Hi everyone, Anybody from Yahoo to share experience on IGP choice ? IS-IS vs OSPF, why did you switch from one to the other, for what reason ? Same question could apply to other ISP, I'd like to heard some international ISP/carriers design choice, please. Thank in advance, Best regards, -Marcel
"marcel.duregards@yahoo.fr" <marcel.duregards@yahoo.fr> writes:
Hi everyone,
Anybody from Yahoo to share experience on IGP choice ? IS-IS vs OSPF, why did you switch from one to the other, for what reason ? Same question could apply to other ISP, I'd like to heard some international ISP/carriers design choice, please.
Thank in advance, Best regards, -Marcel
I worked a project as recently as 2009 where we tried to connect two 6509s together over a tunnel interface and wanted to extend Area 0 across it and couldn't because it was a limitation of the version of IOS we were running at the time. That forced us to use isis. It was a decision based on pragmatism rather than design choice; and we were a small operator, too. The choice of an interior routing protocol really doesn't have much implication for small operators.
* marcel.duregards@yahoo.fr (marcel.duregards@yahoo.fr) [Thu 22 Oct 2015, 18:57 CEST]:
Anybody from Yahoo to share experience on IGP choice ?
What a weird way to limit your audience. This is NANOG, not Yahoo. Otherwise, http://userpages.umbc.edu/~vijay/work/ppt/oi.pdf -- Niels.
sorry for that, but the only one I've heard about switching his core IGP is Yahoo. I've no precision, and it's really interest me. I know that there had OSPF in the DC area, and ISIS in the core, and decide to switch the core from ISIS to OSPF. Why spend so much time/risk to switch from ISIS to OSPF, _in the core_ a not so minor impact/task ? So I could guess it's for maintain only one IGP and have standardized config. But why OSPF against ISIS ? What could be the drivers? People skills (more people know OSPF than ISIS) --> operational reason ? In my understanding of both protocols, from 3 year old documentation (2012): OSPF is more or less limited to hundred routers in the backbone area. Yeah, ok, but back in 2005 I know some ISP which run 200 routers in the backbone area (only one area) w/o problem. What about today ? protocol design limitation or resources (memory+cpu) limitation ? If ressources only, as of today we can put also 1000 ospf routers in one area... Cisco recommend no more than 50 routers per area with OSPF. Is it a conservative value ? It also depend on the number of networks/router, of course. ISIS is not. ISIS scale up to thousand routers in the same area. Some docs say that ISIS converge faster due to fewer LSP traffic (compare to OSPF which generate more LSA traffic, therefore use more CPU) and better timers. Timers can also be tuned with OSPF, so I do not sea a real argument with better timers for ISIS (same story between HSRP versus VRRP with better timers for VRRP). As your doc say (reason to choose ISIS): better convergence, better security, simplicity. -Marcel On 22.10.2015 19:25, Niels Bakker wrote:
* marcel.duregards@yahoo.fr (marcel.duregards@yahoo.fr) [Thu 22 Oct 2015, 18:57 CEST]:
Anybody from Yahoo to share experience on IGP choice ?
What a weird way to limit your audience. This is NANOG, not Yahoo.
Otherwise, http://userpages.umbc.edu/~vijay/work/ppt/oi.pdf
-- Niels.
On Fri, Oct 23, 2015 at 1:41 AM, marcel.duregards@yahoo.fr <marcel.duregards@yahoo.fr> wrote:
sorry for that, but the only one I've heard about switching his core IGP is Yahoo. I've no precision, and it's really interest me. I know that there had OSPF in the DC area, and ISIS in the core, and decide to switch the core from ISIS to OSPF.
Wait, what? *checks memory* *checks routers* Nope. Definitely went the other way; OSPF -> IS-IS in the core.
Why spend so much time/risk to switch from ISIS to OSPF, _in the core_ a not so minor impact/task ? So I could guess it's for maintain only one IGP and have standardized config. But why OSPF against ISIS ? What could be the drivers? People skills (more people know OSPF than ISIS) --> operational reason ?
I'm sorry you received the wrong information, the migration was from OSPF to IS-IS, not the other way around. Thanks! Matt
A lot of carriers use ISIS in the core so they can make use of the' overload bit' with a 'set-overload-bit on-startup wait-for-bgp". Keeps them from black holing Traffic while BGP reconverges., when you have millions of routes to converge it can take forever. It's also a really handy tool when you're troubleshooting or repairing a link, set the OL bit, and traffic gracefully moves, then when you're done it gracefully moves back. You can do the same thing with the Metric, and Cost in OSPF, just not quite as elegant. Largely I think it's preference, ISIS and OSPF tackle most of the same stuff just in different ways. -D -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Matthew Petach Sent: Friday, October 23, 2015 11:31 AM To: marcel.duregards@yahoo.fr Cc: nanog@nanog.org Subject: Re: IGP choice On Fri, Oct 23, 2015 at 1:41 AM, marcel.duregards@yahoo.fr <marcel.duregards@yahoo.fr> wrote:
sorry for that, but the only one I've heard about switching his core IGP is Yahoo. I've no precision, and it's really interest me. I know that there had OSPF in the DC area, and ISIS in the core, and decide to switch the core from ISIS to OSPF.
Wait, what? *checks memory* *checks routers* Nope. Definitely went the other way; OSPF -> IS-IS in the core.
Why spend so much time/risk to switch from ISIS to OSPF, _in the core_ a not so minor impact/task ? So I could guess it's for maintain only one IGP and have standardized config. But why OSPF against ISIS ? What could be the drivers? People skills (more people know OSPF than ISIS) --> operational reason ?
I'm sorry you received the wrong information, the migration was from OSPF to IS-IS, not the other way around. Thanks! Matt
A lot of carriers use ISIS in the core so they can make use of the' overload bit' with a 'set-overload-bit on-startup wait-for-bgp". Keeps them from black holing Traffic while BGP reconverges., when you have millions of routes to converge it can take forever. It's also a really handy tool when you're troubleshooting or repairing a link, set the OL bit, and traffic gracefully moves, then when you're done it gracefully moves back. You can do the same thing with the Metric, and Cost in OSPF, just not quite as elegant.
That feature is also present in OSPF. 'max metric router-lsa'.
On Fri, 23 Oct 2015, Pablo Lucena wrote:
A lot of carriers use ISIS in the core so they can make use of the' overload bit' with a 'set-overload-bit on-startup wait-for-bgp". Keeps them from black holing Traffic while BGP reconverges., when you have millions of routes to converge it can take forever. It's also a really handy tool when you're troubleshooting or repairing a link, set the OL bit, and traffic gracefully moves, then when you're done it gracefully moves back. You can do the same thing with the Metric, and Cost in OSPF, just not quite as elegant.
That feature is also present in OSPF. 'max metric router-lsa'.
This is not exactly the same thing as overload-bit set, but it can be argued that setting max-metric actually makes more sense than what the overload bit does. The choice between IS-IS and OSPF depends more on soft than hard factors. OSPF support is more widespread amongst smaller equipment vendors, IS-IS is the traditional choice for large ISP core IGP, mostly due to the Cisco codebase for IS-IS happened to be more stable than OSPF around 1995, and that's when a lot of larger ISPs started running these protocols, and that stuck. There is no right or wrong IGP to run, both protocols have their quirks and pro:s and con:s. -- Mikael Abrahamsson email: swmike@swm.pp.se
Hi Matthew, Thank a lot for your answer. This help me to understand, and make more sense to me :-). Thanks, -Marcel On 23.10.2015 18:31, Matthew Petach wrote:
On Fri, Oct 23, 2015 at 1:41 AM, marcel.duregards@yahoo.fr <marcel.duregards@yahoo.fr> wrote:
sorry for that, but the only one I've heard about switching his core IGP is Yahoo. I've no precision, and it's really interest me. I know that there had OSPF in the DC area, and ISIS in the core, and decide to switch the core from ISIS to OSPF.
Wait, what? *checks memory* *checks routers*
Nope. Definitely went the other way; OSPF -> IS-IS in the core.
Why spend so much time/risk to switch from ISIS to OSPF, _in the core_ a not so minor impact/task ? So I could guess it's for maintain only one IGP and have standardized config. But why OSPF against ISIS ? What could be the drivers? People skills (more people know OSPF than ISIS) --> operational reason ?
I'm sorry you received the wrong information, the migration was from OSPF to IS-IS, not the other way around.
Thanks!
Matt
On 22/Oct/15 18:57, marcel.duregards@yahoo.fr wrote:
Hi everyone,
Anybody from Yahoo to share experience on IGP choice ? IS-IS vs OSPF, why did you switch from one to the other, for what reason ? Same question could apply to other ISP, I'd like to heard some international ISP/carriers design choice, please.
The "everything must connect to Area 0" requirement of OSPF was limiting for me back in 2008. So we moved to IS-IS. Mark.
Just use rip for *everything* Problem solved! -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Mark Tinka Sent: Thursday, October 22, 2015 11:41 AM To: marcel.duregards@yahoo.fr; nanog@nanog.org Subject: Re: IGP choice On 22/Oct/15 18:57, marcel.duregards@yahoo.fr wrote:
Hi everyone,
Anybody from Yahoo to share experience on IGP choice ? IS-IS vs OSPF, why did you switch from one to the other, for what reason ? Same question could apply to other ISP, I'd like to heard some international ISP/carriers design choice, please.
The "everything must connect to Area 0" requirement of OSPF was limiting for me back in 2008. So we moved to IS-IS. Mark.
And Windows Server for your routing platform of choice! -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Damien Burke Sent: Thursday, October 22, 2015 1:12 PM To: nanog@nanog.org Subject: RE: IGP choice Just use rip for *everything* Problem solved! -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Mark Tinka Sent: Thursday, October 22, 2015 11:41 AM To: marcel.duregards@yahoo.fr; nanog@nanog.org Subject: Re: IGP choice On 22/Oct/15 18:57, marcel.duregards@yahoo.fr wrote:
Hi everyone,
Anybody from Yahoo to share experience on IGP choice ? IS-IS vs OSPF, why did you switch from one to the other, for what reason ? Same question could apply to other ISP, I'd like to heard some international ISP/carriers design choice, please.
The "everything must connect to Area 0" requirement of OSPF was limiting for me back in 2008. So we moved to IS-IS. Mark.
OK I will bite - Yes, RIP everything and let'em all Rest-In-Peace. My 0.02cents about OP's question- "Scale" and Admin-headaches: IS-IS scales far better than OSPF. Admin-headaches - as your OSPF domain grows, do you want to continually re-design; create more areas? You definitely don't want 50k prefixes in your OSPF domain; in area 0 - try it and see how it works. Security& ease-of-deployment: IS-IS is inherently a l2 protocol used over IP and is IP-Version independant and I dare say, more secure at the protocol-level compared to any other flavor of IGP. As to why you see more OSPF than IS-IS(except of a few large one's States-side) is more of a history-lession. ./Randy ----- Original Message ----- From: Damien Burke <damien@supremebytes.com> To: "nanog@nanog.org" <nanog@nanog.org> Cc: Sent: Thursday, October 22, 2015 12:12 PM Subject: RE: IGP choice Just use rip for *everything* Problem solved! -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Mark Tinka Sent: Thursday, October 22, 2015 11:41 AM To: marcel.duregards@yahoo.fr; nanog@nanog.org Subject: Re: IGP choice On 22/Oct/15 18:57, marcel.duregards@yahoo.fr wrote:
Hi everyone,
Anybody from Yahoo to share experience on IGP choice ? IS-IS vs OSPF, why did you switch from one to the other, for what reason ? Same question could apply to other ISP, I'd like to heard some international ISP/carriers design choice, please.
The "everything must connect to Area 0" requirement of OSPF was limiting for me back in 2008. So we moved to IS-IS. Mark.
On 22 October 2015 at 19:41, Mark Tinka <mark.tinka@seacom.mu> wrote:
The "everything must connect to Area 0" requirement of OSPF was limiting for me back in 2008.
I'm unsure if this is a serious argument, but its such a poor point today. Everything has to be connected to a level 2 in IS-IS. If you want a flat area 0 network in OSPF, go nuts. As long as you are sensible about what you put in your IGP, both IS-IS and OSPF scale very well. The differences between the two protocols are so small, that people really grasp at straws when 'proving' that one is better over the other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses TLVs so new features are quicker to implement'. While these may be vaguely valid arguments, they don't hold much water. If you don't secure your routers to bad actors forming OSPF adjacencies with you, you're doing something wrong.Who is running code that is so bleeding edge that feature X might be available for IS-IS, but not OSPF? Chose whichever you and your operational team are most comfortable with, and run with it. Regards, Dave
On 22/Oct/15 21:35, Dave Bell wrote:
I'm unsure if this is a serious argument, but its such a poor point today. Everything has to be connected to a level 2 in IS-IS. If you want a flat area 0 network in OSPF, go nuts. As long as you are sensible about what you put in your IGP, both IS-IS and OSPF scale very well.
The differences between the two protocols are so small, that people really grasp at straws when 'proving' that one is better over the other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses TLVs so new features are quicker to implement'. While these may be vaguely valid arguments, they don't hold much water. If you don't secure your routers to bad actors forming OSPF adjacencies with you, you're doing something wrong.Who is running code that is so bleeding edge that feature X might be available for IS-IS, but not OSPF?
Chose whichever you and your operational team are most comfortable with, and run with it.
OSPFv3 scaled better than OSPFv2 in 2008. But multi-AF support for OSPFv3 was only developing then, so that was not a viable replacement for OSPFv2. OSPFv2 should scale better in 2015 (I say "should" because more routers now have x86-based control planes, but I don't run OSPF so I'm hand-waving). You're right, a single Level-2 domain in IS-IS is akin to a single Area 0 in OSPF. But those "so small" differences between the protocols in 2008 meant I was less eager to try the single area with OSPF than I was the single level with IS-IS. Mark.
The differences between the two protocols are so small, that people really grasp at straws when 'proving' that one is better over the other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses TLVs so new features are quicker to implement'. While these may be vaguely valid arguments, they don't hold much water. If you don't secure your routers to bad actors forming OSPF adjacencies with you, you're doing something wrong.Who is running code that is so bleeding edge that feature X might be available for IS-IS, but not OSPF?
Chose whichever you and your operational team are most comfortable with, and run with it.
Basic point I very much agree with. However, if that was all there was to it, nobody would ever switch from OSPF to IS-IS or vice versa :-)
OSPFv3 scaled better than OSPFv2 in 2008. But multi-AF support for OSPFv3 was only developing then, so that was not a viable replacement for OSPFv2.
OSPFv2 should scale better in 2015 (I say "should" because more routers now have x86-based control planes, but I don't run OSPF so I'm hand-waving).
You're right, a single Level-2 domain in IS-IS is akin to a single Area 0 in OSPF. But those "so small" differences between the protocols in 2008 meant I was less eager to try the single area with OSPF than I was the single level with IS-IS.
Some points I've noticed - YMMV. - Needing OSPFv3 for IPv6 when you're alredy running OSPFv2 for IPv4 is less than optimal. I believe nowadays several vendors support OSPFv3 for both IPv4 and IPv6 - but this is not universal. - Probably mostly due to large operators running IS-IS, new features are more likely to show up first in IS-IS. - OSPFv3 security depends on IPsec, while IS-IS uses MD5. You could certainly argue that MD5 is starting to get long in the tooth - on the other hand, it's significantly better than nothing, and significantly less complex than IPsec. - We still have a few cases of needing OSPF towards customers. IS-IS as core IGP makes it slightly easier to ensure that core routing and customer routing are never mixed. I see no reason to mention anything about scaling, since I believe the protocols (both OSPF and IS-IS) nowadays scale to much larger topologies than we're likely to need. Steinar Haug, Nethelp consulting, sthaug@nethelp.no
On 22 October 2015 at 22:57, <sthaug@nethelp.no> wrote:
- Needing OSPFv3 for IPv6 when you're alredy running OSPFv2 for IPv4 is less than optimal. I believe nowadays several vendors support OSPFv3 for both IPv4 and IPv6 - but this is not universal.
Our configuration is MPLS VPNv6 for IPv6. Therefore we have no native IPv6 in the backbone and no need for OSPFv3. The IPv4 internet is MPLS VPNv4 so there should be no easy way to attack our OSPFv2 instance from outside. The attacker is simply not in the same VRF as the routing protocol. Is this such an uncommon configuration? I am asking because nobody mentioned this in the thread. Regards, Baldur
It comes down to personal preference now days in my opinion. Both ISIS and OSPFv3 allow you to run multi-af using the same protocol. Both of them dont run full SPF when a stub network is added/removed (unlike OSPFv2). How about vendor support? Perhaps ISIS has the upper hand here since its been around for so long, as compared to multi-af OSPFv3. If I had to build a network from scratch that need to support v4/v6, I would go with ISIS...but thats just personal preference. Some DC gear doens't support ISIS, so I guess it depends what the network is going to support. BGP as an IGP is also an interesting option =). *Pablo Lucena* On Thu, Oct 22, 2015 at 6:07 PM, Baldur Norddahl <baldur.norddahl@gmail.com> wrote:
On 22 October 2015 at 22:57, <sthaug@nethelp.no> wrote:
- Needing OSPFv3 for IPv6 when you're alredy running OSPFv2 for IPv4 is less than optimal. I believe nowadays several vendors support OSPFv3 for both IPv4 and IPv6 - but this is not universal.
Our configuration is MPLS VPNv6 for IPv6. Therefore we have no native IPv6 in the backbone and no need for OSPFv3.
The IPv4 internet is MPLS VPNv4 so there should be no easy way to attack our OSPFv2 instance from outside. The attacker is simply not in the same VRF as the routing protocol.
Is this such an uncommon configuration? I am asking because nobody mentioned this in the thread.
Regards,
Baldur
Hi,
The differences between the two protocols are so small, that people really grasp at straws when 'proving' that one is better over the other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses TLVs so new features are quicker to implement'. While these may be vaguely valid arguments, they don't hold much water. If you don't secure your routers to bad actors forming OSPF adjacencies with you, you're doing something wrong.Who is running code that is so bleeding edge that feature X might be available for IS-IS, but not OSPF?
well, bleeding edge fearures in ISIS would also depend on your vendor... ours seems backwards for ISIS in most of their product line and we're always wanting more.... heck, I think they've even tried to ensure its not in their training courses either...just the briefest of mentions :/ as for IGP - ISIS - we moved to it from OSPF because we didnt want 2 seperate routing calculations and tables being kept for IPv4 and IPv6 and all routing config is under the one routing protocol. alan
You still have separate tables for IPv4 and IPv6 with isis and multi-topology still runs 2 spf calculations. On Thu, Oct 22, 2015 at 4:05 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
The differences between the two protocols are so small, that people really grasp at straws when 'proving' that one is better over the other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses TLVs so new features are quicker to implement'. While these may be vaguely valid arguments, they don't hold much water. If you don't secure your routers to bad actors forming OSPF adjacencies with you, you're doing something wrong.Who is running code that is so bleeding edge that feature X might be available for IS-IS, but not OSPF?
well, bleeding edge fearures in ISIS would also depend on your vendor... ours seems backwards for ISIS in most of their product line and we're always wanting more.... heck, I think they've even tried to ensure its not in their training courses either...just the briefest of mentions :/
as for IGP - ISIS - we moved to it from OSPF because we didnt want 2 seperate routing calculations and tables being kept for IPv4 and IPv6 and all routing config is under the one routing protocol.
alan
I don't have all the details because I don't fully understand it, but I've heard that if you're running an MPLS/RSVP core, you can only use a single OSPF area. This introduces a scalability ceiling. On Thu, Oct 22, 2015 at 12:35 PM, Dave Bell <me@geordish.org> wrote:
On 22 October 2015 at 19:41, Mark Tinka <mark.tinka@seacom.mu> wrote:
The "everything must connect to Area 0" requirement of OSPF was limiting for me back in 2008.
I'm unsure if this is a serious argument, but its such a poor point today. Everything has to be connected to a level 2 in IS-IS. If you want a flat area 0 network in OSPF, go nuts. As long as you are sensible about what you put in your IGP, both IS-IS and OSPF scale very well.
The differences between the two protocols are so small, that people really grasp at straws when 'proving' that one is better over the other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses TLVs so new features are quicker to implement'. While these may be vaguely valid arguments, they don't hold much water. If you don't secure your routers to bad actors forming OSPF adjacencies with you, you're doing something wrong.Who is running code that is so bleeding edge that feature X might be available for IS-IS, but not OSPF?
Chose whichever you and your operational team are most comfortable with, and run with it.
Regards, Dave
-- Bill Blackford Logged into reality and abusing my sudo privileges.....
On 22/Oct/15 23:22, Bill Blackford wrote:
I don't have all the details because I don't fully understand it, but I've heard that if you're running an MPLS/RSVP core, you can only use a single OSPF area. This introduces a scalability ceiling.
Not true. The rate of development of advanced features in OSPF and IS-IS is at a similar pace today. The main issue is implementation. Some vendors will implement the new capabilities in one protocol sooner than the other. The features may eventually filter down to the other protocol, or not. It is entirely a situation specific to your vendor. For example, IIRC, LFA came to IS-IS in Junos first, and then OSPF followed (or was it the other way around, I can't remember - but support didn't come for both immediately). Same thing at Cisco. Quagga is an example of a case where IS-IS is seriously lagging behind OSPF to the point of not being useable at all. So while the spec. will have parity, your choice of vendor will be a practical factor. Mark.
On 23 October 2015 at 08:31, Mark Tinka <mark.tinka@seacom.mu> wrote: Hey,
Quagga is an example of a case where IS-IS is seriously lagging behind OSPF to the point of not being useable at all.
I believe this is because you need 802.3 (as opposed to EthernetII) and rudimentary CLNS implementation, both which are very annoying from programmer point of view. I hope ISIS would migrate to EthernetII and IP. From security point of view, people often state how it's better that it's not IP, but in reality, how many have verified the flip side of this proposal, how easy it is to protect yourself from ISIS attack from connected host? For some platforms the answer is, there is absolutely no way, and any connected host can bring you down with trivial amount of data. -- ++ytti
On 23/Oct/15 10:48, Saku Ytti wrote:
I believe this is because you need 802.3 (as opposed to EthernetII) and rudimentary CLNS implementation, both which are very annoying from programmer point of view.
I'm not really sure what the hold-up is, but I know Mikael, together with the good folks at netDEF (Martin and Alistair) are working hard on fixing these issues. While I have not had much time to provide them with feedback on their progress, it is high on my agenda - not to mention funding support for them will only help the cause.
I hope ISIS would migrate to EthernetII and IP. From security point of view, people often state how it's better that it's not IP, but in reality, how many have verified the flip side of this proposal, how easy it is to protect yourself from ISIS attack from connected host? For some platforms the answer is, there is absolutely no way, and any connected host can bring you down with trivial amount of data.
Well, on the basis that an attack is made easier if you are running IS-IS on a vulnerable interface, in theory, an attack would be highly difficult if a vulnerable interface were not running IS-IS to begin with. But I do not have any empirical data on any attempts to attack IS-IS, successfully or otherwise. So your guess is as good as mine. Mark.
On 23 October 2015 at 11:54, Mark Tinka <mark.tinka@seacom.mu> wrote: Hey,
Well, on the basis that an attack is made easier if you are running IS-IS on a vulnerable interface, in theory, an attack would be highly difficult if a vulnerable interface were not running IS-IS to begin with.
Assuming that interface won't punt ISIS if ISIS is not configured, unfortunately this assumption isn't true for all platforms. -- ++ytti
On Fri, 23 Oct 2015, Mark Tinka wrote:
I'm not really sure what the hold-up is, but I know Mikael, together with the good folks at netDEF (Martin and Alistair) are working hard on fixing these issues. While I have not had much time to provide them with feedback on their progress, it is high on my agenda - not to mention funding support for them will only help the cause.
There is running code now for IETF HOMENET using Quagga that speaks IS-IS over IPv6 (using IP proto 124) if you want to, it's configurable per-interface. I do not know at this time what the status is for mainline Quagga IS-IS, but I've sent a question about it to Netdef about it
On 23/Oct/15 23:02, Mikael Abrahamsson wrote:
There is running code now for IETF HOMENET using Quagga that speaks IS-IS over IPv6 (using IP proto 124) if you want to, it's configurable per-interface.
I do not know at this time what the status is for mainline Quagga IS-IS, but I've sent a question about it to Netdef about it
Thanks, Mikael. Mark.
by having multiple areas, therefore ABR which deny routers and network LSA, you introduce summarization (ABR only send summary LSA, mean subnet info, not topology info) in your network. Thus you loose informations and do not have a complete topology of your network. I guess MPLS/TE prefer to seat on top of a real topology ? On 22.10.2015 23:22, Bill Blackford wrote:
I don't have all the details because I don't fully understand it, but I've heard that if you're running an MPLS/RSVP core, you can only use a single OSPF area. This introduces a scalability ceiling.
On Thu, Oct 22, 2015 at 12:35 PM, Dave Bell <me@geordish.org> wrote:
On 22 October 2015 at 19:41, Mark Tinka <mark.tinka@seacom.mu> wrote:
The "everything must connect to Area 0" requirement of OSPF was limiting for me back in 2008.
I'm unsure if this is a serious argument, but its such a poor point today. Everything has to be connected to a level 2 in IS-IS. If you want a flat area 0 network in OSPF, go nuts. As long as you are sensible about what you put in your IGP, both IS-IS and OSPF scale very well.
The differences between the two protocols are so small, that people really grasp at straws when 'proving' that one is better over the other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses TLVs so new features are quicker to implement'. While these may be vaguely valid arguments, they don't hold much water. If you don't secure your routers to bad actors forming OSPF adjacencies with you, you're doing something wrong.Who is running code that is so bleeding edge that feature X might be available for IS-IS, but not OSPF?
Chose whichever you and your operational team are most comfortable with, and run with it.
Regards, Dave
On 23/Oct/15 11:00, marcel.duregards@yahoo.fr wrote:
by having multiple areas, therefore ABR which deny routers and network LSA, you introduce summarization (ABR only send summary LSA, mean subnet info, not topology info) in your network. Thus you loose informations and do not have a complete topology of your network. I guess MPLS/TE prefer to seat on top of a real topology ?
Yes, summarization in the IGP has the potential to create blackholes and/or loops. This reminds me of: http://tools.ietf.org/id/draft-swallow-mpls-aggregate-fec-01.txt Mark.
On Thu, Oct 22, 2015 at 12:35 PM, Dave Bell <me@geordish.org> wrote:
On 22 October 2015 at 19:41, Mark Tinka <mark.tinka@seacom.mu> wrote:
The "everything must connect to Area 0" requirement of OSPF was limiting for me back in 2008.
I'm unsure if this is a serious argument, but its such a poor point today. Everything has to be connected to a level 2 in IS-IS. If you want a flat area 0 network in OSPF, go nuts. As long as you are sensible about what you put in your IGP, both IS-IS and OSPF scale very well.
It is rather nice that IS-IS does not require level-2 to be contiguous, unlike area 0 in OSPF. It is a valid topology in IS-IS to have different level-2 areas connected by level-1 areas, though you do have to be somewhat careful about what routes you propagate into-and-back-out-of the intervening level-1 area. But other than that, yeah, the two protocols are pretty much homologous. Matt
On 30/Oct/15 15:34, Matthew Petach wrote:
It is rather nice that IS-IS does not require level-2 to be contiguous, unlike area 0 in OSPF. It is a valid topology in IS-IS to have different level-2 areas connected by level-1 areas, though you do have to be somewhat careful about what routes you propagate into-and-back-out-of the intervening level-1 area.
I found Route Leaking in IS-IS to be a moot endeavour because if one wants to keep absolute routing inside the IGP, you'll want to have the core and Loopback interface addresses in the IGP, particularly if you're running an MPLS network. In such a case, the only real gain you get from multi-level IS-IS is a little quietness re: the LSP's being propagated within a particular Level-1 Area. However, things like PRC (Partial Route Calculation) and iSPF (Incremental SPF) help a lot here when you have a flat Level-2 IS-IS domain. Mark.
On Thu, Oct 22, 2015 at 9:57 AM, marcel.duregards@yahoo.fr <marcel.duregards@yahoo.fr> wrote:
Hi everyone,
Anybody from Yahoo to share experience on IGP choice ? IS-IS vs OSPF, why did you switch from one to the other, for what reason ? Same question could apply to other ISP, I'd like to heard some international ISP/carriers design choice, please.
Thank in advance, Best regards, -Marcel
When we decided to go dual-stack many many years ago, we faced the choice of either running OSPFv2 and OSPFv3 in parallel in the core, or just running IS-IS. Several of us on the team had experience with IS-IS from previous jobs, so we decided to shift over from OSPF to IS-IS to simplify the environment by only needing a single IGP for both address families. Hope this helps answer your question. Thanks! Matt
Subject: IGP choice Date: Thu, Oct 22, 2015 at 06:57:01PM +0200 Quoting marcel.duregards@yahoo.fr (marcel.duregards@yahoo.fr):
Hi everyone,
Anybody from Yahoo to share experience on IGP choice ? IS-IS vs OSPF, why did you switch from one to the other, for what reason ? Same question could apply to other ISP, I'd like to heard some international ISP/carriers design choice, please.
We use IS-IS in our network mostly because I was around when a bunch of NREN switched to IS-IS some 15 years ago, and it stuck. It is, as has been noted, mostly a matter of preference, but there is one or two technical arguments for IS-IS that tip the scales for me; - One IGP for both v6 and v4. Mostly interesting if you are running a lot of traffic outside VRFen. But nevertheless a good thing to keep v6 and v4 in sync. - No leakage. Not many external peers speak IS-IS on their peering interfaces, so chances are that even if I do, nothing will fall over. This of course also applies to access interfaces, where my hosts won't even have an OSI stack and thus won't try to process the frames. The argument for OSPF mostly is that there are several FOSS OSPF dæmons for Posixly machines, making it a good choice for things like anycast name servers or similar. We do run it for precisely this setup. Do read the presentation Vijay Gill made and that people keep pointing to. It is a very good account of how to purge OSPF in favour of IS-IS. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 I'm also pre-POURED pre-MEDITATED and pre-RAPHAELITE!!
i may have missed it, but one of my fave features of is-is is that it is a link-local non-ip protocol. hard to disrupt/attack remotely. randy
participants (20)
-
A.L.M.Buxey@lboro.ac.uk
-
Baldur Norddahl
-
Bill Blackford
-
Damien Burke
-
Daniel Corbe
-
Dave Bell
-
Jameson, Daniel
-
marcel.duregards@yahoo.fr
-
Mark Tinka
-
Matthew Petach
-
Mikael Abrahamsson
-
Måns Nilsson
-
Niels Bakker
-
Pablo Lucena
-
Randy
-
Randy Bush
-
Saku Ytti
-
Steve Mikulasik
-
sthaug@nethelp.no
-
thomas nanog