Passive interface: OSPF vs IS-IS

In this short article, I would like to point out some similarities and differences in using passive-interface command between two link-states protocols Open Shortest Path First (OSPF) and Intermediate System to Intermediate System (IS-IS).

Topology

Passive-Interface

Every router has a Loopback0 configured with IP address X.X.X.X/32, where X is the router number, i.e R2 (2.2.2.2/32)
Transit links are configured with IP addresses 10.X.Y.0/24, where X and Y are adjacent router numbers, i.e. the link between R1 and R2 is 10.1.2.0/24
In this network, OSPF (area 0) is configured as well as IS-IS (area 49.0001, level-2 only)

Configuration

hostname R1
!
ip cef
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
 ip router isis 1
 ip ospf 1 area 0 
!
interface GigabitEthernet0/0
 ip address 10.1.2.1 255.255.255.0
 ip router isis 1
 ip ospf 1 area 0
!
router ospf 1
!
router isis 1
 net 49.0001.0000.0000.0001.00
 is-type level-2-only

hostname R2
!
ip cef
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 ip router isis 1
 ip ospf 1 area 0
!
interface GigabitEthernet0/0
 ip address 10.1.2.2 255.255.255.0
 ip ospf 1 area 0
!
interface GigabitEthernet0/1
 ip address 10.2.3.2 255.255.255.0
 ip router isis 1
 ip ospf 1 area 0
!
router ospf 1
 passive-interface GigabitEthernet0/0
!
router isis 1
 net 49.0001.0000.0000.0002.00
 is-type level-2-only
 passive-interface GigabitEthernet0/0

hostname R3
!
ip cef
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 ip router isis 1
 ip ospf 1 area 0
!
interface GigabitEthernet0/1
 ip address 10.2.3.3 255.255.255.0
 ip router isis 1
 ip ospf 1 area 0
!
router ospf 1
!
router isis 1
 net 49.0001.0000.0000.0003.00
 is-type level-2-only

Similarities

Let’s dive a bit into Link-State Database. I will check everything from the perspective R3 since LSDB should be the same on R2 and R3 since both routers are on the same area (OSPF) / level (IS-IS).

When the passive-interface is used (R2 GigabithEternet0/0) both protocols will continue to advertise the interface’s connected network (10.1.2.0/24).

Note: When network 10.1.2.0/24 is advertised by both protocols only 1 route goes into the RIB - OSPF one. It's because OSPF has lower administrative distance (110) than IS-IS (115).

OSPF

R3#show ip ospf database router 2.2.2.2

            OSPF Router with ID (3.3.3.3) (Process ID 1)

                Router Link States (Area 0)

! output omitted

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 10.1.2.0
     (Link Data) Network Mask: 255.255.255.0
      Number of MTID metrics: 0
       TOS 0 Metrics: 1

IS-IS

R3#show isis database R2.00-00 detail

IS-IS Level-2 LSP R2.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
R2.00-00              0x00000004   0xC30A        1186              0/0/0
  Area Address: 49.0001
  NLPID:        0xCC 
  Hostname: R2
  Metric: 10         IS R3.01
  IP Address:   10.2.3.2
  Metric: 0          IP 10.1.2.0 255.255.255.0
  Metric: 10         IP 10.2.3.0 255.255.255.0

R2 stops sending Hellos on GigabithEthernet0/0 interface and any Hellos received on that interface are no longer processed. Both IGPs send Hellos only on GigabitEthernet0/1 (to R3). Obviously, R2 makes a neighbor relationship with R3 only.

R1 is sending Hellos to R2, but they are not shown in the output - they are simply discarded.

OSPF

R2#debug ip ospf hello 
OSPF hello debugging is on
*Dec 28 20:22:09.584: OSPF-1 HELLO Gi0/1: Rcv hello from 3.3.3.3 area 0 10.2.3.3
*Dec 28 20:22:09.623: OSPF-1 HELLO Gi0/1: Send hello to 224.0.0.5 area 0 from 10.2.3.2


R2#undebug all

IS-IS

R2#debug isis adj-packets 
IS-IS Adjacency related packets debugging is on for router process 1

*Dec 28 20:26:27.123: ISIS-Adj: Sending L2 LAN IIH on GigabitEthernet0/1, length 1497
*Dec 28 20:26:27.467: ISIS-Adj: Rec L2 IIH from 5000.0003.0001 (GigabitEthernet0/1), cir type L2, cir id 0000.0000.0003.01, length 1497, ht(10)
*Dec 28 20:26:27.467: ISIS-Adj: he_knows_us 1, old state 0, new state 0, level 2

R2#undebug all

Differences

OSPF

When the passive-interface command is used, a connected subnet is not advertised unless there is a match with a network command or there is command ip ospf <process number> area <area number> on the interface.

Notice what happens, when the command ip ospf 1 area 0 is removed from R2’s GigabitEthernet0/0. The network is no longer in the database even though passive-interface command is still there.

R2(config)#int GigabithEthernet0/0
R2(config-if)#no ip ospf 1 area 0 

R2#show run | s router ospf 1
router ospf 1
 passive-interface GigabitEthernet0/0

R3#show ip ospf database router 2.2.2.2 | include 10.1.2.0
R3#

IS-IS

When the passive-interface command is used, a connected subnet is auto-magically advertised. There is no need to explicitly enable IS-IS on the interface.

R2#show run int GigabithEthernet0/0

interface GigabitEthernet0/0
 ip address 10.1.2.2 255.255.255.0
end

R3#show isis database R2.00-00 detail | include 10.1.2.0
  Metric: 0          IP 10.1.2.0 255.255.255.0

Topology#

Configuration#

Similarities#

Differences#

Topology

Configuration

Similarities

Differences