Solved: IS-IS NET Structure

Mitrixsen · ‎01-06-2026

Hello, everyone.

I've read a Cisco Live presentation which explains the identifier (NET) for an IS-IS router the following way:

Apparently, the whole Area Address field consists of AFI (this defines how to interpret the rest of the address), IDI, and HO-DSP (this is where we enter the area number).

What confuses me in this case is what exactly is the area number here? If I configure a NET like 47.0004.31ac.0012.2222.2222.2222.00. Is the area number in this case 0012 or 47.0004.31ac.0012? The router includes it the following way in Wireshark:

This, however, is the whole Area address which also contains the specific Area number. Is there a difference between what an Area Address and an Area is?

I’ve tried changing the AFI or Domain while keeping the Area number the same and my routers formed only a L2 adjacency so I don’t think they considered the area to be the same.

Thank you

David

M02@rt37 · ‎01-06-2026

Hello David,

Info here:https://datatracker.ietf.org/doc/html/rfc1195 ; chapter 3.3.

In that RFC the "Area" filed is defined as a subfield inside the NSAP/NET format, but ISIS does no treat that field alone on the routing area; operationnally, the entire Area address (AFI + IDI/RD + Area field) is what defines an ISIS area, and L1 adjacency requires an exact math of the full area address, which is why changing AFI or domain while keeping the "Area" field the same breaks L1 and leaves only L2.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

Cristian Matei · ‎01-06-2026

Hi,

IS-IS NET (Network Entity Title) address is a variable-length CLNS address (8-20 bytes) uniquely identifying a router, formatted as Area ID (variable 1-3 bytes value) + System ID (fixed 6 byte value) + NSEL (fixed 1 byte value). Usually, how you read the NET address is from right to left, not from left to right; so from right to left, you remove the 7 bytes (System ID + NSEL values) and you end up with the area ID.

As IS-IS was initially used for the OSI stack, the first variable 13 bytes were further divided into AFI + Domain + Area / OSI NSAP format, each of these divisions having different scopes. Nowadays, as we speak about Integrated IS-IS, which is almost entirely used for IP networks, the first variable 13 bytes represent the Area ID, the initial subdivision of this NET portion is no longer relevant / ignored. So, if you want to perform a level-1 adjacency, the two systems need a perfect match on the first 13 byte value of the NET address, aka being in the same area.

E.g, one side has the first 13 bytes value of 49.000a.000a.000a and the other side 49.000a.000a, no level 1 adjacency ca be formed; same if one side has the first 13 bytes value of 74.000a.000a.000a and the other side 49.000a.000a.00aa, no level 1 adjacency can be formed; however if both sides have the same value for the first 13 bytes, like 49.000b.000b, level 1 adjacency can be formed. In all of these cases, for level 1 adjacency to be formed, you need the IS type (global ISIS configuration) to be level-1 or level-1-2 and the Circuity Type (interface level configuration) to be level-1 or level-1-2. Default on Cisco platforms is level-1-2 for both IS Type and Circuit Type.

Thanks,

Cristian.

View solution in original post

M02@rt37 · ‎01-06-2026

Hello David,

Info here:https://datatracker.ietf.org/doc/html/rfc1195 ; chapter 3.3.

In that RFC the "Area" filed is defined as a subfield inside the NSAP/NET format, but ISIS does no treat that field alone on the routing area; operationnally, the entire Area address (AFI + IDI/RD + Area field) is what defines an ISIS area, and L1 adjacency requires an exact math of the full area address, which is why changing AFI or domain while keeping the "Area" field the same breaks L1 and leaves only L2.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Cristian Matei · ‎01-06-2026

Hi,

IS-IS NET (Network Entity Title) address is a variable-length CLNS address (8-20 bytes) uniquely identifying a router, formatted as Area ID (variable 1-3 bytes value) + System ID (fixed 6 byte value) + NSEL (fixed 1 byte value). Usually, how you read the NET address is from right to left, not from left to right; so from right to left, you remove the 7 bytes (System ID + NSEL values) and you end up with the area ID.

As IS-IS was initially used for the OSI stack, the first variable 13 bytes were further divided into AFI + Domain + Area / OSI NSAP format, each of these divisions having different scopes. Nowadays, as we speak about Integrated IS-IS, which is almost entirely used for IP networks, the first variable 13 bytes represent the Area ID, the initial subdivision of this NET portion is no longer relevant / ignored. So, if you want to perform a level-1 adjacency, the two systems need a perfect match on the first 13 byte value of the NET address, aka being in the same area.

E.g, one side has the first 13 bytes value of 49.000a.000a.000a and the other side 49.000a.000a, no level 1 adjacency ca be formed; same if one side has the first 13 bytes value of 74.000a.000a.000a and the other side 49.000a.000a.00aa, no level 1 adjacency can be formed; however if both sides have the same value for the first 13 bytes, like 49.000b.000b, level 1 adjacency can be formed. In all of these cases, for level 1 adjacency to be formed, you need the IS type (global ISIS configuration) to be level-1 or level-1-2 and the Circuity Type (interface level configuration) to be level-1 or level-1-2. Default on Cisco platforms is level-1-2 for both IS Type and Circuit Type.

Thanks,

Cristian.

Mitrixsen · ‎01-06-2026

Hello Cristian.

Well explained. I've also read what M02@rt37 provided and the RFC defines the address this way:

I've most likely been also configuring the DFI, AA, (whatever Reserved is), RD, and so on without realizing, thinking it was all the area ID.

So if I understand this right, this whole subdivision of the Area address (AFI, Domain, and so on) isn't relevant when configuring modern IS-IS? I've seen some people configure the NET starting with 49 (since that AFI is supposed to represent private networks) but is that only for convention? I've used different AFI values and so on and nothing really happened, everything worked the same, the address wasn't read or represented differently, and so on.

Thank you guys!

David

M02@rt37 · ‎01-06-2026

Using AFI '49' is purely convention, inherited from ISO/CLNS to indicate a private adressing domain, and widely adopted because it avoid clashes and looks familiar, not because IS-IS behaves differently...

This is why we can change AFI, RD, or other subfields and see no functional difference except adjacency level changes: ISIS neither validates nor decodes those fields in IP-only deployments—it treats the area address as an "opaque" identifier !

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Cristian Matei · ‎01-06-2026

Hi,

Yes, all of your statement are on the spot. However, to avoid weird bugs, I recommend defining the area ID to always start with 49. I've been working for vendors and have become pretty intimate with the internal development / testing structure. Imagine that the QA department automation most probably doesn't test using all the possible values of the first byte, however for sure testing is done with the value 49 as the first byte, this still being the most commonly deployed / used value.

Thanks,

Cristian.