IGP choice

sthaug at nethelp.no sthaug at nethelp.no
Thu Oct 22 20:57:02 UTC 2015

> > The differences between the two protocols are so small, that people
> > really grasp at straws when 'proving' that one is better over the
> > other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses
> > TLVs so new features are quicker to implement'. While these may be
> > vaguely valid arguments, they don't hold much water. If you don't
> > secure your routers to bad actors forming OSPF adjacencies with you,
> > you're doing something wrong.Who is running code that is so bleeding
> > edge that feature X might be available for IS-IS, but not OSPF?
> >
> > Chose whichever you and your operational team are most comfortable
> > with, and run with it.

Basic point I very much agree with. However, if that was all there
was to it, nobody would ever switch from OSPF to IS-IS or vice versa

> OSPFv3 scaled better than OSPFv2 in 2008. But multi-AF support for
> OSPFv3 was only developing then, so that was not a viable replacement
> for OSPFv2.
> OSPFv2 should scale better in 2015 (I say "should" because more routers
> now have x86-based control planes, but I don't run OSPF so I'm hand-waving).
> You're right, a single Level-2 domain in IS-IS is akin to a single Area
> 0 in OSPF. But those "so small" differences between the protocols in
> 2008 meant I was less eager to try the single area with OSPF than I was
> the single level with IS-IS.

Some points I've noticed - YMMV.

- Needing OSPFv3 for IPv6 when you're alredy running OSPFv2 for IPv4
is less than optimal. I believe nowadays several vendors support
OSPFv3 for both IPv4 and IPv6 - but this is not universal.

- Probably mostly due to large operators running IS-IS, new features
are more likely to show up first in IS-IS.

- OSPFv3 security depends on IPsec, while IS-IS uses MD5. You could
certainly argue that MD5 is starting to get long in the tooth - on the
other hand, it's significantly better than nothing, and significantly
less complex than IPsec.

- We still have a few cases of needing OSPF towards customers. IS-IS
as core IGP makes it slightly easier to ensure that core routing and
customer routing are never mixed.

I see no reason to mention anything about scaling, since I believe the
protocols (both OSPF and IS-IS) nowadays scale to much larger topologies
than we're likely to need.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no

More information about the NANOG mailing list