Skip to content
MikroTik RouterOS Docs

IS-IS

IS-IS

Section titled “IS-IS”

IS-IS (Intermediate System to Intermediate System) is an Interior Gateway Protocol (IGP) used to distribute IP routing information throughout a single Autonomous System. Originally developed as a routing protocol for CLNP (Connectionless Network Protocol), it was later extended to include IP routing, making it what is commonly referred to as Integrated IS-IS.

IS-IS belongs to the link-state protocol family, which exchanges topology information between nearest neighbors and floods it throughout the Autonomous System. The main advantage of link-state protocols is that complete knowledge of the network topology allows routers to choose the best path to each destination. IS-IS can also be useful for traffic engineering purposes.

RouterOS implements IS-IS supporting both IPv4 and IPv6 routing, with wide metric support for Traffic Engineering extensions. The protocol provides efficient, scalable routing suitable for large enterprise and service provider networks.

IS-IS Fundamentals

Section titled “IS-IS Fundamentals”

IS-IS operates as a link-state routing protocol where each router maintains a complete map of the network topology within its level. Routers exchange Link State PDUs (LSPs) with neighbors, gradually building a synchronized link-state database (LSDB) that represents the current network state. Each router independently runs the Shortest Path First (SPF) algorithm against this database to compute the shortest path tree to all destinations.

Section titled “Link-State Concepts”

The link-state paradigm provides each router with complete topological awareness within its routing level. Rather than sharing only route metrics with neighbors, IS-IS routers share information about their directly connected links, including interface addresses, networks, and link costs. This information propagates throughout the level, enabling every router to construct an identical representation of the topology.

Link State PDUs describe individual router interfaces and their associated networks. Each LSP contains the router’s system ID, interface information, and metric data that enables other routers to understand the network topology. The LSP flooding mechanism ensures reliable delivery through sequence number tracking and age timers. IS-IS maintains database consistency through periodic Hello packets that detect neighbor failures.

Two-Level Hierarchy

Section titled “Two-Level Hierarchy”

IS-IS implements a two-level hierarchy that provides scalability through area segmentation:

  • Level-1 (L1): Controls distribution of routing information within an IS-IS area. L1 routing is based on the system ID and provides reachability within a single area.
  • Level-2 (L2): Controls distribution of routing information between IS-IS areas. L2 routing is based on the area ID and provides inter-area connectivity.

This design allows large networks to scale efficiently, with routers only maintaining LSDB information for their level rather than the entire network. Routers can participate in both levels simultaneously, acting as border routers between areas.

IS-IS Terminology

Section titled “IS-IS Terminology”

Understanding IS-IS terminology is essential for proper configuration and troubleshooting:

  • IS (Intermediate System): A router capable of forwarding traffic between distantly located hosts.
  • LSP (Link State PDU): Contains information on the router’s local state, including usable interfaces, reachable neighbors, and the cost of each interface.
  • SPF (Shortest Path First): The Dijkstra algorithm used to calculate optimal routes from the link-state database.
  • DIS (Designated Intermediate System): Ensures that all routers in the network maintain a synchronized database. Separate DISs are elected for L1 and L2 routing based on the highest interface priority.
  • System ID: A unique identifier for each IS-IS router, typically derived from the MAC address or configured explicitly.
  • Area ID: Identifies the IS-IS area to which a router belongs.
  • NSAP (Network Service Access Point): The network layer address format used in IS-IS, comprising the area ID and system ID.
  • Three-Way Handshake: A mechanism for establishing point-to-point adjacencies, defined in RFC 5302.

IS-IS Router Types

Section titled “IS-IS Router Types”

IS-IS defines specific router roles that determine their responsibilities within the routing domain:

Level-1 Router

Section titled “Level-1 Router”

Level-1 routers maintain routing information only within their own area. They form adjacencies with other L1 routers in the same area and use the area’s link-state database for path calculation. L1 routers rely on L1/L2 routers to provide connectivity to destinations in other areas.

When sending traffic to a destination outside its area, an L1 router forwards packets toward the closest L1/L2 router, which then routes the traffic to the destination area. This behavior is similar to OSPF stub areas.

Level-2 Router

Section titled “Level-2 Router”

Level-2 routers maintain routing information between areas and form the backbone of the IS-IS domain. They only participate in L2 adjacencies and maintain the L2 link-state database. All inter-area traffic must pass through L2 routers.

L2 routers can connect to other L2 routers to form the backbone topology and can connect to L1/L2 routers in boundary areas.

Level-1-2 Router

Section titled “Level-1-2 Router”

Level-1-2 routers participate in both L1 and L2 routing, maintaining separate link-state databases for each level. These routers act as area border routers, providing connectivity between the local area and the backbone. They generate separate LSPs for each level and perform route summarization between L1 and L2.

IS-IS Configuration

Section titled “IS-IS Configuration”

Basic IS-IS Instance

Section titled “Basic IS-IS Instance”

Sub-menu: /routing isis instance

The IS-IS instance configuration establishes the router’s participation in the IS-IS routing domain. Basic configuration requires enabling the instance and setting the area ID and system ID.

On RouterOS 7.15.3, /routing isis instance supports only afi, areas, disabled, name, and system-id.

RouterOS 7.15.3 does not expose IS-IS route redistribution, default route origination, per-level circuit-type controls, or an IS-IS-specific routing filter hook on the instance. Properties such as redistribute, l1.originate-default, l2.originate-default, l1.circuit-type, l2.circuit-type, and out-filter-chain are not available, and you cannot use /routing filter rule actions such as set isis-metric to modify IS-IS advertisements.

PropertyTypeDescriptionDefault
namestringInstance name for identificationdefault
afiip | ipv6Address familyip
areaslist of Area IDIS-IS areas this instance participates in
disabledyes | noEnables or disables the IS-IS instanceyes
system-idMAC address or System IDUnique router identifier in format XXXX.XXXX.XXXXauto

Basic Instance Configuration

Section titled “Basic Instance Configuration”
/routing isis instance
add afi=ip areas=49.2222 disabled=no name=isis-main system-id=90ab.cdef.0001

This creates an IS-IS instance with:

  • Area ID: 49.2222
  • System ID: 90ab.cdef.0001 (automatically formatted as 90ab.cdef.0001)

IS-IS Interface Template

Section titled “IS-IS Interface Template”

Sub-menu: /routing isis interface-template

Interface templates define which interfaces participate in IS-IS and at which levels. Multiple templates can be created for different interface groups.

On RouterOS 7.15.3, /routing isis interface-template supports only instance, interfaces, and levels. cost, priority, hello-interval, and hold-time are not available in this menu.

PropertyTypeDescriptionDefault
instancestringIS-IS instance name
interfaceslist of interface namesInterfaces to include
levelsl1 | l2 | l1,l2IS-IS levels to enablel1,l2

Basic Interface Configuration

Section titled “Basic Interface Configuration”
/routing isis interface-template
add instance=isis-main interfaces=ether1 levels=l1,l2

This enables IS-IS on ether1 for both Level-1 and Level-2 routing.

Configuration Examples

Section titled “Configuration Examples”

Basic Three-Router IS-IS Network

Section titled “Basic Three-Router IS-IS Network”

This example demonstrates a basic IS-IS setup between three routers in the same area.

R1 Configuration:

/routing isis instance
add afi=ip areas=49.2222 disabled=no name=isis-instance-1 system-id=90ab.cdef.0001


/routing isis interface-template
add instance=isis-instance-1 interfaces=ether1 levels=l1,l2

R2 Configuration:

/routing isis instance
add afi=ip areas=49.2222 disabled=no name=isis-instance-1 system-id=1111.2222.cded


/routing isis interface-template
add instance=isis-instance-1 interfaces=sfp12 levels=l1,l2
add instance=isis-instance-1 interfaces=lo levels=l2

Verification Commands:

View IS-IS neighbors:

[admin@MikroTik] /routing/isis/neighbor> print
 0 instance=isis-instance-1 interface=ether1 level-type=l2 snpa=08:00:27:22:B4:A2 \
    srcid="1111.2222.aded" state=up
 1 instance=isis-instance-1 interface=ether1 level-type=l2 snpa=D4:CA:6D:78:2F:2E \
    srcid="1111.2222.cded" state=up
 2 instance=isis-instance-1 interface=ether1 level-type=l1 snpa=08:00:27:22:B4:A2 \
    srcid="1111.2222.aded" state=up
 3 instance=isis-instance-1 interface=ether1 level-type=l1 snpa=D4:CA:6D:78:2F:2E \
    srcid="1111.2222.cded" state=up

View IS-IS routes:

[admin@MikroTik] /routing/route> print where is-is
Flags: A - ACTIVE; i - IS-IS
Columns: DST-ADDRESS, GATEWAY, AFI, DISTANCE, SCOPE, TARGET-SCOPE, IMMEDIATE-GW
   DST-ADDRESS        GATEWAY                AFI  DISTANCE  SCOPE  TARGET-SCOPE  IMMEDIATE-GW
 i 0.0.0.0/0          10.155.101.214%ether1  ip4       115     20            10  10.155.101.214%ether1
 i 10.155.101.0/24    10.155.101.216%ether1  ip4       115     20            10  10.155.101.216%ether1
Ai 10.255.255.162/32  10.155.101.216%ether1  ip4       115     20            10  10.155.101.216%ether1

Multi-Area IS-IS Configuration

Section titled “Multi-Area IS-IS Configuration”

For larger networks requiring area segmentation, configure multiple areas:

# L1-L2 Router connecting Area 49.1111 to backbone Area 49.2222
/routing isis instance
add afi=ip areas=49.1111,49.2222 name=isis-border system-id=1111.2222.abcd


/routing isis interface-template
add instance=isis-border interfaces=ether1 levels=l2
add instance=isis-border interfaces=ether2 levels=l1

This router participates in both areas:

  • L2 on ether1 connects to the backbone (Area 49.2222)
  • L1 on ether2 connects to the local area (Area 49.1111)

Monitoring and Troubleshooting

Section titled “Monitoring and Troubleshooting”

View IS-IS Neighbors

Section titled “View IS-IS Neighbors”
/routing isis neighbor print

Shows all IS-IS adjacencies with:

  • Neighbor system ID
  • Interface
  • Level (L1 or L2)
  • State (up/down)
  • Hold time
  • Circuit ID

View IS-IS Database

Section titled “View IS-IS Database”
/routing isis lsp print

Displays all LSPs in the local link-state database, showing:

  • Originator system ID
  • LSP ID
  • Sequence number
  • Age
  • Flags

View IS-IS Routes

Section titled “View IS-IS Routes”
/routing route print where protocol=is-is

Shows all routes installed by IS-IS in the routing table.

View IS-IS Interface Status

Section titled “View IS-IS Interface Status”
/routing isis interface print detail

Displays IS-IS interface parameters, adjacency state, and statistics.

Troubleshooting

Section titled “Troubleshooting”

IS-IS Adjacency Not Forming

Section titled “IS-IS Adjacency Not Forming”

  1. Verify interface is enabled in the interface template:

    /routing isis interface-template print

  2. Check interface is not disabled:

    /interface print where name=ether1

  3. Verify levels match on both ends:

    /routing isis interface-template print detail

  4. Check for mismatched authentication (if configured):

    /routing isis instance print detail

Warning: “invalid 3way tlv”

Section titled “Warning: “invalid 3way tlv””

This warning indicates that the remote neighbor does not comply with the three-way handshake for point-to-point networks from RFC 5303. Common causes include:

  • Cisco neighbors: Enable three-way handshake with:

    Router(config)# interfaceGigabitEthernet1
    Router(config-if)# isis three-way-handshake ietf

  • Other vendors: Ensure RFC 5302 compliance in their IS-IS implementation

This affects point-to-point links between routers. The adjacency may still form but with limited reliability.

Routes Not Installing

Section titled “Routes Not Installing”
  1. Verify adjacency is in “up” state
  2. Check LSP synchronization: 
    /routing isis lsp print
  3. Ensure SPF has run: 
    /routing isis instance print
  4. Check interface template levels match on both ends

Standards and Technologies

Section titled “Standards and Technologies”

IS-IS in RouterOS complies with the following RFCs:

  • RFC 1195 - Use of OSI IS-IS for Routing in TCP/IP and Dual Environments
  • RFC 5302 - Domain-Wide Prefix Distribution with Two-Level IS-IS
  • RFC 5303 - Three-Way Handshake for IS-IS Point-to-Point Adjacencies
  • RFC 5305 - IS-IS Extensions for Traffic Engineering (wide metric support only)
  • RFC 5308 - Routing IPv6 with IS-IS

Comparison with OSPF

Section titled “Comparison with OSPF”
FeatureIS-ISOSPF
Area TypesL1, L2, L1/L2Standard, Stub, NSSA, Totally Stub
MetricWide (0-16777215)Cost (0-65535)
Router IDSystem ID (6 bytes)Router ID (4 bytes)
ProtocolCLNP-basedIP-based
LSA TypesLSP, SNPLSA Types 1-5, 7
Hello PacketsIIH (IS-IS Hello)OSPF Hello
DIS ElectionPriority + MACPriority + Router ID
SPFSingle algorithmSeparate for L1 and L2

IS-IS is often preferred in service provider environments due to its simpler operation and better scalability for very large networks. OSPF is more common in enterprise networks due to its integration with IP and wider vendor support.