Looking for information on IGP choices in dual-stack networks
Nanog Folks: Philip Matthews and I are co-authors on an active draft within the IETF related to IPv6 routing design choices. To ensure we are gathering sufficient data we are looking for an expanded set of input from operator forums as well (vs. just the v6ops IETF list). The draft is found here -(https://tools.ietf.org/html/draft-ietf-v6ops-design-choices). We are looking for information on the IGP combinations people are running in their dual-stack networks. We are gathering this information so we can document in our draft which IGP choices are known to work well (i.e., people actually run this combination in production networks without issues). The draft will not name names, but just discuss things in aggregate: for example, "there are 3 large and 2 small production networks that run OSPF for IPv4 and IS-IS for IPv6, thus that combination is judged to work well". If you have a production dual-stack network, then we would like to know which IGP you use to route IPv4 and which you use to route IPv6. We would also like to know roughly how many routers are running this combination. Feel free to share any successes or concerns with the combination as well. We are looking particularly at combinations of the following IGPs: IS-IS, OSPFv2, OSPFv3, EIGRP. If you run something else (RIP?) then we would also like to hear about this, though we will likely document these differently. [We suspect you run RIP/RIPng only at the edge for special situations, but feel free to correct us]. And if you have one of those modern networks that carries dual-stack customer traffic in a L3VPN or similar and thus don’t need a dual-stacked core, then please email us and brag ... If you are on multiple lists at RIPE, NANOG or the IETF, we appologize for any redundant emails you may get (we are just attempting to reach the widest audience possible). Philip Matthews Victor Kuarsingh
If you have a production dual-stack network, then we would like to know which IGP you use to route IPv4 and which you use to route IPv6.
in one network, both ospfs. in another is-is. i recommend the latter.
We would also like to know roughly how many routers are running this combination.
lots randy
On Tue, Jun 9, 2015 at 3:21 PM, Randy Bush <randy@psg.com> wrote:
If you have a production dual-stack network, then we would like to know which IGP you use to route IPv4 and which you use to route IPv6.
in one network, both ospfs. in another is-is. i recommend the latter.
We would also like to know roughly how many routers are running this combination.
why is the question /routers/ and not /networks/ ? (which is still sort of nutty since your reasonable choices for 'dual stack capable' are: ospf/ospf3 || isis)
lots
randy
On 9 Jun 2015, at 16:23, Christopher Morrow wrote:
On Tue, Jun 9, 2015 at 3:21 PM, Randy Bush <randy@psg.com> wrote:
If you have a production dual-stack network, then we would like to know which IGP you use to route IPv4 and which you use to route IPv6.
in one network, both ospfs. in another is-is. i recommend the latter.
We would also like to know roughly how many routers are running this combination.
why is the question /routers/ and not /networks/ ?
Routers makes more sense to me than networks (IGP, so one network, right?) Joe
On Tue, Jun 9, 2015 at 4:36 PM, Joe Abley <jabley@hopcount.ca> wrote:
On 9 Jun 2015, at 16:23, Christopher Morrow wrote:
On Tue, Jun 9, 2015 at 3:21 PM, Randy Bush <randy@psg.com> wrote:
If you have a production dual-stack network, then we would like to know which IGP you use to route IPv4 and which you use to route IPv6.
in one network, both ospfs. in another is-is. i recommend the latter.
We would also like to know roughly how many routers are running this combination.
why is the question /routers/ and not /networks/ ?
Routers makes more sense to me than networks (IGP, so one network, right?)
that confuses me, the logic I mean... I suppose in a single network I'd expect to see one igp for an address family (ospf or ospfv3). Not "eastcoast devices do ospf (stodgy bastards!) and westcoast goes isis!"
Think of scenarios where you have mergers/acquisitions where different portions of the now amalgamated network were designed differently and there may be too much pain or require too much time to redesign rather than bolt together and redistribute. Sk. -----Original Message----- that confuses me, the logic I mean... I suppose in a single network I'd expect to see one igp for an address family (ospf or ospfv3). Not "eastcoast devices do ospf (stodgy bastards!) and westcoast goes isis!"
On Tue, 09 Jun 2015 21:55:31 -0000, Sameer Khosla said:
Think of scenarios where you have mergers/acquisitions where different portions of the now amalgamated network were designed differently and there may be too much pain or require too much time to redesign rather than bolt together and redistribute.
But in that case, don't they usually say "The heck with it" and continue using 2 separate ASN numbers?
Think of scenarios where you have mergers/acquisitions where different portions of the now amalgamated network were designed differently and there may be too much pain or require too much time to redesign rather than bolt together and redistribute. But in that case, don't they usually say "The heck with it" and continue using 2 separate ASN numbers?
we didn't take that path. we used separated igps (did not want to share blood with yet to be trusted acquired engineers), and bgp confederation so there was one external asn. a useful transition strategy. but in that configuration, bgp at the confed border is ebgp, not ibgp. this has interesting consequences on timing of routing propagation, even with timers turned down. see http://archive.psg.com/030226.apnic-flap.pdf randy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/Jun/15 00:00, Valdis.Kletnieks@vt.edu wrote:
But in that case, don't they usually say "The heck with it" and continue using 2 separate ASN numbers?
We tried the multiple AS thing once, many years ago at $previous_job. It's cool on paper. We collapsed back into a single AS. Will never touch that sauce again. Mark. -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJVeTEBAAoJEGcZuYTeKm+GG/4P/j/FwIeCM1juYK4JmbOOtEJw Sx9YK6/W3seDN0xeTuhqAwEkJhTtd+gEvumpOWau7UiYqhoctuIAK5p4RDZJXm+e 9rGZFl4dIbMCTyIiXxPLEwPMqNx04P3nXsQPRqY7znzYnVUa+v/pVxvaJsq1+eE6 pgrp88upePZHzFhlWqAZSkFOASBLU8ggrngKSEt5OU0av5bd+oUoBztETaFl0RjK m3XjwglWa9oHC9ll63YT5NmaMf84BMYOFRmDXijNlpXDbmF8CJO2WpPgWu/ZYDqp g8GJomFi+T/A/v2Iq5Dn+SWQP3UQrpMFK7HevMUrad4hFJ0CVbZCxGUccmGsUEBK 0LbwtvNBXdIGjupp3ArjYSbv48HuZKa6wv5aC6QBhAGxkIY15jvR2g4KuLQMLDZG CiNqPMx5Oc+bXN7eSphVDuo2wOPZ+GeA/wIvw3x0EGlBpA9bjZuAGufIollgYeU8 5rgLJkk/u09Nicuql3SU1KUtZ+9afYnnR3MBqfy24ZZpzTgOaDQFXu+yB0ImF490 vkjVEG7gIVlwsF2WKl20rA4a4b5iTN9yWX+CLtAc+2eOU1qjNVhN4IVKrVLr+fQc ZF8owfyf3IfBh3VK8OmtYd+SMbWkmlv55nVI6Wl1oAiv0DKmXrArkDUPjHCKXvhJ bIjz/evtVHH2S9lRJLNq =HlQJ -----END PGP SIGNATURE-----
On 9/Jun/15 23:55, Sameer Khosla wrote:
Think of scenarios where you have mergers/acquisitions where different portions of the now amalgamated network were designed differently and there may be too much pain or require too much time to redesign rather than bolt together and redistribute.
In such cases, BGP-LS may be a better approach, as that encourages more sane filtering in the IGP than an IGP generally would. Mark.
On 6/9/15 2:00 PM, Christopher Morrow wrote:
On Tue, Jun 9, 2015 at 4:36 PM, Joe Abley <jabley@hopcount.ca> wrote:
On 9 Jun 2015, at 16:23, Christopher Morrow wrote:
On Tue, Jun 9, 2015 at 3:21 PM, Randy Bush <randy@psg.com> wrote:
If you have a production dual-stack network, then we would like to know which IGP you use to route IPv4 and which you use to route IPv6.
in one network, both ospfs. in another is-is. i recommend the latter.
We would also like to know roughly how many routers are running this combination.
why is the question /routers/ and not /networks/ ?
Routers makes more sense to me than networks (IGP, so one network, right?)
that confuses me, the logic I mean...
I suppose in a single network I'd expect to see one igp for an address family (ospf or ospfv3). Not "eastcoast devices do ospf (stodgy bastards!) and westcoast goes isis!"
At one time I had datacenter interiors that had no isis support. they ran ospfv2 and to the extent that it was necessary in limited application ospfv3. the datacenter border and the backbone used ISIS for both adress families. routes were in general not redistributed between IGPs.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/Jun/15 01:04, joel jaeggli wrote:
At one time I had datacenter interiors that had no isis support. they ran ospfv2 and to the extent that it was necessary in limited application ospfv3. the datacenter border and the backbone used ISIS for both adress families. routes were in general not redistributed between
IGPs. We run Quagga on Anycast servers (DNS, NTP, TACACS+, e.t.c.) using OSPFv2|v3, largely because Quagga's IS-IS support is terrible. We have (restrictively) redistribute that into our IS-IS backbone, which works great. Wish we didn't have to do that, but it works well, and OSPF is stable in Quagga. Mark. -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJVeTCaAAoJEGcZuYTeKm+GZEkP/iPyXNsOkCFwBIbYU4Q8SyDN qjW0oZR8MY126nLqgikvwJed4PdMwZh/Qoyz2C76e2LLVl03/Ru8gN0I8fUl6ueH +B8dKUuTiY8Q4eXyR5GzY451GafY+O/ggJDruDi7t24XCWl14w32pfqdiCTwE10Q Ch+S5mbd8MavLOK2Rbh8bS5AFztRBol7U34UZhUeyH/3/I9xwaMojV0u637Id6b1 veuILlLohxdqUF8r04HRBdr9AZVGADorV1/4C2T4kgCJXrbGpN+QBOMvbjkdBQBU cufppx5hnSSb9tSrkX0cGYFD8ouZXRGK9oC+6Uuouj1R9/Uxfvml4DxJJq75ZEON XZMUEX8NPUJOlX65a94WDdI/7IBp+zTRS5CO2ZXcWYqbXWxFOajjslj7L4LbVADq PZq4HVtGFCeEiyftPXv8r3mmBw/5CJSst255BaYLk6EF8tU0TZbgoeYJspqQXMYx I3HI3GYMhDalHtoMGFNedl+atpVHtlMtOXY+hPuIdpDXXnIw8UrRL1s21qmtSpJD p/5enXrPW5opBdQYQ+dar7LedbanupqhTV0Zp2TZ/n7yaqakalvWk1bCAkwzVrOk 1d0cPNXlomyithOFXSnp1cUqtnsyxixtgcQcY2DgXUKGqnaB2GcHskTu/2gYCmV2 Zcud3k0zJDrCFkve+im6 =osk1 -----END PGP SIGNATURE-----
On Thu, 11 Jun 2015, Mark Tinka wrote:
We run Quagga on Anycast servers (DNS, NTP, TACACS+, e.t.c.) using OSPFv2|v3, largely because Quagga's IS-IS support is terrible.
Quagga's IS-IS will get a lot better in the fall because funding has been provided to fix things important to IETF HOMENET working group requirements for IGP. This will not fix things across the entire Quagga IS-IS code base, but things should be substantially improved. If you're interested in improving it further than that, do send some money to people capable of doing the work, and have them do it. Contact me off-list if you want more information. -- Mikael Abrahamsson email: swmike@swm.pp.se
On 11/Jun/15 10:33, Mikael Abrahamsson wrote:
Quagga's IS-IS will get a lot better in the fall because funding has been provided to fix things important to IETF HOMENET working group requirements for IGP.
This will not fix things across the entire Quagga IS-IS code base, but things should be substantially improved. If you're interested in improving it further than that, do send some money to people capable of doing the work, and have them do it.
Contact me off-list if you want more information.
Thanks, Mikael. Happy to support the development of IS-IS in Quagga. Will unicast you for more details. Mark.
Routers makes more sense to me than networks (IGP, so one network, right?)
so you are thinking of a network where half the routers run is-is one quarter ospf/ospfv2 and one quarter ospf/ripv3. right. there was a very large provider that had one is-is leven-2 across many bgp confederations. there was a ....
Hi Randy, On Jun 9, 2015, at 18:08, Randy Bush <randy@psg.com> wrote:
Routers makes more sense to me than networks (IGP, so one network, right?)
so you are thinking of a network where half the routers run is-is one quarter ospf/ospfv2 and one quarter ospf/ripv3. right.
No, not at all. I thought Victor was asking "what IGP" and "how many routers use it in your network". I assumed he was interested in whether the size of the network influenced the IGP choice. Perhaps I misunderstood, because apparently I was the only one who read it that way. Joe
I/we (Philip and I) attempted to keep the question as generic as possible, allowing folks to state the IGPs they use, in whichever combination or in some cases (as we can see), more complex deployments. I would agree with statements form Joel earlier with respect to cases where early vendor support may have influenced some network zones (inside a given AS) to support a different IGP (his case of OSPFv3 for devices which lacked IS-IS support is one I did face a few years back as well in the DC with respect to Load balancing and Firewall devices). The merger one was a new one for me, but it seems to reflect some peoples reality. regards, Victor K On 2015-06-09 7:41 PM, Joe Abley wrote:
Hi Randy,
On Jun 9, 2015, at 18:08, Randy Bush <randy@psg.com> wrote:
Routers makes more sense to me than networks (IGP, so one network, right?) so you are thinking of a network where half the routers run is-is one quarter ospf/ospfv2 and one quarter ospf/ripv3. right. No, not at all. I thought Victor was asking "what IGP" and "how many routers use it in your network". I assumed he was interested in whether the size of the network influenced the IGP choice.
Perhaps I misunderstood, because apparently I was the only one who read it that way.
Joe
a researcher i know and respect asked a bunch of ops what features that used. the researcher finally said something similar to "operators seem to actually use all those kinky knobs and protocols." for any kink you can imagine, someone does it. there are operators who have even deployed ipv6 :) randy
On Tue, Jun 9, 2015 at 9:10 PM, Randy Bush <randy@psg.com> wrote:
a researcher i know and respect asked a bunch of ops what features that used. the researcher finally said something similar to "operators seem to actually use all those kinky knobs and protocols."
for any kink you can imagine, someone does it. there are operators who have even deployed ipv6 :)
see the other thread of the week, you are wrong sir! wrong! :) At AS701/2/3 there were nominally 2k devices (way back when) using ISIS for their igp for both v4 and v6 data... though the igp split on as-boundaries. hope that helps!
We use IS-IS dual-stack in the core, and OSPFv2+OSPFv3 in the datacenters. Roughly 100 routers in the IS-IS core, and less than 2000 routers in the OSPFv2+OSPFv3 datacenters. Matt On Tue, Jun 9, 2015 at 5:59 PM, Victor Kuarsingh <victor@jvknet.com> wrote:
I/we (Philip and I) attempted to keep the question as generic as possible, allowing folks to state the IGPs they use, in whichever combination or in some cases (as we can see), more complex deployments.
I would agree with statements form Joel earlier with respect to cases where early vendor support may have influenced some network zones (inside a given AS) to support a different IGP (his case of OSPFv3 for devices which lacked IS-IS support is one I did face a few years back as well in the DC with respect to Load balancing and Firewall devices).
The merger one was a new one for me, but it seems to reflect some peoples reality.
regards,
Victor K
On 2015-06-09 7:41 PM, Joe Abley wrote:
Hi Randy,
On Jun 9, 2015, at 18:08, Randy Bush <randy@psg.com> wrote:
Routers makes more sense to me than networks (IGP, so one network, right?)
so you are thinking of a network where half the routers run is-is one quarter ospf/ospfv2 and one quarter ospf/ripv3. right.
No, not at all. I thought Victor was asking "what IGP" and "how many routers use it in your network". I assumed he was interested in whether the size of the network influenced the IGP choice.
Perhaps I misunderstood, because apparently I was the only one who read it that way.
Joe
On 10/Jun/15 02:59, Victor Kuarsingh wrote:
I would agree with statements form Joel earlier with respect to cases where early vendor support may have influenced some network zones (inside a given AS) to support a different IGP (his case of OSPFv3 for devices which lacked IS-IS support is one I did face a few years back as well in the DC with respect to Load balancing and Firewall devices).
Also, router CPU's were much slower then than they are now. The IGP's have gotten a little more complex also, but by-and-large, are still the same if you don't do "fancy things". So there would be a certain amount of increase in scale that an IGP domain would support, perhaps, regardless of which IGP is chosen. Mark.
On 10/Jun/15 01:41, Joe Abley wrote:
No, not at all. I thought Victor was asking "what IGP" and "how many routers use it in your network". I assumed he was interested in whether the size of the network influenced the IGP choice.
It did for us - IS-IS here with a couple hundred routers (and growing), as I mentioned to Victor and Philip when they posted this in another forum. Single level (L2). Mark.
On 6/9/2015 11:14 AM, Victor Kuarsingh wrote:
We are looking particularly at combinations of the following IGPs: IS-IS, OSPFv2, OSPFv3, EIGRP. If you run something else (RIP?) then we would also like to hear about this, though we will likely document these differently. [We suspect you run RIP/RIPng only at the edge for special situations, but feel free to correct us].
When we first were moving to IPv6 in the core network we evaluated IS-IS because it was what we were using for IPv4 and we would have preferred to run a single protocol for both. We had problems with running a mix of routers where some supported IPv6 and others did not. From what I recall, if any router did not support IPv6 then it wouldn't connect to a router running v6 and v4. It's possible these were bugs and they were worked out later or just a messed up design in the lab, but we also like the idea of keeping IPv4 and IPv6 away from each other so if one is broken the other one might still work. So we use OSPFv3 for IPv6 routing and IS-IS for IPv4 routing.
On 10/Jun/15 21:56, Robert Drake wrote:
When we first were moving to IPv6 in the core network we evaluated IS-IS because it was what we were using for IPv4 and we would have preferred to run a single protocol for both. We had problems with running a mix of routers where some supported IPv6 and others did not. From what I recall, if any router did not support IPv6 then it wouldn't connect to a router running v6 and v4.
It's possible these were bugs and they were worked out later or just a messed up design in the lab, but we also like the idea of keeping IPv4 and IPv6 away from each other so if one is broken the other one might still work.
Someone may have already mentioned this, but you hit that issue because you were probably running ST (Single Topology) IS-IS. IS-IS supports MT (Multi Topology) which allows you to have incongruent IP stacks on a link, i.e., IPv4 on one end + IPv4/IPv6 on another. As the majority of strategies to implement IPv6 will be in this manner, always recommended to run IS-IS in MT mode. Unless you were implementing IS-IS before MT was supported in code. Mark.
On Tue, Jun 9, 2015 at 8:14 AM, Victor Kuarsingh <victor@jvknet.com> wrote:
Nanog Folks:
Philip Matthews and I are co-authors on an active draft within the IETF related to IPv6 routing design choices. To ensure we are gathering sufficient data we are looking for an expanded set of input from operator forums as well (vs. just the v6ops IETF list). The draft is found here -(https://tools.ietf.org/html/draft-ietf-v6ops-design-choices).
We are looking for information on the IGP combinations people are running in their dual-stack networks. We are gathering this information so we can document in our draft which IGP choices are known to work well (i.e., people actually run this combination in production networks without issues). The draft will not name names, but just discuss things in aggregate: for example, "there are 3 large and 2 small production networks that run OSPF for IPv4 and IS-IS for IPv6, thus that combination is judged to work well". If you have a production dual-stack network, then we would like to know which IGP you use to route IPv4 and which you use to route IPv6.
Babel, for both. (carries both protocols in the same packet, same daemon)
We would also like to know roughly how many routers are running this combination.
In production: 28. In test (and still shared with production) anywhere from 8 to 68. Couple other smaller sites. a few thousand cerowrt boxes "out there", with some percentage having 2-3 participating nodes at least. ietf Homenet prototypes, also.
Feel free to share any successes or concerns with the combination as well.
Gave up on bridging, and tried olsr, batman, ospfv3, before settling on babel. Source specific routing now a big help on 110 acre campus with multiple egress nodes. mixed (and mostly) wifi and ethernet, also, which ruled out ospf big time. multi-channel interference, which ruled out olsr (at the time). batman was layer 2 and hard to segment, and bridging 7 wifi hops did not scale at all over 802.11s nor WDS.
We are looking particularly at combinations of the following IGPs: IS-IS, OSPFv2, OSPFv3, EIGRP.
Babel config is crazy easy compared to any of these. So are packet loads. Filtering out natted addrs while still preserving e2e ipv6 connectivity, easy also. a flaw of DV is not seeing the whole picture of the network without traceroute or alternate monitoring means than the protocol itself. Still, see: https://tools.ietf.org/html/draft-chroboczek-babel-doesnt-care-00 Worst case, it's good for a laugh.
If you run something else (RIP?) then we would also like to hear about this, though we will likely document these differently. [We suspect you run RIP/RIPng only at the edge for special situations, but feel free to correct us].
And if you have one of those modern networks that carries dual-stack customer traffic in a L3VPN or similar and thus don’t need a dual-stacked core, then please email us and brag ...
If you are on multiple lists at RIPE, NANOG or the IETF, we appologize for any redundant emails you may get (we are just attempting to reach the widest audience possible).
Philip Matthews Victor Kuarsingh
-- Dave Täht What will it take to vastly improve wifi for everyone? https://plus.google.com/u/0/explore/makewififast
participants (12)
-
Christopher Morrow -
Dave Taht -
Joe Abley -
joel jaeggli -
Mark Tinka -
Matthew Petach -
Mikael Abrahamsson -
Randy Bush -
Robert Drake -
Sameer Khosla -
Valdis.Kletnieks@vt.edu -
Victor Kuarsingh