| Internet-Draft | IS-IS Database Fingerprinting | July 2026 |
| Westphal & Przygienda | Expires 2 January 2027 | [Page] |
In large IS-IS networks it is useful to quickly verify whether the link-state databases on all routers have synchronized properly and to derive a rough metric of flooding diffusion behavior. This document proposes a lightweight database fingerprinting mechanism for IS-IS along with YANG model extensions providing easy access to such information.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 2 January 2027.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
In large IS-IS networks in stable state it is useful to observe whether all databases have synchronized properly and derive the delays involved in the propagation of information across the network.¶
This document defines a database fingerprinting mechanism that allows for quick validation of database synchronization across all nodes. A node implementing this specification computes a fingerprint over all fragments per level. The fingerprint includes the time difference from the last fingerprint change which facilitates measurement of flooding behavior across the network.¶
Aged out LSPs are excluded from the fingerprint calculation.¶
A reference checksum algorithm for a fragment is given in Appendix A. The overall fingerprint is the XOR of all fragment checksums.¶
This document uses the graphical representation of data models per [RFC8340].¶
The following shows the tree diagram of the module:¶
module: ietf-isis-database-checksumming
augment /rt:routing/rt:control-plane-protocols
/rt:control-plane-protocol/isis:isis
/isis:database/isis:levels:
+--rw fingerprint
+--rw value? uint64
+--rw last-update? uint32
¶
The following is the YANG module:¶
<CODE BEGINS> file "ietf-isis-database-checksumming@2026-06-26.yang"
module ietf-isis-database-checksumming {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-isis-database-checksumming";
prefix isis-db-csum;
import ietf-routing {
prefix rt;
reference
"RFC 8349: A YANG Data Model for Routing
Management (NMDA Version)";
}
import ietf-isis {
prefix isis;
reference
"RFC 9130: YANG Data Model for the IS-IS Protocol";
}
organization
"IETF LSR - LSR Working Group";
contact
"WG Web: <https://datatracker.ietf.org/wg/lsr>
WG List: <mailto:mpls@ietf.org>
Author: Renato Westphal
<renato@netdef.org>
Author: Tony Przygienda
<mailto:antoni.przygienda@hpe.com>
Author: Colby Barth
<mailto:colby.barth@hpe.com>
";
description
"The YANG module augments the base IS-IS YANG data model with
operational state related to IS-IS LSDB fingerprinting.
Copyright (c) 2026 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Revised BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.";
reference
"RFC XXXX: IS-IS Database Fingerprinting";
revision 2026-06-26 {
description
"Initial Version";
reference
"RFC XXXX: IS-IS Database Fingerprinting";
}
/* LSDB fingerprint */
augment "/rt:routing/rt:control-plane-protocols/"
+ "rt:control-plane-protocol/isis:isis/isis:database/"
+ "isis:levels" {
when "derived-from-or-self(../../../rt:type, 'isis:isis')" {
description
"This augment ISIS routing protocol when used";
}
container fingerprint {
description
"Information about the LSDB fingerprint for this level.";
leaf value {
type uint64;
description
"A 64-bit fingerprint derived from the set of LSPs at this
level.
The fingerprint is computed by XOR-combining a per-LSP
component value for each LSP whose remaining lifetime is
non-zero. The per-LSP component value is derived from the
LSP identifier, the LSP checksum, and the LSP length, as
specified in Appendix A of RFC XXXX.
The fingerprint is intended for detecting potential LSDB
synchronization differences. Different values indicate
different LSDB contents; identical values do not guarantee
equivalence due to possible collisions.";
}
leaf last-update {
type uint32;
units "seconds";
description
"Time elapsed since the fingerprint for this level's LSDB
was last updated.";
}
}
}
}
<CODE ENDS>¶
The fingerprint mechanism defined in this document is purely informational and does not influence protocol behavior. It does not introduce new attack vectors beyond those inherent in IS-IS itself. The fingerprint value is derived from information already present in the LSDB and does not leak additional data.¶
TBD¶
<CODE BEGINS>
pub(crate) fn lsdb_fingerprint_component(&self) -> u64 {
let mut result: u64 = 0;
let system_id: &[u8] = self.lsp_id.system_id.as_ref();
for i in system_id.iter().chain(&[self.lsp_id.pseudonode]) {
result <<= 8;
result ^= *i as u64;
}
// fragment checksum
result ^= (self.cksum as u64) << 48;
// This is equal to the PDU length advertised by the fragment
result ^= (self.raw.len() as u64) << 32;
result
}
<CODE ENDS>