Specifications
Implementing IS-IS on Cisco IOS XR Software
Information About Implementing IS-IS on Cisco IOS XR Software
RC-174
Cisco IOS XR Routing Configuration Guide
The keychain feature allows IS-IS to reference configured keychains. IS-IS key chains enable hello and
LSP keychain authentication. Keychains can be configured at the router level (in the case of the
lsp-password command) and at the interface level (in the case of the hello-password command) within
IS-IS. These commands reference the global keychain configuration and instruct the IS-IS protocol to
obtain security parameters from the global set of configured keychains.
IS-IS is able to use the keychain to implement hitless key rollover for authentication. The key rollover
specification is time based, and in the event of clock skew between the peers, the rollover process is
impacted. The configurable tolerance specification allows for the accept window to be extended (before
and after) by that margin. This accept window facilitates a hitless key rollover for applications (for
example, routing and management protocols).
See Cisco IOS XR System Security Guide for information on keychain management.
Nonstop Forwarding
On Cisco IOS XR software, NSF minimizes the amount of time a network is unavailable to its users
following a route processor (RP) failover. The main objective of NSF is to continue forwarding IP
packets and perform a graceful restart following an RP failover.
When a router restarts, all routing peers of that device usually detect that the device went down and then
came back up. This transition results in what is called a routing flap, which could spread across multiple
routing domains. Routing flaps caused by routing restarts create routing instabilities, which are
detrimental to the overall network performance. NSF helps to suppress routing flaps in NSF-aware
devices, thus reducing network instability.
NSF allows for the forwarding of data packets to continue along known routes while the routing protocol
information is being restored following an RP failover. When the NSF feature is configured, peer
networking devices do not experience routing flaps. Data traffic is forwarded through intelligent line
cards while the standby RP assumes control from the failed active RP during a failover. The ability of
line cards to remain up through a failover and to be kept current with the Forwarding Information Base
(FIB) on the active RP is key to NSF operation.
When the Cisco IOS XR router running IS-IS routing performs an RP failover, the router must perform
two tasks to resynchronize its link-state database with its IS-IS neighbors. First, it must relearn the
available IS-IS neighbors on the network without causing a reset of the neighbor relationship. Second,
it must reacquire the contents of the link-state database for the network.
The IS-IS NSF feature offers two options when configuring NSF:
• IETF NSF
• Cisco NSF
If neighbor routers on a network segment are NSF aware, meaning that neighbor routers are running a
software version that supports the IETF Internet draft for router restartability, they assist an IETF NSF
router that is restarting. With IETF NSF, neighbor routers provide adjacency and link-state information
to help rebuild the routing information following a failover.
In Cisco IOS XR software, Cisco NSF checkpoints (stores persistently) all the state necessary to recover
from a restart without requiring any special cooperation from neighboring routers. The state is recovered
from the neighboring routers, but only using the standard features of the IS-IS routing protocol. This
capability makes Cisco NSF suitable for use in networks in which other routers have not used the IETF
standard implementation of NSF.