DEV Community

FirstPassLab
FirstPassLab

Posted on • Originally published at firstpasslab.com

IS-IS vs OSPF: Why Every Major Service Provider Chose IS-IS (and How It Powers Segment Routing)

#networking #cisco #tutorial #devops

IS-IS (Intermediate System to Intermediate System) is the dominant interior gateway protocol in service provider networks worldwide. If you work in or around SP infrastructure, IS-IS isn't optional — it's the foundation everything else (MPLS, Segment Routing, traffic engineering) runs on top of.

This post breaks down why SPs chose IS-IS over OSPF, how its addressing and multi-level design work, and how it integrates natively with Segment Routing — the technology replacing RSVP-TE in modern backbones.

Why Did Service Providers Choose IS-IS Over OSPF?

This is the question OSPF-trained enterprise engineers always ask. The answer goes deeper than "it's what SPs use."

1. Protocol Independence (CLNS, Not IP)

OSPF runs on top of IP — it uses IP protocol 89 and depends on IP addressing to function. IS-IS runs on CLNS (Connectionless-Mode Network Service) at Layer 2, next to IP rather than on top of it.

Why this matters:

  • IS-IS can carry any protocol's routing information through TLVs — IPv4, IPv6, SR extensions, TE metrics — without redesigning the protocol
  • No chicken-and-egg problem: OSPF uses IP to distribute IP routes; IS-IS uses CLNS independently
  • If the IP control plane breaks, IS-IS adjacencies stay up because they don't depend on IP

2. TLV Extensibility — IS-IS's Superpower

IS-IS uses Type-Length-Value encoding for all information in Link State PDUs. Adding new capabilities = defining a new TLV. No protocol version change, no backward-compatibility break.

Compare to OSPF:

  • 11 distinct LSA types with different flooding scopes
  • Opaque LSAs (Types 9/10/11) bolted on for TE
  • OSPFv2 for IPv4, OSPFv3 for IPv6 — two separate implementations

IS-IS carries IPv4, IPv6, TE, and Segment Routing SIDs all in a single instance. When SR was standardized, IS-IS absorbed it natively. OSPF required additional LSA extensions.

3. Simpler Flooding

OSPF flooding is complex: different LSA types flood differently (Type 1/2 within area, Type 3/4/5 between areas, Type 7 for NSSA). Each area maintains separate LSDBs for different scopes.

IS-IS flooding:

  • Level 1 LSPs flood within the L1 area
  • Level 2 LSPs flood across the L2 backbone
  • That's it. Two scopes.

For SP networks with thousands of nodes, simpler flooding = faster convergence and fewer protocol bugs.

Side-by-Side Comparison

Feature IS-IS OSPF
Transport CLNS (Layer 2) IP (Layer 3)
Extension model TLV-based 11+ LSA types
IPv4 + IPv6 Single instance OSPFv2 + OSPFv3
Flooding scopes 2 (L1, L2) 5+ (LSA-dependent)
Area boundary On the link On the router interface
DIS election DIS (no BDR) DR + BDR
SR integration Native TLV extensions Opaque LSA extensions

NET Addressing Demystified

NET (Network Entity Title) addressing is what confuses OSPF-trained engineers the most. It's based on CLNS/NSAP addressing:

49.0001.1921.6800.1001.00
|   |     |              |
|   |     +-- System ID (6 bytes, unique per router)
|   +------- Area ID (variable length)
+----------- AFI (49 = private, like RFC 1918)
                         +-- SEL (00 = the router itself)
Enter fullscreen mode Exit fullscreen mode

Key points:

  • AFI 49 = private address space (always used in labs)
  • Area ID = identifies the IS-IS area (0001, 0002, etc.)
  • System ID = 6 bytes, must be unique. Common trick: embed the loopback IP (192.168.0.1 → 1921.6800.0001)
  • SEL 00 = identifies the IS-IS process itself

Multi-Level Design

IS-IS uses a two-level hierarchy that maps naturally to SP topology:

[CE]---[L1 PE]---[L1/L2 P]===[L2 P Core]===[L1/L2 P]---[L1 PE]---[CE]
      Area 49.0001        L2 Backbone         Area 49.0002
Enter fullscreen mode Exit fullscreen mode
  • Level 1 (Access/Edge): L1 routers know local area topology. They use the attach bit to install a default route toward L1/L2 border routers.
  • Level 2 (Backbone/Core): L2 routers form the contiguous backbone with full inter-area topology.
  • Level 1/2 (Border): Participate in both databases, redistribute between levels.

Route Leaking

By default, L2 routes aren't visible to L1 routers. When you need specific L2 routes in L1 (for optimal routing or TE):

router isis CORE
 address-family ipv4 unicast
  propagate level 2 into level 1 route-policy L2_TO_L1
Enter fullscreen mode Exit fullscreen mode

Overload Bit

The OL bit signals "don't use me for transit." Essential for maintenance and startup:

router isis CORE
 set-overload-bit on-startup wait-for-bgp
Enter fullscreen mode Exit fullscreen mode

This prevents traffic blackholing while BGP converges after a reboot.

IS-IS + Segment Routing: The Modern SP Stack

IS-IS and Segment Routing are the standard combination for modern SP backbone design. SR-MPLS with IS-IS has largely replaced traditional RSVP-TE in new deployments.

Prefix SIDs (Node SIDs)

A prefix SID is a globally unique SR identifier for a router's loopback, advertised via IS-IS TLV 135 (extended IP reachability):

interface Loopback0
 address-family ipv4 unicast
  prefix-sid index 1    ← label = SRGB base + 1
Enter fullscreen mode Exit fullscreen mode

Every router computes shortest path to each prefix SID and programs the MPLS label. No RSVP signaling, no LDP — just IS-IS with an extra TLV.

Adjacency SIDs

Local labels for specific IS-IS adjacencies — used for traffic engineering (steering traffic over a specific link):

show isis adjacency detail
show isis segment-routing label table
Enter fullscreen mode Exit fullscreen mode

TI-LFA: Sub-50ms Failover

Topology-Independent Loop-Free Alternate pre-computes backup segment lists for every protected adjacency. Unlike traditional LFA (topology-dependent), TI-LFA works everywhere:

router isis CORE
 address-family ipv4 unicast
  fast-reroute per-prefix
  fast-reroute per-prefix tiebreaker node-protecting index 100
Enter fullscreen mode Exit fullscreen mode

Essential Verification Commands 

# IS-IS adjacency and database
show isis adjacency
show isis database detail
show isis route

# Segment Routing
show isis segment-routing label table
show isis segment-routing prefix-sid-map active
show mpls forwarding

# TI-LFA backup paths
show isis fast-reroute summary
show cef 10.0.0.2/32 detail    # shows backup path with segment list
Enter fullscreen mode Exit fullscreen mode

Full IOS-XR Configuration Example 

router isis CORE
 is-type is-is
 net 49.0001.0010.0000.0001.00
 address-family ipv4 unicast
  metric-style wide
  segment-routing mpls
 !
 address-family ipv6 unicast
  metric-style wide
  segment-routing mpls
 !
 interface Loopback0
  passive
  address-family ipv4 unicast
   prefix-sid index 1
  !
 !
 interface GigabitEthernet0/0/0/0
  point-to-point
  address-family ipv4 unicast
  !
 !
Enter fullscreen mode Exit fullscreen mode

Key config points:

  • is-type is-is — both L1 and L2 (IOS-XR default)
  • metric-style wide — mandatory for TE and SR (narrow only supports 0-63)
  • segment-routing mpls — enables SR prefix SIDs in IS-IS TLV advertisements

Where IS-IS Knowledge Transfers

Beyond SP backbones, IS-IS expertise applies to:

  • Enterprise SDA — Cisco SD-Access uses IS-IS as its underlay IGP
  • Data center fabrics — some designs use IS-IS as the underlay routing protocol
  • Any SR-MPLS deployment — IS-IS is the preferred IGP for Segment Routing

Originally published at FirstPassLab. For more deep dives on SP protocols, network automation, and lab builds, visit firstpasslab.com.

AI Disclosure: This article was adapted from the original with AI assistance. Technical content has been reviewed for accuracy.

Top comments (0)