IS-IS (Intermediate System to Intermediate System) is the dominant interior gateway protocol in service provider networks worldwide, and it’s the primary IGP tested on the CCIE Service Provider v5.0 blueprint. If you’re studying for CCIE SP or working in an SP environment, IS-IS isn’t optional — it’s the foundation everything else (MPLS, Segment Routing, traffic engineering) runs on top of.
Key Takeaway: Service providers chose IS-IS over OSPF decades ago for its TLV extensibility, protocol independence, and simpler flooding mechanics — and that decision has been validated repeatedly, most recently by IS-IS’s seamless integration with Segment Routing without requiring a protocol version change.
Why Did Service Providers Choose IS-IS Over OSPF?
This is the question OSPF-trained enterprise engineers always ask, and the answer goes beyond “it’s what SPs use.”
Protocol Independence (CLNS, Not IP)
OSPF runs on top of IP — it uses IP protocol 89 and depends on IP addressing to function. IS-IS runs on CLNS (Connectionless-Mode Network Service) at Layer 2 of the OSI model, next to IP rather than on top of it.
Why this matters:
- IS-IS can carry any protocol’s routing information through TLVs — IPv4, IPv6, Segment Routing extensions, traffic engineering metrics — without redesigning the protocol itself
- No dependency on the routing it provides — OSPF has a chicken-and-egg problem: it uses IP to distribute IP routes. IS-IS uses CLNS for transport independently of the IP routes it carries
- Simpler recovery — if the IP control plane breaks, IS-IS adjacencies stay up because they don’t depend on IP
According to the NSRC IS-IS vs OSPF analysis, “In early 1990s, Cisco implementation of IS-IS was much more stable and reliable than OSPF implementation — ISPs naturally preferred IS-IS.”
TLV Extensibility
This is IS-IS’s superpower. The protocol uses a Type-Length-Value (TLV) encoding for all information carried in Link State PDUs (LSPs). Adding new capabilities is as simple as defining a new TLV — no protocol version change, no backward-compatibility break.
Compare this to OSPF, which has:
- 11 distinct LSA types with different flooding scopes
- Opaque LSAs (Types 9/10/11) added as an afterthought for TE
- OSPFv2 for IPv4 and OSPFv3 for IPv6 — two separate protocol implementations
IS-IS carries IPv4, IPv6, TE extensions, and Segment Routing SIDs all in a single protocol instance through TLVs. When Segment Routing was standardized, IS-IS absorbed it natively. OSPF required additional LSA extensions and more complex implementation.
Simpler Flooding Mechanics
OSPF flooding is complex: different LSA types flood differently (Type 1/2 within area, Type 3/4/5 between areas, Type 7 for NSSA). Each area maintains separate LSDBs for different LSA scopes.
IS-IS flooding is straightforward:
- Level 1 LSPs flood within the L1 area
- Level 2 LSPs flood across the L2 backbone
- That’s it. Two scopes. No LSA type matrix.
For SP networks with thousands of nodes, simpler flooding means faster convergence and fewer protocol-related bugs.
| Feature | IS-IS | OSPF |
|---|---|---|
| Transport | CLNS (Layer 2) | IP (Layer 3) |
| Extension model | TLV-based (add new TLV) | LSA types (11+, complex) |
| IPv4 + IPv6 | Single instance, multi-topology | OSPFv2 + OSPFv3 (two instances) |
| Flooding scopes | 2 (L1, L2) | 5+ (LSA type-dependent) |
| Area boundary | On the link | On the router interface |
| DIS election | DIS (no BDR) | DR + BDR |
| SR integration | Native TLV extensions | Opaque LSA extensions |
How Does NET Addressing Work?
NET (Network Entity Title) addressing is what confuses OSPF-trained engineers the most. It’s based on CLNS/NSAP addressing — a different addressing scheme from IP.
NET Format
49.0001.1921.6800.1001.00
| | | |
| | +-- System ID (6 bytes, unique per router)
| +------- Area ID (variable length)
+------------- AFI (49 = private address space)
+-- SEL (00 = the router itself)
AFI 49 — Authority and Format Identifier. 49 means “private” (like RFC 1918 for IP). You’ll always use 49 in lab environments.
Area ID — Identifies the IS-IS area. Can be 1-13 bytes. Common practice: 0001, 0002, etc.
System ID — 6 bytes, must be unique across the IS-IS domain. Common practice: embed the router’s loopback IP. For 192.168.0.1: 1921.6800.0001.
Selector (SEL) — Always 00 for the router’s NET (identifies the IS-IS process itself, not an application).
IOS-XR Configuration
router isis CORE
is-type is-is
net 49.0001.0010.0000.0001.00
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
address-family ipv6 unicast
metric-style wide
segment-routing mpls
!
interface Loopback0
passive
address-family ipv4 unicast
prefix-sid index 1
!
!
interface GigabitEthernet0/0/0/0
point-to-point
address-family ipv4 unicast
!
!
Key configuration points:
is-type is-is— this router is both L1 and L2 (default on IOS-XR)metric-style wide— mandatory for TE and SR (narrow metrics only support 0-63 per link)segment-routing mpls— enables SR prefix SIDs in IS-IS TLV advertisementsprefix-sid index 1— assigns a global Segment Routing node SID (SRGB base + index)
How Does Multi-Level IS-IS Design Work?
IS-IS uses a two-level hierarchy that maps naturally to SP network topology:
Level 1 (Access/Edge)
L1 routers know their local area topology. They send traffic to L1/L2 routers for destinations outside the area. L1 routers learn about the L2 backbone via the attach bit — when an L1/L2 router sets the attach bit in its L1 LSP, L1 routers install a default route toward it.
Level 2 (Backbone/Core)
L2 routers form the backbone and know the full inter-area topology. All L2 routers must be contiguous (like OSPF Area 0). L2 carries summary routes or explicit prefixes from all areas.
Level 1/2 (Border)
L1/L2 routers sit at the boundary between access and backbone. They participate in both L1 and L2 databases and perform route redistribution between levels.
[CE] --- [L1 PE] --- [L1/L2 P] === [L2 P Core] === [L1/L2 P] --- [L1 PE] --- [CE]
Area 49.0001 L2 Backbone Area 49.0002
Route Leaking Between Levels
By default, L2 routes are not visible to L1 routers — they use the default route via the attach bit. But sometimes you need specific L2 routes in L1 (for optimal routing or traffic engineering). This is route leaking:
router isis CORE
address-family ipv4 unicast
propagate level 2 into level 1 route-policy L2_TO_L1
Route leaking is a heavily tested CCIE SP topic. The lab may require you to selectively leak specific prefixes from L2 to L1 while maintaining default routing for everything else.
Overload Bit (OL Bit)
The overload bit signals that a router should not be used for transit traffic. Use cases:
- Maintenance — set OL bit before performing maintenance; traffic reroutes around the node
- Startup — set OL bit on boot until BGP has converged (prevents traffic blackholing)
router isis CORE
set-overload-bit on-startup wait-for-bgp
This is an essential operational technique tested on the CCIE SP lab.
How Does IS-IS Integrate with Segment Routing?
IS-IS and Segment Routing are the standard combination for modern SP backbone design in 2026. As we covered in our Segment Routing vs MPLS TE comparison, SR-MPLS with IS-IS has largely replaced traditional RSVP-TE in new SP deployments.
Prefix SIDs (Node SIDs)
A prefix SID is a globally unique Segment Routing identifier assigned to a router’s loopback prefix. It’s advertised in IS-IS via the Prefix SID sub-TLV within TLV 135 (extended IP reachability).
interface Loopback0
address-family ipv4 unicast
prefix-sid index 1 ← Global index, label = SRGB base + 1
Every router in the SR domain calculates the shortest path to each prefix SID and programs the corresponding MPLS label. No RSVP signaling, no LDP — just IS-IS doing what it already does, with an extra TLV.
Adjacency SIDs
An adjacency SID is a local label assigned to a specific IS-IS adjacency (link). It’s used for traffic engineering — steering traffic over a specific link rather than the shortest path. According to Cisco’s Segment Routing documentation, adjacency SIDs are advertised via the IS-IS Adjacency SID sub-TLV.
! Verify adjacency SIDs
show isis adjacency detail
show isis segment-routing label table
TI-LFA (Topology-Independent Loop-Free Alternate)
TI-LFA provides sub-50ms failover for SR-MPLS paths by pre-computing backup segment lists for every protected adjacency. Unlike traditional LFA (which only works in certain topologies), TI-LFA works in any topology — hence “topology-independent.”
According to QuistED.net’s FRR analysis, TI-LFA “is designed to provide sub-50ms recovery from link or node failures in IP/MPLS networks” using backup segment lists that steer traffic around the failure.
router isis CORE
address-family ipv4 unicast
fast-reroute per-prefix
fast-reroute per-prefix tiebreaker node-protecting index 100
Key Verification Commands
These commands should be muscle memory for CCIE SP candidates:
! IS-IS adjacency and database
show isis adjacency
show isis database detail
show isis route
! Segment Routing
show isis segment-routing label table
show isis segment-routing prefix-sid-map active
show mpls forwarding
! TI-LFA
show isis fast-reroute summary
show isis fast-reroute detail
show cef 10.0.0.2/32 detail ← shows backup path with segment list
What’s the Career Value of Mastering IS-IS?
SP network engineers who understand IS-IS at the CCIE level are in demand. As we covered in our CCIE SP salary analysis, CCIE SP holders earn $158K average with top earners exceeding $200K. The combination of IS-IS + Segment Routing expertise is particularly valued as SPs migrate from legacy MPLS-TE to SR-MPLS.
IS-IS knowledge also transfers to enterprise SDA deployments (Cisco SD-Access uses IS-IS as its underlay IGP) and data center fabrics (some DC designs use IS-IS as the underlay routing protocol).
Frequently Asked Questions
Why do service providers use IS-IS instead of OSPF?
IS-IS runs on CLNS (not IP), making it protocol-independent and able to carry IPv4, IPv6, and Segment Routing extensions through TLVs without protocol version changes. It has simpler flooding mechanics, fewer LSA types than OSPF, and scales better for large backbone networks.
What is NET addressing in IS-IS?
A Network Entity Title (NET) is the CLNS address that identifies an IS-IS router. Format: area-ID.system-ID.selector (e.g., 49.0001.1921.6800.1001.00). The system ID (6 bytes) uniquely identifies the router. The selector (00) indicates the router itself.
How does IS-IS integrate with Segment Routing?
IS-IS carries Segment Routing information via TLV extensions — prefix SIDs (node identifiers), adjacency SIDs (link identifiers), and SR algorithm sub-TLVs. This allows SR traffic engineering without RSVP-TE signaling. TI-LFA provides sub-50ms failover using backup segment lists.
What are the IS-IS TLVs that CCIE SP candidates must know?
Key TLVs: TLV 135 (extended IP reachability with TE metrics), TLV 235 (MT IPv6 reachability), TLV 22 (extended IS reachability for TE), and the SR Router Capability Sub-TLV.
How does IS-IS multi-level design differ from OSPF areas?
In IS-IS, area boundaries exist on links between routers, not on router interfaces like OSPF. A Level 1/2 router connects L1 (access) and L2 (backbone) domains. L1 routers use the attach bit to reach the L2 backbone via default routing.
IS-IS is the protocol that holds service provider networks together — from the backbone IGP to the Segment Routing control plane. Mastering it at the CCIE level means understanding not just the configuration, but the design decisions that make SP networks scale to millions of routes and thousands of nodes.
Ready to fast-track your CCIE journey? Contact us on Telegram @phil66xx for a free assessment.