Looking for information on IGP choice in dual-stack networks
philip_matthews at magma.ca
Fri Jun 5 19:12:49 CEST 2015
On 2015-06-05, at 6:00 , Tore Anderson wrote:
> * Philip Matthews <philip_matthews at magma.ca>
>> We are looking particularly at combinations of the following IGPs:
>> IS-IS, OSPFv2, OSPFv3, EIGRP.
> We're using OSPFv2 and OSPFv3 as ships in the night for IPv4 and IPv6,
Can you give me a rough idea of how many routers run this combination of protocols? Feel free to unicast me if you don't want to say on the mailing list.
> That said, somewhere far down in the darkest depths of my
> TODO list I have an item about investigating the possibility of
> replacing OSPFv2 for IPv4 with OSPFv3 + RFC 5838. I see this
> possibility is briefly mentioned in your I-D - if you're able to gather
> more information about the viability of such a solution, that would be
> a very valuable addition to the I-D, I think.
So far, I have not heard of anyone who runs this combination. The support for this is still pretty new. I know that my company (Alcatel-Lucent) has only supported it for about a year and I have not had a chance yet to play with it personally. But indeed, part of this survey effort is to gather information on combinations like this and document our aggregated findings in the I-D.
> As an aside, I can mention that we're using AH for OSPFv3
> authentication. I sometimes see people saying AH is never used for
> anything anymore and should be deprecated, but I'm not sure if there
> are any real alternatives to AH for securing OSPFv3?
You can also use Encapsulating Security Payload for authentication -- at least on ALU routers, don't know about support on other vendors.
>> If you run something else (RIP?) then we would also like to hear
>> about this, though we will likely document these differently. [We
>> suspect you run RIP/RIPng only at the edge for special situations,
>> but feel free to correct us].
> Indeed, we run RIPv2 and RIPng on the edge to allow certain
> customer systems to advertise service addresses that can move between
> locations for redundancy reasons (or anycasted services). These
> advertisements get immediately turned into external routes in OSPF (in
> other words we do not have a RIP topology). To get speedy failover we
> lower the RIP timers as low as they can go, and have the customers send
> updates every second. Using BFD would be an alternative to lowering
> timers, but we haven't yet been able to deploy that because BIRD (which
> we're typically using on the customer systems) doesn't support BFD for
> I do feel rather dirty using RIP in 2015, so I would be interested in
> hearing about any alternatives approaches folks are using. We're not
> using BGP because we'd have to pre-configure every neighbour on the
> upstream router (not useful in dynamic or "cloudy" environments), nor
> OSPF because we need the ability to filter out invalid advertisements
> from the customer systems.
You are not the only one still using RIP on the edge. A number of large cable providers are also using RIP to talk to cable modems and looking at deploying RIPng. One of our goals is try to document the places that people are using RIP.
More information about the ipv6-ops