This chapter is a literature review of intermediate system to intermediate system (IS-IS) routing protocol to provide basic security mechanisms against cyber-attacks and enhance network security. IS-IS was originally developed by the International Organization for Standardization (ISO) as a link state routing protocol. It was first built with the ability to route CLNPs or connectionless network protocols according to the OSI standard equal to IP. IS-IS is also developed so that it can accommodate routing for any layer three-based protocol. Internet Engineering Task Force (IETF) in 1990 specified the support for IP and introduced IPv6 extensions in 2000. IS-IS protocol implementation was written as modules in order for it to be distributed freely and easily installed on the GNU routing software. SourceForge.net supported the project and gave access for developers to easily contribute to the project. The chapter elaborates the ISIS routing protocol for network security and proposes a critical survey on security routing protocols.
TopIntroduction
Describe The IS-IS is an interior Gateway Protocol (IGPP) licensed by the IETF. It is commonly used for large network service provider. IS-IS provides rapid scalability and convergence based on a link-state routing protocol. It makes use of network bandwidth which makes it very efficient.
Cisco is one of the active IS-IS member group under IETF, they make most of the updates and enhancements in the protocol (Medhi & Ramasamy, 2018a). IS-IS was initially developed following the Digital Equipment Corporation DECNET phase 5 Network Technology.
In naming its protocol, IS-IS utilizes a terminology slightly different from the OSPF naming terminology. Packets sent to describe network topologies are termed link-state protocol data units. IP routes checksums and other information make up the PDUs.
All received information recorded in the received link-stated PDU are placed in their respective link state database just as in OSPF. IS-IS run the SPF algorithm contained in the link-state database. The shortest destination path on the network is determined and next destination placed depending on the outcome of calculations on the routing database (Cisco, n.d.a).
IS-IS functions on Layer 2 of OIS which separates it from other IP routing protocols. Large routing domains are supported using two-level hierarchy. Large domains can administratively be divided into different areas. Each system resides in one area in this form of routing. Level 1 routing refers to routing within same location while level 2 routing involves routing in different areas. Tracks of destination area path is recorded by a level 2 system while level 1 intermediate system records routing tracks in its area. Packets are sent by a level 1 IS to the closest level 2 IS not considering the destination of the packets for packets destined to another area. Packets move from routing level 2 to the targeted destination area, where it otherwise would have moved from routing level 1 to the target destination. Note, selecting an end destination from routing level 1 to the closest level 2 system might lead to a suboptimal packet routing.
As a control plane for IEEE 802.1aq SPB, IS-IS is usually applied. SPB allows forwarding based on shortest-path on a mesh network. Many paths with equal cost paths are used to make it possible. SPM provides support for large layer 2 topologies thereby improving the utilization of mesh topology and fast convergence. Small number of sub-TLVs and TLVs are used to augment IS-IS. The 802.lah and 802.lad providers are supported by IS-IS. No state machines and other substantive changes to IS-IS are required by SPB.
IS-IS operates from a high level as follows:
- •
Hello packets are sent out from routers running IS-IS to all interfaces with enabled IS-IS. This is done to identify neighbors and subsequently establish adjacencies.
- •
If a hello packet bears information meeting stated requirement and is sent from routers having common data link, an IS-IS neighborhood can then be created if all requirements for adjacency is met. Depending on the kind of media used, requirements for forming adjacency differs. The most important requirements considered are the MTU size, matching authentication and IS-type.
- •
Based on local interfaces of routers configured for IS-IS and prefixes information gotten from other routers, routers develop a link-state packet (LSP).
- •
Link-state databases are constructed by routers from LSPs.
- •
The shortest path routing table is created by computing the shortest-path tree (SPT) (Goralski, Gadecki, & Bushong, 2011).
TopInterior Gateway Routing Protocol
Protocols used for routing can be classified based of the purpose, operation and behavior.
Exterior Gateway Protocol (EGP) and Interior Gateway Protocol are classification based on purpose, Link-state protocol, distance vector protocol and path-vector protocol are classification based on operation while classless or classful protocol are classification based on operation.
Group of routers within a known administration is called autonomous system (AS). Example of such common administration includes an organization or a company. An ISP's network or the internal networks of a company are examples of an AS.
Internet is built on the basic concept of an AS. As a result, two routing protocols of IGP and EGP are considered: