Looking for information on IGP choice in dual-stack networks

Tore Anderson tore at fud.no
Fri Jun 5 12:00:39 CEST 2015


* Philip Matthews <philip_matthews at magma.ca>

> We are looking particularly at combinations of the following IGPs:
> IS-IS, OSPFv2, OSPFv3, EIGRP.

We're using OSPFv2 and OSPFv3 as ships in the night for IPv4 and IPv6,
respectively. That said, somewhere far down in the darkest depths of my
TODO list I have an item about investigating the possibility of
replacing OSPFv2 for IPv4 with OSPFv3 + RFC 5838. I see this
possibility is briefly mentioned in your I-D - if you're able to gather
more information about the viability of such a solution, that would be
a very valuable addition to the I-D, I think.

As an aside, I can mention that we're using AH for OSPFv3
authentication. I sometimes see people saying AH is never used for
anything anymore and should be deprecated, but I'm not sure if there
are any real alternatives to AH for securing OSPFv3?

> If you run something else (RIP?) then we would also like to hear
> about this, though we will likely document these differently. [We
> suspect you run RIP/RIPng only at the edge for special situations,
> but feel free to correct us].

Indeed, we run RIPv2 and RIPng on the edge to allow certain
customer systems to advertise service addresses that can move between
locations for redundancy reasons (or anycasted services). These
advertisements get immediately turned into external routes in OSPF (in
other words we do not have a RIP topology). To get speedy failover we
lower the RIP timers as low as they can go, and have the customers send
updates every second. Using BFD would be an alternative to lowering
timers, but we haven't yet been able to deploy that because BIRD (which
we're typically using on the customer systems) doesn't support BFD for
RIP.

I do feel rather dirty using RIP in 2015, so I would be interested in
hearing about any alternatives approaches folks are using. We're not
using BGP because we'd have to pre-configure every neighbour on the
upstream router (not useful in dynamic or "cloudy" environments), nor
OSPF because we need the ability to filter out invalid advertisements
from the customer systems.

Tore



More information about the ipv6-ops mailing list