OSPF vs ISIS - Which do you prefer & why?

Mark Tinka mark.tinka at seacom.mu
Fri Nov 11 05:41:40 UTC 2016


On 10/Nov/16 21:43, Baldur Norddahl wrote:

>
> And at the day work I also prefer OSPFv2 simply because I do not need
> more protocols in the stack. We are running a MPLS network with the
> internet service in a L3VPN. IPv6 is also in the L3VPN. This means the
> underlying network is pure IPv4 and totally isolated from the
> internet. Why make it more complicated by introducing something that
> is not IP based?

I'd counter that "Why not make it less complicating by removing an
easily-reachable attack vector?"

Sure, you can easily protect your OSPF domain from external attack, but
that's something your router CPU and/or data plane would have to deal
with it had to, and we've all seen situations where filters break in
certain code for various reasons. Or vendors change the way filtering
works in newer code without properly notifying customers about such changes.

Mark.



More information about the NANOG mailing list