nanog mailing list archives

Re: IGP choice

From: sthaug () nethelp no
Date: Thu, 22 Oct 2015 22:57:02 +0200 (CEST)

The differences between the two protocols are so small, that people
really grasp at straws when 'proving' that one is better over the
other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses
TLVs so new features are quicker to implement'. While these may be
vaguely valid arguments, they don't hold much water. If you don't
secure your routers to bad actors forming OSPF adjacencies with you,
you're doing something wrong.Who is running code that is so bleeding
edge that feature X might be available for IS-IS, but not OSPF?

Chose whichever you and your operational team are most comfortable
with, and run with it.


Basic point I very much agree with. However, if that was all there
was to it, nobody would ever switch from OSPF to IS-IS or vice versa
:-)

OSPFv3 scaled better than OSPFv2 in 2008. But multi-AF support for
OSPFv3 was only developing then, so that was not a viable replacement
for OSPFv2.

OSPFv2 should scale better in 2015 (I say "should" because more routers
now have x86-based control planes, but I don't run OSPF so I'm hand-waving).

You're right, a single Level-2 domain in IS-IS is akin to a single Area
0 in OSPF. But those "so small" differences between the protocols in
2008 meant I was less eager to try the single area with OSPF than I was
the single level with IS-IS.


Some points I've noticed - YMMV.

- Needing OSPFv3 for IPv6 when you're alredy running OSPFv2 for IPv4
is less than optimal. I believe nowadays several vendors support
OSPFv3 for both IPv4 and IPv6 - but this is not universal.

- Probably mostly due to large operators running IS-IS, new features
are more likely to show up first in IS-IS.

- OSPFv3 security depends on IPsec, while IS-IS uses MD5. You could
certainly argue that MD5 is starting to get long in the tooth - on the
other hand, it's significantly better than nothing, and significantly
less complex than IPsec.

- We still have a few cases of needing OSPF towards customers. IS-IS
as core IGP makes it slightly easier to ensure that core routing and
customer routing are never mixed.

I see no reason to mention anything about scaling, since I believe the
protocols (both OSPF and IS-IS) nowadays scale to much larger topologies
than we're likely to need.

Steinar Haug, Nethelp consulting, sthaug () nethelp no

Current thread:

RE: IGP choice, (continued)
- - - RE: IGP choice Jameson, Daniel (Oct 23)
    - Re: IGP choice Pablo Lucena (Oct 23)
    - Re: IGP choice Mikael Abrahamsson (Oct 23)
    - Re: IGP choice marcel.duregards () yahoo fr (Oct 26)
- Re: IGP choice Mark Tinka (Oct 22)
  - RE: IGP choice Damien Burke (Oct 22)
    - RE: IGP choice Steve Mikulasik (Oct 22)
    - Re: IGP choice Randy via NANOG (Oct 22)
  - Re: IGP choice Dave Bell (Oct 22)
    - Re: IGP choice Mark Tinka (Oct 22)
    - Re: IGP choice sthaug (Oct 22)
    - Re: IGP choice Baldur Norddahl (Oct 22)
    - Re: IGP choice Pablo Lucena (Oct 22)
    - Re: IGP choice A . L . M . Buxey (Oct 22)
    - Re: IGP choice thomas nanog (Oct 22)
    - Re: IGP choice Bill Blackford (Oct 22)
    - Re: IGP choice Mark Tinka (Oct 22)
    - Re: IGP choice Saku Ytti (Oct 23)
    - Re: IGP choice Mark Tinka (Oct 23)
    - Re: IGP choice Saku Ytti (Oct 23)
    - Re: IGP choice Mikael Abrahamsson (Oct 23)

(Thread continues...)