On 10/Nov/16 21:43, Baldur Norddahl wrote:
And at the day work I also prefer OSPFv2 simply because I do not need more protocols in the stack. We are running a MPLS network with the internet service in a L3VPN. IPv6 is also in the L3VPN. This means the underlying network is pure IPv4 and totally isolated from the internet. Why make it more complicated by introducing something that is not IP based?
I'd counter that "Why not make it less complicating by removing an easily-reachable attack vector?" Sure, you can easily protect your OSPF domain from external attack, but that's something your router CPU and/or data plane would have to deal with it had to, and we've all seen situations where filters break in certain code for various reasons. Or vendors change the way filtering works in newer code without properly notifying customers about such changes. Mark.