IS-IS - route filtering

IS-IS is a link-state routing protocol, and thus it can perform route filtering only between areas. The logic behind this is much the same as that for OSPF, another well-known link-state routing protocol.

For these protocols, the LSDB must be the same for all routers within a particular area, thus filtering advertisements between routers in the same area violates this requirement.

Another option is to selectively prevent routes from being installed in the local routing table. For OSPF this can be done using distribute list filtering. Similarly for IS-IS, this can be achieved using route maps along with prefix-lists or access lists. This will not prevent the propagation of updates between routers, thus not violating the requirement of link-state routing protocols, but will only influence what routes the local routing table installs.

An example of such a configuration using ACLs can be found below:

  1. Define an Access List:

    This list specifies the routes you wish to match.

    access-list 10 permit
  2. Define a Route Map:

    A route map references the access list and defines the action to take (permit or deny) for the matched routes.

    route-map ISIS-FILTER permit 10 match ip address prefix-list PFX-LIST set metric +10

    In this example, routes matching the prefix list will have their metric increased by 10.

  3. Apply the Route Map to IS-IS:

    Now, apply the route map to the IS-IS process. Depending on your goal, you can apply it for redistributed routes or directly on the interface for incoming or outgoing routes.

    • For redistributed routes:

      router isis redistribute static route-map ISIS-FILTER
    • For routes from a specific interface (for example, applying a filter to routes learned on an interface):

      interface GigabitEthernet0/1 ip router isis isis distribute-list route-map ISIS-FILTER in

Remember that the in keyword filters routes being installed in the local routing table, while the out keyword would affect routes being advertised out the interface.

Manipulating routes this way is a powerful tool, but it can be complex and can cause unintended routing behaviors if not configured carefully. Always test your configurations in a lab or simulated environment before applying them to a production network.