On Thu, 18 Jun 2020 at 13:28, Robert Raszuk <robert@raszuk.net> wrote:
To your IGP point let me observe that OSPF runs over IP and ISIS does not. That is first fundamental difference. There are customers using both all over the world and therefore any suggestion to just use OSPFv3 is IMHO quite unrealistic. Keep in mind that OSPF hierarchy is 2 (or 3 with super area) while in IETF there is ongoing work to extend ISIS to 8 levels. There is a lot of fundamental differences between those two (or three) IGPs and I am sure many folks on the lists know them. Last there is a lot of enterprise networks happily using IPv4 RFC1918 all over their global WAN and DCs infrastructure and have no reason to deploy IPv6 there any time soon.
I view the 802.3 and CLNS as liability, not an asset. People who actually route CLNS are a dying breed, think just DCN of a legacy optical. Many platforms have no facilities to protect ISIS, any connected attacker can kill the box. Nokia handles generated packets classification by assigning DSCP value to application then DSCP to forwarding-class, which precludes from configuring ISIS qos. Very few people understand how ISIS works before ISIS PDU is handed to them, world from 802.3 to that is largely huge pile of hacks, instead of complete CLNS stack implementation. There is no standard way to send large frames over 802.3, so there is non-standard way to encap ISIS for those links. Also due to lack of LSP roll-over, ISIS is subject to a horrible attack vector which is very difficult to troubleshoot and solve. -- ++ytti