Routes into IS-IS

A common service-provider use case redistributes customer-facing BGP prefixes into IS-IS for internal reachability:

/routing filter rule
# Only redistribute customer routes from a specific BGP peer range
add chain=isis-bgp-in rule="if (protocol bgp && dst in 192.168.0.0/16) { \
    set isis-metric 20; accept }"
add chain=isis-bgp-in rule="reject"

/routing isis instance
set isis-main redistribute=bgp out-filter-chain=isis-bgp-in

Default Route Origination

IS-IS can generate a default route into L1 or L2. This is useful on L1/L2 border routers that should attract traffic from L1-only routers toward the backbone:

/routing isis instance
# Originate a default route into the L1 area
set isis-main l1.originate-default=always

# Originate a default route into L2 only when a default exists in the routing table
set isis-main l2.originate-default=if-installed

Redistributing IS-IS Routes into Other Protocols

IS-IS routes appear as protocol isis in the routing table. To leak them into OSPF or BGP, add a filter rule referencing protocol isis in the target protocol’s redistribution filter:

# Leak IS-IS routes into OSPF
/routing filter rule
add chain=ospf-from-isis rule="if (protocol isis) { \
    set ospf-ext-type type2; set ospf-ext-metric 50; accept }"
add chain=ospf-from-isis rule="reject"

/routing ospf instance
set ospf1 redistribute=isis out-filter-chain=ospf-from-isis

Verification

Check which routes are being redistributed from IS-IS:

# View IS-IS routes in the routing table
/routing route print where protocol=isis

# Verify external LSPs containing redistributed routes
/routing isis lsp print detail

Monitoring and Troubleshooting

View IS-IS Neighbors

/routing isis neighbor print

Shows all IS-IS adjacencies with:

Neighbor system ID
Interface
Level (L1 or L2)
State (up/down)
Hold time
Circuit ID

View IS-IS Database

/routing isis lsp print

Displays all LSPs in the local link-state database, showing:

Originator system ID
LSP ID
Sequence number
Age
Flags

View IS-IS Routes

/routing route print where protocol=is-is

Shows all routes installed by IS-IS in the routing table.

View IS-IS Interface Status

/routing isis interface print detail

Displays IS-IS interface parameters, adjacency state, and statistics.

Troubleshooting

IS-IS Adjacency Not Forming

Verify interface is enabled in the interface template:
```
/routing isis interface-template print
```
Check interface is not disabled:
```
/interface print where name=ether1
```

Verify levels match on both ends:

/routing isis interface-template print detail

Check for mismatched authentication (if configured):
```
/routing isis instance print detail
```

Warning: “invalid 3way tlv”

This warning indicates that the remote neighbor does not comply with the three-way handshake for point-to-point networks from RFC 5303. Common causes include:

Cisco neighbors: Enable three-way handshake with:

Router(config)# interfaceGigabitEthernet1
Router(config-if)# isis three-way-handshake ietf

Other vendors: Ensure RFC 5302 compliance in their IS-IS implementation

This affects point-to-point links between routers. The adjacency may still form but with limited reliability.

Routes Not Installing

Verify adjacency is in “up” state
Check LSP synchronization:
```
/routing isis lsp print
```
Ensure SPF has run:
```
/routing isis instance print
```
Check for route filtering or redistribution issues

Standards and Technologies

IS-IS in RouterOS complies with the following RFCs:

RFC 1195 - Use of OSI IS-IS for Routing in TCP/IP and Dual Environments
RFC 5302 - Domain-Wide Prefix Distribution with Two-Level IS-IS
RFC 5303 - Three-Way Handshake for IS-IS Point-to-Point Adjacencies
RFC 5305 - IS-IS Extensions for Traffic Engineering (wide metric support only)
RFC 5308 - Routing IPv6 with IS-IS

Comparison with OSPF

Feature	IS-IS	OSPF
Area Types	L1, L2, L1/L2	Standard, Stub, NSSA, Totally Stub
Metric	Wide (0-16777215)	Cost (0-65535)
Router ID	System ID (6 bytes)	Router ID (4 bytes)
Protocol	CLNP-based	IP-based
LSA Types	LSP, SNP	LSA Types 1-5, 7
Hello Packets	IIH (IS-IS Hello)	OSPF Hello
DIS Election	Priority + MAC	Priority + Router ID
SPF	Single algorithm	Separate for L1 and L2

IS-IS is often preferred in service provider environments due to its simpler operation and better scalability for very large networks. OSPF is more common in enterprise networks due to its integration with IP and wider vendor support.