Alex P. Rudnev <alex@Relcom.EU.net> wrote:
The real answer - do static routing whereever you have only a single path for packets to go thru. To eliminate mistakes, generate configuration automatically from master maps kept at network engineering computers.
This case OSPF do the same thing - generate routes when it started up; and no doubt it do less mistales then the human person.
No, it doesn't do the same thing - the difference is about the same as the difference between compile-time and run-time type checking. OSPF (and any other dynamic routing protocol) introduces and removes routes every time a link or device goes up or down - or perceived to go up and down. A typical scenario can be like: connecting a PC with a broken NIC card to an Ethernet segment can easily cause massive packet loss, causing rapid route flap which basically infects the entire backbone. If that backbone carries even a fraction of full exterior routing table, this would cause loss of coherence between routing tables and persistent routing loops. Additionally _no_ exising IGP has anything resembling protection from malfunctioning routing software _or_ malicious or negligient operators of host-based rotuing software. I had to track down people who enable gated on their linux boxes just for the fun of it, and screw the entire network up in the process, more times than i care to count. In other words, dynamic routing is very brittle, and requires quite a lot of care to make sure it works right, and that a single-point failure won't affect the significant portion of the network. If you would claim that you ever did an analysis like that for any real network i'd have to ask you to enlighten all of us about the obviously break-through novel network design technique you're using.
No, the comparation between OSPF and STATIC looks like the comparation between the old (from 1950 year) and modern (Mersedess-600) cars - the first is very simple implemented and difficult to drive; the second is very complex implemented but very simple to drive (but if you are to be starving on the unhabitant ireland with the good roads, you'll choose the first car; but it seemd for me you just choose something more complex in the real life).
Did you notice that it takes a highly trained specialist with appropriate (and rather expensive) equipment to diagnose and fix a problem in a Mercedes? A hammer and few expletitives usually suffice for a Packard. That's the real difference. People who understand routing protocols and how they interact with level-2 transport are still extremely rare and rather expensive. Even the major ISPs here in US have serious staffing problems. An average corporate MIS department is best characterized as clueless (what other explanation is here for the Microsoft dominance? :) In other words, you're advising kids who don't yet know how to hold a hammer to start using chain saw. In a situation like that i would expect a lot of cut-off bodily parts.
PS. And if someone use STATIC widely, a few years ago some other person should be sitting for a few days and flame the first one digging through a heaps of the static routes /it's real example from my life/.
At least he'll be able to understand what's broke when the network goes down. BTW, dealing with heaps of statics is very simple: do a numbering plan first, so the routes are aggregable. That is helpful for dynamic routing, too. --vadim
Additionally _no_ exising IGP has anything resembling protection from malfunctioning routing software _or_ malicious or negligient operators of host-based rotuing software. I had to track down people
Not entirely true - host based routing software run by users who aren't meant to be running it can be superficially guarded against by using authentication keys, or by sensible design (i.e. don't run IGPs on links with hosts on, or filter them out, possibly at L2). In any case, if your users want to be malicious with "routing" (in the broadest sense), ARP is a fabulous user-available protocol that is easier to break a LAN with than an IGP, and such evilnesses as proxy-ARP making this doubly easy for the clue-free. Indeed CDMA media are notoriously easilly breakable as you note...
to go up and down. A typical scenario can be like: connecting a PC with a broken NIC card to an Ethernet segment can easily cause massive
...entirely without the aid of IGPs. Your point is (I take it) that IGPs react to magnify the damage. Your next point is:
In other words, dynamic routing is very brittle, and requires quite a lot of care to make sure it works right, and that a single-point ... Did you notice that it takes a highly trained specialist with appropriate (and rather expensive) equipment to diagnose and fix a problem in a Mercedes? A hammer and few expletitives usually suffice for a Packard.
Yes, but this is because IGPs react in a predictably clueless manner. Static routing requires network operators to work round connectivity failures, to load balance, and to distribute configurational reachability information. Unfortunately, as you note later in your email, there is a tendancy for network operators to operate in an *un*predictably clueless manner. This is even worse than an IGP. I've seen networks configured completely with static routes that only worked because of proxy ARP (every defused a live bomb?).
problems. An average corporate MIS department is best characterized as clueless ... In other words, you're advising kids who don't yet know how to hold a hammer to start using chain saw. In a situation like that i would expect a lot of cut-off bodily parts.
That depends on how easy the IGP is to misconfigure compared to the static routing, and probably depends on the size of the network, the number of possible valid paths, and the rate of (configurational) change. For a small network you are correct (think UIs where all IGPs required typing the magic incantation "ip classless" and "ip subnet-zero" and how many support desk calls *that* incorrect default caused). For large networks, even if the IGP falls apart totally when one link flaps, its disfunctionality may be less than the clueless operators ability to break static routing. IMHO OSPF isn't too bad here, as (a) hosts in general don't try and speak it by default (b) the configuration (even if you put it all in area 0) is difficult for the clueless to substantially break, and (c) provided you've protected your host LANs from things which would break them anyway, it adds minimal collateral damage and gives reasonably easy reconfiguration. Clueful use of IGPs, or statics, hammers, chain-saws etc. is, however, always preferably to their use without clue. And people only get real clue with IGPs by seeing them melt, which normally means (mis)using them. -- Alex Bligh GX Networks (formerly Xara Networks)
OSPF has passwords. While it has to be the same on all links, it still locks out the wise guys with old version of GateD. As for folks who understand this stuff deeply, while we may be rare it is sometimes difficult to get the word out when oneself is available for a project. Furthermore, I've had ridiculously low offers ($70k from UUNET). ----- Original Message ----- From: Vadim Antonov <avg@kotovnik.com> To: <alex@Relcom.EU.net> Cc: <nanog@merit.edu> Sent: Monday, September 13, 1999 4:37 PM Subject: Re: IS-IS reference
Alex P. Rudnev <alex@Relcom.EU.net> wrote:
The real answer - do static routing whereever you have only a single path for packets to go thru. To eliminate mistakes, generate configuration automatically from master maps kept at network engineering computers.
This case OSPF do the same thing - generate routes when it started up; and no doubt it do less mistales then the human person.
No, it doesn't do the same thing - the difference is about the same as the difference between compile-time and run-time type checking.
OSPF (and any other dynamic routing protocol) introduces and removes routes every time a link or device goes up or down - or perceived to go up and down. A typical scenario can be like: connecting a PC with a broken NIC card to an Ethernet segment can easily cause massive packet loss, causing rapid route flap which basically infects the entire backbone. If that backbone carries even a fraction of full exterior routing table, this would cause loss of coherence between routing tables and persistent routing loops.
Additionally _no_ exising IGP has anything resembling protection from malfunctioning routing software _or_ malicious or negligient operators of host-based rotuing software. I had to track down people who enable gated on their linux boxes just for the fun of it, and screw the entire network up in the process, more times than i care to count.
In other words, dynamic routing is very brittle, and requires quite a lot of care to make sure it works right, and that a single-point failure won't affect the significant portion of the network. If you would claim that you ever did an analysis like that for any real network i'd have to ask you to enlighten all of us about the obviously break-through novel network design technique you're using.
No, the comparation between OSPF and STATIC looks like the comparation between the old (from 1950 year) and modern (Mersedess-600) cars - the first is very simple implemented and difficult to drive; the second is very complex implemented but very simple to drive (but if you are to be starving on the unhabitant ireland with the good roads, you'll choose the first car; but it seemd for me you just choose something more complex in the real life).
Did you notice that it takes a highly trained specialist with appropriate (and rather expensive) equipment to diagnose and fix a problem in a Mercedes? A hammer and few expletitives usually suffice for a Packard.
That's the real difference. People who understand routing protocols and how they interact with level-2 transport are still extremely rare and rather expensive. Even the major ISPs here in US have serious staffing problems. An average corporate MIS department is best characterized as clueless (what other explanation is here for the Microsoft dominance? :)
In other words, you're advising kids who don't yet know how to hold a hammer to start using chain saw. In a situation like that i would expect a lot of cut-off bodily parts.
PS. And if someone use STATIC widely, a few years ago some other person should be sitting for a few days and flame the first one digging through a heaps of the static routes /it's real example from my life/.
At least he'll be able to understand what's broke when the network goes down.
BTW, dealing with heaps of statics is very simple: do a numbering plan first, so the routes are aggregable. That is helpful for dynamic routing, too.
--vadim
OSPF (and any other dynamic routing protocol) introduces and removes routes every time a link or device goes up or down - or perceived Yes. For the 100-router backbone, it should happen once/day (failed link, failed router), or once/hour, not more often. Through OSPF route even dynamil dialup addresses as well - withouth any instability.
to go up and down. A typical scenario can be like: connecting a PC Hmm, what is PC doing in the CORE backbone built by the L2 switches and running 100TX or 1,000TX ethernet? And how often does anyone plug in the broken cards?
Additionally _no_ exising IGP has anything resembling protection from malfunctioning routing software _or_ malicious or negligient operators of host-based rotuing software. I had to track down people who enable gated on their linux boxes just for the fun of it, and screw the entire network up in the process, more times than i care to count. Yes, but do not mix the customer's and core networks; use OSPF authentication if you can't avoid this. And even if you mix networks,
No, the myths about the dynamic routing instability is not more than a myth - until someone don't try to readvertise 60,000 router from BGP to OSPF or back... I can't understand what all you are flames about - the 2 level schema (IGP for the CORE hosts and networks, IBGP for the multi-home clients, OSPF-ASE or IGP for the STATIC and DialUP clients) have not visible disadvantages (except now you can choose IS-IS instead of OSPF if you use CISCO - can't argue against this). plug in broken linux with the wrong configured gated - the worst thing you can do in the real life is to stole DEFAULT (from the default-less backbone -:) - no one even notify this). No, we had a lot of problems from the wrong static routes, from the wrong readvertisements, from the wrong aggregations - and never from the plain simple OSPF itself... Boths OSPF and IS-IS have a long history, designed well and realised very stable (if you don't use something absolutely new and untested). And there is a very simple ways to prevent the possible sources of instability (dividing the roiuting to the CORE-IGP and USERS-IBGP is one of them).
No, the comparation between OSPF and STATIC looks like the comparation between the old (from 1950 year) and modern (Mersedess-600) cars - the first is very simple implemented and difficult to drive; the second is very complex implemented but very simple to drive (but if you are to be starving on the unhabitant ireland with the good roads, you'll choose the first car; but it seemd for me you just choose something more complex in the real life).
Did you notice that it takes a highly trained specialist with appropriate (and rather expensive) equipment to diagnose and fix a problem in a Mercedes? A hammer and few expletitives usually suffice for a Packard. Yes, of course; but let's guess what was chosen by your wife?
The OSPF and IS-IS and other MODERN pritocols was designed for the brain-less usage; if you don't write too many config lines and prevent some hellish words, you are absolutely safe. The safest config is router ospf 1 network 0.0.0.0 255.255.255.255 area 0 -:) (you can add 'unnumbered' interfaces to this example as well).
That's the real difference. People who understand routing protocols and how they interact with level-2 transport are still extremely rare and rather expensive. Even the major ISPs here in US have serious staffing problems. An average corporate MIS department is best characterized as clueless (what other explanation is here for the Microsoft dominance? :)
At least he'll be able to understand what's broke when the network goes down.
BTW, dealing with heaps of statics is very simple: do a numbering plan first, so the routes are aggregable. That is helpful for dynamic routing, too.
Ok, some day I'll ask you to restore normal routing from the heap of STATIC routes - I did such work twise, and do not want anymore (this was not in our network, through).
--vadim
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
participants (4)
-
Alex Bligh
-
Alex P. Rudnev
-
Dana Hudes
-
Vadim Antonov