Disable L1 default route in IS-IS

From CT3

The L2 routers in the IS-IS routing protocol injects the default route into attached level-1 areas, giving the L1 routers a default path toward the backbone (IS-IS is very similar to OSPF with totally stubby routes). This behavior is desirable in enterprise networks (which can rely on default routing from the backbone), but could cause significant problems in large Service Provider networks that operate in default-free part of the Internet.

Theory of operation

When the L2 routers advertise their LSPs into L1 areas, they set a special attached bit in the LSP indicating that they have connectivity with the L2 network backbone. L1 routers select the closest L2 router as their exit point into the backbone. When IS-IS is used for IP routing, L1 IS-IS routers insert default route into the IP routing table pointing to the nearest router in the L1 area that advertises the attached bit.

If you don’t want to have the IS-IS-generated default route in L1 areas, you have to disable the generation of the attached bit in all L1/L2 routers attached to the area.

According to the IS-IS specifications, L1/L2 routers should set the attached bit to guarantee end-to-end reachability across IS-IS networks. If you disable this functionality, you have to provide other means to ensure visibility between L1 routers in different areas, for example L2-to-L1 route leaking.

Implementation in Cisco IOS

The generation of the attached bit by a L1/L2 router is controlled with the set-attached-bit router configuration command. This command uses a route-map to determine whether the attached bit should be set or not. The route map used by the set-attached-bit command must use a match clns address statement that matches a CLNS filter-set.

To disable generation of L1 default route, you should use a CLNS filter-set that does not match any CLNS prefix in your network. A sample configuration of an L1/L2 IS-IS router is included. The configuration disables the generation of default route into L1 area and leaks selected L2 routes (BGP next hops) from the backbone into L1 area to provide end-to-end connectivity for traditional BGP implementations, Internet-over-MPLS or MPLS VPN services.

router isis
 net 49.0001.0000.0000.0003.00
 set-attached-bit route-map NoDefault
 log-adjacency-changes
 redistribute isis ip level-2 into level-1 distribute-list 150
!
route-map NoDefault permit 10
 match clns address NoSuchArea
!
clns filter-set NoSuchArea permit 99.9999
!
access-list 150 permit ip 10.0.1.0 0.0.0.255 host 255.255.255.255
access-list 150 remark Match loopback addresses - host routes in 10.0.1.0/24 space