nanog mailing list archives

RE: OSPF vs IS-IS vs PrivateAS eBGP

From: "Ivan Pepelnjak" <ip () ioshints info>
Date: Thu, 20 Aug 2009 14:13:31 +0200

Do not EVER run an SPF routing protocol with your customer. They can insert
anything they want into it (due to configuration mistake, malicious intent
or third-party hijacking) and your whole network (or at least the other
customers) will be affected.

Just to give you a few examples:

* They could hijack the host route to your DNS server and spoof every other
customer of yours that uses your DNS
* They could hijack the host route to your POP3 server and collect the
usernames and passwords of your residential users
* Company A could hijack the host route to the web server of company B. 
* They could insert a better default route than you do and at least some of
your routers will listen to them.
* If they ever make a total mess and start flapping their LSAs, your whole
network will be affected and all your routers will burn CPU running SPF
algorithm.

If you absolutely insist on not using BGP (but then BGP is the only
currently available routing protocol designed to handle routing in scenarios
where the two parties don't necessarily trust each other), use RIP. It's
safer than OSPF, at least you can filter the incoming updates.

Ivan
 
http://www.ioshints.info/about
http://blog.ioshints.info/

-----Original Message-----
From: Clue Store [mailto:cluestore () gmail com] 
Sent: Wednesday, August 19, 2009 5:13 PM
To: nanog () nanog org
Subject: OSPF vs IS-IS vs PrivateAS eBGP

Hi All,

I know this has been discussed probably many times on this 
list, but I was looking for some specifics about what others 
are doing in the following situations.

I would like to run an IGP (currently OSPF) to our customers 
that are multi-homed in a non-mpls environment. They are 
multi-homed with small prefixes that are swipped from my ARIN 
allocations. OSPF has been flaky at best under certain 
conditions and I am thinking of making the move to IS-IS.
I have also seen others going to private AS and running eBGP. 
This seems a bit much, but if it works, i'd make the move to 
it as I like bgp the most (all of the BGP knobs give me the 
warm and fuzzies :).

I'd also like to see what folks are using in a MPLS network?? 
OSPFv3 or IS-IS or right to MP-BGP and redist static from the 
CE to PE???

On and off list are welcome. I'll make a summary after I 
gather the info.

Thanks,
Clue

Current thread:

OSPF vs IS-IS vs PrivateAS eBGP Clue Store (Aug 19)
- Re: OSPF vs IS-IS vs PrivateAS eBGP Clue Store (Aug 19)
- Re: OSPF vs IS-IS vs PrivateAS eBGP Jack Bates (Aug 19)
- Re: OSPF vs IS-IS vs PrivateAS eBGP Nick Hilliard (Aug 19)
  - Re: OSPF vs IS-IS vs PrivateAS eBGP Clue Store (Aug 19)
    - Re: OSPF vs IS-IS vs PrivateAS eBGP Marko Milivojevic (Aug 19)
    - Re: OSPF vs IS-IS vs PrivateAS eBGP Joe Provo (Aug 20)
  - Re: OSPF vs IS-IS vs PrivateAS eBGP Randy Bush (Aug 20)
- Re: OSPF vs IS-IS vs PrivateAS eBGP Andy Davidson (Aug 20)
- RE: OSPF vs IS-IS vs PrivateAS eBGP Ivan Pepelnjak (Aug 20)
  - Re: OSPF vs IS-IS vs PrivateAS eBGP Roland Dobbins (Aug 20)
- Re: OSPF vs IS-IS vs PrivateAS eBGP Philip Smith (Aug 20)
  - Re: OSPF vs IS-IS vs PrivateAS eBGP Clue Store (Aug 20)
    - RE: OSPF vs IS-IS vs PrivateAS eBGP Ivan Pepelnjak (Aug 20)
    - Re: OSPF vs IS-IS vs PrivateAS eBGP Gary T. Giesen (Aug 20)
    - Re: OSPF vs IS-IS vs PrivateAS eBGP Steve Bertrand (Aug 20)
    - RE: OSPF vs IS-IS vs PrivateAS eBGP Ivan Pepelnjak (Aug 20)
    - Re: OSPF vs IS-IS vs PrivateAS eBGP Daniel Roesen (Aug 20)
    - Re: OSPF vs IS-IS vs PrivateAS eBGP Gary T. Giesen (Aug 20)
    - Re: OSPF vs IS-IS vs PrivateAS eBGP Randy Bush (Aug 20)

(Thread continues...)