Isis ip reachability removal

[Abdelfatah26]

Change Scope

Add Hierarchical IP Reachability Suppression to IS-IS.

In large-scale IP networks, advertising transit link IP addresses (TLVs 135/236 into the IGP (IS-IS) dramatically increases the routing table size without adding functional value, as only loopback interfaces (configured as passive interfaces) require global reachability for BGP next-hop resolution.

This PR introduces a highly flexible, hierarchical IP reachability suppression scheme within the OpenConfig IS-IS model supporting Global, Level, and Interface level contexts with clean inheritance rules:

• Global Context: Introduces suppress-interface-ip under /isis/global/afi-safi/af/config/ (Type: suppress-interface-ip-mode with default "NONE"), offering instance-wide default suppression control.
• Level Context: Introduces suppress-interface-ip under /isis/levels/level/afi-safi/af/config/ to allow level-specific overrides, inheriting directly from the global configuration when left unconfigured.
• Interface Override: Adds a clean boolean suppress leaf under /isis/interfaces/interface/afi-safi/af/config/ allowing operators to explicitly suppress (true) or force advertisement (false) of a single interface's prefix, falling back to level/global policies if unconfigured.

---

Platform Implementations

IP Reachability Suppression Support:

Implementation	Command Syntax / Configuration Capability
Arista EOS	Supports global prefix suppression via advertise ip-reachability passive-only command under router isis to suppress TLVs 135/236.
Cisco IOS-XR	Supports prefix suppression globally and per-AFI/SAFI via the advertise passive-only address-family command under router isis, along with the suppressed keyword for per-interface overrides.
Juniper Junos	Achieves prefix suppression dynamically using a standard export policy applied under protocols isis that accepts passive loopback prefixes while rejecting active transit link direct routes.
Nokia SR-OS	Supports global prefix suppression using the advertise-passive-only command under the config>router>isis context.

---

Tree View

1. Global Context (/isis/global/afi-safi)

module: openconfig-network-instance
  +--rw network-instances
     +--rw network-instance* [name]
        +--rw protocols
           +--rw protocol* [identifier name]
              +--rw isis
                 +--rw global
                    +--rw afi-safi
                       +--rw af* [afi-name safi-name]
                          +--rw afi-name    -> ../config/afi-name
                          +--rw safi-name   -> ../config/safi-name
                          +--rw config
                          |  +--rw afi-name?                identityref
                          |  +--rw safi-name?               identityref
                          |  +--rw metric?                  uint32
                          |  +--rw enabled?                 boolean
                          |  +--rw max-ecmp-paths?          uint8
+                         |  +--rw suppress-interface-ip?   oc-isis-types:suppress-interface-ip-mode
                          +--ro state
                             +--ro afi-name?                identityref
                             +--ro safi-name?               identityref
                             +--ro metric?                  uint32
                             +--ro enabled?                 boolean
                             +--ro max-ecmp-paths?          uint8
+                            +--ro suppress-interface-ip?   oc-isis-types:suppress-interface-ip-mode

2. Protocol Level Context (/isis/levels/level)

module: openconfig-network-instance
  +--rw network-instances
     +--rw network-instance* [name]
        +--rw protocols
           +--rw protocol* [identifier name]
              +--rw isis
                 +--rw levels
                    +--rw level* [level-number]
+                      +--rw afi-safi
+                         +--rw af* [afi-name safi-name]
+                            +--rw afi-name    -> ../config/afi-name
+                            +--rw safi-name   -> ../config/safi-name
+                            +--rw config
+                            |  +--rw afi-name?                identityref
+                            |  +--rw safi-name?               identityref
+                            |  +--rw suppress-interface-ip?   oc-isis-types:suppress-interface-ip-mode
+                            +--ro state
+                               +--ro afi-name?                identityref
+                               +--ro safi-name?               identityref
+                               +--ro suppress-interface-ip?   oc-isis-types:suppress-interface-ip-mode

3. Interface Context (/isis/interfaces/interface/afi-safi)

module: openconfig-network-instance
  +--rw network-instances
     +--rw network-instance* [name]
        +--rw protocols
           +--rw protocol* [identifier name]
              +--rw isis
                 +--rw interfaces
                    +--rw interface* [interface-id]
                       +--rw afi-safi
                          +--rw af* [afi-name safi-name]
                             +--rw afi-name    -> ../config/afi-name
                             +--rw safi-name   -> ../config/safi-name
                             +--rw config
                             |  +--rw afi-name?                identityref
                             |  +--rw safi-name?               identityref
                             |  +--rw metric?                  uint32
                             |  +--rw enabled?                 boolean
+                            |  +--rw suppress?                boolean
                             +--ro state
                                +--ro afi-name?                identityref
                                +--ro safi-name?               identityref
                                +--ro metric?                  uint32
                                +--ro enabled?                 boolean
+                               +--ro suppress?                boolean

4. Enumeration Definition Reference

typedef suppress-interface-ip-mode {
  type enumeration {
    enum NONE {
      description
        "Do not suppress IP reachability on any interface.";
    }
    enum ALL {
      description
        "Suppress IP reachability on all interfaces in this level/address-family.";
    }
    enum NON_PASSIVE {
      description
        "Suppress IP reachability on all non-passive (active) interfaces.";
    }
    enum NON_PASSIVE_POINT_TO_POINT {
      description
        "Suppress IP reachability on non-passive (active) point-to-point interfaces only.";
    }
  }
  description
    "Mode for interface IP reachability suppression.";
}

[gemini-code-assist]

Code Review

This pull request implements IP reachability suppression for IS-IS across global, level, and interface contexts, including a new suppression mode enumeration. Review feedback focuses on aligning the interface-level suppression path with the PR description, clarifying inheritance terminology, and ensuring consistency by adding standard configuration leaves to the new level-specific AFI-SAFI lists.

[gemini-code-assist]

The implementation adds the suppress leaf to isis-if-afi-safi-list, which corresponds to the path /isis/interfaces/interface/levels/level/afi-safi. However, the PR description and tree view (point 3) specify the path /isis/interfaces/interface/afi-safi. To align with the description and provide a global interface override, this leaf should also be added to isis-if-global-afi-safi-list.

[gemini-code-assist]

The term global level configuration is ambiguous in the context of IS-IS levels. It is clearer to refer to the global address-family configuration to indicate inheritance from /isis/global/afi-safi.

        If not specified, the value is inherited from the global address-family configuration.

[gemini-code-assist]

The new afi-safi list at the level context is missing standard configuration leaves such as metric and enabled, which are present in other AFI-SAFI lists in this module. Adding these would ensure consistency and allow for level-specific overrides of these parameters.

        uses isis-afi-safi-config;
        uses isis-metric-config;
        uses rt-admin-config;
        uses isis-reachability-level-config;

[gemini-code-assist]

Ensure the state container for the level-specific AFI-SAFI list also includes the metric and enabled parameters for consistency with the config container.

        uses isis-afi-safi-config;
        uses isis-metric-config;
        uses rt-admin-config;
        uses isis-reachability-level-config;

[rgwilton]

Hi,

Your description had this comment:

suppress TLVs 132/232 (which other vendors often suppress by default for P2P interfaces). Do all the other vendors that you listed above except Arista, i.e. Cisco, Juniper, Nokia all do this suppression by default? I.e., I'm wondering whether it makes semantic sense to control the suppression behaviour of both TLVs 135/235 and TLVs 132/232 in a single command (i.e., as per the enum).

[rszarecki]

1. I agree with rgwilton: TLV 135/236 (reachability) and TLV 132/232 (interface IP) shall have separate and distinct suppression leafs.

• YANG files do only make reference to reachability TLV 135/236. I would suggest to change leaf names to supress-interface-reachability and supress-reachability.
• As for interface IP TLV (132/232) either add separate leafs suppress-interface-ip, or take it out of this PR completly.

2. The descriptions of PR and descriptions in YANG files refers to TLV 235 (MT IP. Reach; RFC5120). I belive this is mistake/typo and intent was TLV 236 (IPv6 IP. Reach; RFC5308).

[navaneethyv]

Ready for reviews.

[Abdelfatah26]

Hi,

Your description had this comment:

suppress TLVs 132/232 (which other vendors often suppress by default for P2P interfaces). Do all the other vendors that you listed above except Arista, i.e. Cisco, Juniper, Nokia all do this suppression by default? I.e., I'm wondering whether it makes semantic sense to control the suppression behaviour of both TLVs 135/235 and TLVs 132/232 in a single command (i.e., as per the enum).

Thanks rgwilton for the comment. The primary goal of this PR is the suppression of IPv4/IPv6 IP-reachability TLVs. I agree that TLVs 135/236 and 132/232 should have separate leafs.

[Abdelfatah26]

1. I agree with rgwilton: TLV 135/236 (reachability) and TLV 132/232 (interface IP) shall have separate and distinct suppression leafs.

• YANG files do only make reference to reachability TLV 135/236. I would suggest to change leaf names to supress-interface-reachability and supress-reachability.
• As for interface IP TLV (132/232) either add separate leafs suppress-interface-ip, or take it out of this PR completly.

2. The descriptions of PR and descriptions in YANG files refers to TLV 235 (MT IP. Reach; RFC5120). I belive this is mistake/typo and intent was TLV 236 (IPv6 IP. Reach; RFC5308).

Thanks @rszarecki for the feedback

1. Totally agree
2. I will update the leaf names
3. Good catch, I've fixed the typo