OSPF vs ISIS - Which do you prefer & why?

• Previous message (by thread): OSPF vs ISIS - Which do you prefer & why?
• Next message (by thread): OSPF vs ISIS - Which do you prefer & why?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Den 11/11/2016 kl. 11.20 skrev Mark Tinka:
>
>
> On 11/Nov/16 12:07, Baldur Norddahl wrote:
>
>> No filters. There are just no routes that will take a network packet that
>> arrive on an interface in VRF internet and move it to an interface in VRF
>> default without adding a MPLS header to mark the VRF. With the MPLS header
>> the packet type is no longer IPv4 but MPLS.
>>
>> Therefore there is no way you from the internet or from a customer link can
>> even attempt to inject packets that would be received by the OSPF process.
>> Since we use 10.0.0.0/8 and our vrf internet has no such route, you would
>> just get no route to host if you tried.
>
> Good for you.
>
> We don't run the whole "Internet in a VRF" architecture (too many 
> moving parts), so not having our IGP being exposed to IP helps :-).

Internet in a VRF just works and it is not at all complicated. I will 
recommend it for anyone which has the equipment that can do it. I do 
realise that not everyone can do this however.

I have not studied OSPFv3 in detail but it appears that only IPv6 link 
local addresses are used. Since that can not be routed, I do not think 
OSPFv3 exposes anything to the Internet. I would probably go with OSPFv3 
if I had to configure a network without VRF support.

If I was coding an OSPFv3 daemon I would make it bind only to link local 
addresses on interfaces, which will guarantee that no traffic is 
received from outsiders.

Regards,

Baldur

• Previous message (by thread): OSPF vs ISIS - Which do you prefer & why?
• Next message (by thread): OSPF vs ISIS - Which do you prefer & why?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]