V7.14.1 ISIS evaluation

volga629 · March 14, 2024, 8:33pm

Hello Everyone,
I am trying to evaluate ISIS CHR version 7.14.1 and have 2 items to review.

Setup :

Each MikroTik contain one VRF and bridge interface attached to VRF. Between two mikrotiks direct link. Also lo interfaces attached to same VRF ( EVE-NG lab )

Items:

I can’t advertise loopbacks /32 only subnets I tried level 1 and level 2.

LSP

[admin@BL-RT-1] /routing/isis/interface-template> ../lsp/print
Flags: I - inactive
 0   instance=isis-ins-1 level=l1 lsp-id="30ce.cdef.0001.00-00" age=978 checksum=0x3A24
     sequence=0x4 body=
       areas: 49310
       nlpid: IP
       is-reach:
           30ce.cdef.0001.01 20
       ip-reach:
           172.30.100.0/28 20
       ip-reach:
           172.30.100.0/28 1
       is-reach-ext:
           30ce.cdef.0001.01 20
       ip-reach-ext:
           172.30.100.0/28 20
           172.30.100.0/28 1

 1   instance=isis-ins-1 level=l1 lsp-id="30ce.cdef.0001.01-00" age=978 checksum=0xAD2
     sequence=0x2 body=
       is-reach:
           30ce.cdef.0001.00 0
           30de.cdef.0002.00 0
       is-reach-ext:
           30ce.cdef.0001.00 0
           30de.cdef.0002.00 0

 2   instance=isis-ins-1 level=l1 lsp-id="30de.cdef.0002.00-00" age=1005 checksum=0x73DA
     sequence=0x3 body=
       areas: 49310
       nlpid: IP
       is-reach:
           30ce.cdef.0001.01 20
       ip-reach:
           172.30.100.0/28 20
       ip-reach:
           172.30.100.0/28 1
       is-reach-ext:
           30ce.cdef.0001.01 20
       ip-reach-ext:
           172.30.100.0/28 20
           172.30.100.0/28 1

 3   instance=isis-ins-1 level=l2 lsp-id="30ce.cdef.0001.00-00" age=1122 checksum=0xAF81
     sequence=0x3 body=
       areas: 49310
       nlpid: IP
       is-reach:
           30ce.cdef.0001.01 20
       ip-reach:
           172.30.100.0/28 20
           172.30.100.0/28 21
       ip-reach:
           172.30.100.0/28 1
       is-reach-ext:
           30ce.cdef.0001.01 20
       ip-reach-ext:
           172.30.100.0/28 20
           172.30.100.0/28 21
           172.30.100.0/28 1

 4   instance=isis-ins-1 level=l2 lsp-id="30ce.cdef.0001.01-00" age=1122 checksum=0xECD
     sequence=0x1 body=
       is-reach:
           30ce.cdef.0001.00 0
           30de.cdef.0002.00 0
       is-reach-ext:
           30ce.cdef.0001.00 0
           30de.cdef.0002.00 0

 5   instance=isis-ins-1 level=l2 lsp-id="30de.cdef.0002.00-00" age=1149 checksum=0xE838
     sequence=0x2 body=
       areas: 49310
       nlpid: IP
       is-reach:
           30ce.cdef.0001.01 20
       ip-reach:
           172.30.100.0/28 20
           172.30.100.0/28 21
       ip-reach:
           172.30.100.0/28 1
       is-reach-ext:
           30ce.cdef.0001.01 20
       ip-reach-ext:
           172.30.100.0/28 20
           172.30.100.0/28 21
           172.30.100.0/28 1

/ip/route/print
Flags: D - DYNAMIC; I - INACTIVE, A - ACTIVE; c - CONNECT, i - IS-IS, d - DHCP; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, DISTANCE
     DST-ADDRESS      GATEWAY                DISTANCE
DAd  0.0.0.0/0        10.41.100.1                   1
DAc  10.41.100.0/24   MGMT-V313-eth4                0
DAc  172.25.100.5/32  lo                            0
DIiH 172.30.100.0/28  172.30.100.4%D-L2-br0       115
DAc  172.30.100.0/28  D-L2-br0@C-L2-DCI             0

[admin@BL-RT-1] /routing/isis/interface-template> ../instance/print
Flags: X - disabled, I - inactive
 0   name="isis-ins-1" vrf=C-L2-DCI afi=ip system-id="30ce.cdef.0001" areas=49.3100
     l1.redistribute=connected
     l2.redistribute=connected

ISIS received routes is not set under VRF route table only main.

[admin@BL-RT-1] /routing/isis/interface-template> /ip/route/print detail
Flags: D - dynamic; X - disabled, I - inactive, A - active;
c - connect, s - static, r - rip, b - bgp, o - ospf, i - is-is, d - dhcp, v - vpn, m - modem, y - bgp-mpls-vpn;
H - hw-offloaded; + - ecmp
   DAd   dst-address=0.0.0.0/0 routing-table=main pref-src="" gateway=10.41.100.1
         immediate-gw=10.41.100.1%MGMT-V313-eth4 distance=1 scope=30 target-scope=10
         vrf-interface=MGMT-V313-eth4 suppress-hw-offload=no

   DAc   dst-address=10.41.100.0/24 routing-table=main gateway=MGMT-V313-eth4
         immediate-gw=MGMT-V313-eth4 distance=0 scope=10 suppress-hw-offload=no
         local-address=10.41.100.144%MGMT-V313-eth4

   DAc   dst-address=172.25.100.5/32 routing-table=main gateway=lo immediate-gw=lo distance=0
         scope=10 suppress-hw-offload=no local-address=172.25.100.5%lo

[b]   DIiH  dst-address=172.30.100.0/28 routing-table=main gateway=172.30.100.4%D-L2-br0
         distance=115 scope=20 target-scope=10 suppress-hw-offload=no[/b]

   DAc   dst-address=172.30.100.0/28 routing-table=C-L2-DCI gateway=D-L2-br0@C-L2-DCI
         immediate-gw=D-L2-br0 distance=0 scope=10 suppress-hw-offload=no
         local-address=172.30.100.5%D-L2-br0@C-L2-DCI

volga629 · March 14, 2024, 8:43pm

For Item number 1 seems like lo interface is not working with VRF, because under VRF route table missing connected route. Work around is back to old way create additional bridge loop0

volga629 · March 15, 2024, 2:31am

After some testing need report few main issues

Filter chains is not accepted under instances.
ISIS routes is not imported into VRF.
Loopback lo is can’t be attached to VRF.

mrz · March 15, 2024, 7:24am

Lo is not supposed to be attached to VRF.
VRFs have their own vrf interfaces (interface name is the same as vrf name).

volga629 · March 15, 2024, 11:51am

What purpose of VRF as interface ?

mrz · March 15, 2024, 1:30pm

https://www.dasblinkenlichten.com/working-with-linux-vrfs/

volga629 · March 15, 2024, 3:39pm

Thank you for post, I am very familiar with linux VRF and L3 isolation.

mrz · March 15, 2024, 3:52pm

Then you are familiar what is the purpose of VRF as interface with the linux, the same is with the ROS.