Additionally _no_ exising IGP has anything resembling protection from malfunctioning routing software _or_ malicious or negligient operators of host-based rotuing software. I had to track down people
Not entirely true - host based routing software run by users who aren't meant to be running it can be superficially guarded against by using authentication keys, or by sensible design (i.e. don't run IGPs on links with hosts on, or filter them out, possibly at L2). In any case, if your users want to be malicious with "routing" (in the broadest sense), ARP is a fabulous user-available protocol that is easier to break a LAN with than an IGP, and such evilnesses as proxy-ARP making this doubly easy for the clue-free. Indeed CDMA media are notoriously easilly breakable as you note...
to go up and down. A typical scenario can be like: connecting a PC with a broken NIC card to an Ethernet segment can easily cause massive
...entirely without the aid of IGPs. Your point is (I take it) that IGPs react to magnify the damage. Your next point is:
In other words, dynamic routing is very brittle, and requires quite a lot of care to make sure it works right, and that a single-point ... Did you notice that it takes a highly trained specialist with appropriate (and rather expensive) equipment to diagnose and fix a problem in a Mercedes? A hammer and few expletitives usually suffice for a Packard.
Yes, but this is because IGPs react in a predictably clueless manner. Static routing requires network operators to work round connectivity failures, to load balance, and to distribute configurational reachability information. Unfortunately, as you note later in your email, there is a tendancy for network operators to operate in an *un*predictably clueless manner. This is even worse than an IGP. I've seen networks configured completely with static routes that only worked because of proxy ARP (every defused a live bomb?).
problems. An average corporate MIS department is best characterized as clueless ... In other words, you're advising kids who don't yet know how to hold a hammer to start using chain saw. In a situation like that i would expect a lot of cut-off bodily parts.
That depends on how easy the IGP is to misconfigure compared to the static routing, and probably depends on the size of the network, the number of possible valid paths, and the rate of (configurational) change. For a small network you are correct (think UIs where all IGPs required typing the magic incantation "ip classless" and "ip subnet-zero" and how many support desk calls *that* incorrect default caused). For large networks, even if the IGP falls apart totally when one link flaps, its disfunctionality may be less than the clueless operators ability to break static routing. IMHO OSPF isn't too bad here, as (a) hosts in general don't try and speak it by default (b) the configuration (even if you put it all in area 0) is difficult for the clueless to substantially break, and (c) provided you've protected your host LANs from things which would break them anyway, it adds minimal collateral damage and gives reasonably easy reconfiguration. Clueful use of IGPs, or statics, hammers, chain-saws etc. is, however, always preferably to their use without clue. And people only get real clue with IGPs by seeing them melt, which normally means (mis)using them. -- Alex Bligh GX Networks (formerly Xara Networks)