ISIS and OSPF Network Design Comparisons and Considerations

  • Slides: 32
Download presentation
ISIS and OSPF: Network Design Comparisons and Considerations Roosevelt Ferreira Professional Services Engineer roosevelt@juniper.

ISIS and OSPF: Network Design Comparisons and Considerations Roosevelt Ferreira Professional Services Engineer roosevelt@juniper. net

Objectives Understand the protocol similarities and differences u Understand the strengths and weaknesses u

Objectives Understand the protocol similarities and differences u Understand the strengths and weaknesses u Make more informed design decisions u

ISOspeak 101 u Intermediate System (IS) u End System (ES) u Protocol Data Unit

ISOspeak 101 u Intermediate System (IS) u End System (ES) u Protocol Data Unit (PDU) u Subnetwork Point of Attachment (SNPA) u Link State PDU (LSP) u Routing Domain u Level 2 Area u Level 1 Area

Message Encoding: OSPF u Runs over IP (protocol number 89) u 32 -bit alignment

Message Encoding: OSPF u Runs over IP (protocol number 89) u 32 -bit alignment u Only LSAs are extensible u All OSPF speakers must recognize the extensions

Message Encoding: ISIS u Runs directly over data link u No alignment u All

Message Encoding: ISIS u Runs directly over data link u No alignment u All PDUs are extendable u Nested TLVs

Media Support u OSPF v Broadcast (LANs) v Point-to-Point v Point-to-Multipoint v NBMA u

Media Support u OSPF v Broadcast (LANs) v Point-to-Point v Point-to-Multipoint v NBMA u ISIS v Broadcast v Point-to-Point v No NBMA support

Router and Area IDs: OSPF u Router ID and Area ID specified separately u

Router and Area IDs: OSPF u Router ID and Area ID specified separately u Each is 32 -bit number u AID associated with interface u RID 1. Explicitly specified RID 2. Loopback address 3. Highest interface IP address

Router and Area IDs: ISIS u Area ID and Sys. ID (Router ID) specified

Router and Area IDs: ISIS u Area ID and Sys. ID (Router ID) specified in Network Entity Title (NET) u NSAP address format u In JUNOS™ Internet software, specified on loopback interface 1 1 -13 bytes Area ID 6 bytes byte System ID SEL Examples: 01. 0000. 23 a 5. 7 c 32. 00 49. 0001. 0000. 23 a 5. 7 c 32. 00 47. 0005. 80. 0000 a 7. 0000. ffdd. 0001. 0000. 23 a 5. 7 c 32. 00

Neighbor Discovery and Maintenance: OSPF u Hello Packets v Establish 2 -way communication v

Neighbor Discovery and Maintenance: OSPF u Hello Packets v Establish 2 -way communication v Advertise optional capabilities v DR/BDR election/discovery v Serve as keepalives v 10 s default hello interval, dead interval 4 X u Most Hello fields must match for adjacency v Area ID, authentication, network mask, Hello. Interval, Router. Dead. Interval, MTU, Options v Changing values causes adjacency disruption

Neighbor Discovery and Maintenance: ISIS u Hello Packets v Establish 2 -way communication v

Neighbor Discovery and Maintenance: ISIS u Hello Packets v Establish 2 -way communication v L 1, L 2, L 1/L 2 neighbor discovery v DR election/discovery v Serve as keepalives v 3 s JUNOS default hello interval, dead interval 3 X u Hellos padded to full MTU size (dubious) u Fewer matches necessary for adjacency v Hello and dead intervals can vary v Not even IP subnets must match!

Database Synchronization : OSPF u Database synchronization driven by state machine u Master/Slave election

Database Synchronization : OSPF u Database synchronization driven by state machine u Master/Slave election u Database synchronization v Database Description packets v Link State Request packets v Link State Update packets v Link State Acknowledgement packets

Database Synchronization: ISIS u Simple synchronization based on flooding of Sequence Number PDUs u

Database Synchronization: ISIS u Simple synchronization based on flooding of Sequence Number PDUs u CSNPs v Describe all LSPs in the database v Analogous to OSPF DD messages v Sent by DR every 10 seconds on broadcast networks v Sent every hour on point-to-point networks u PSNPs v Request missing or newer LSPs v Analogous to OSPF LS Request messages

Database Refresh: OSPF u LSA refresh every 30 minutes u Max. Age = 1

Database Refresh: OSPF u LSA refresh every 30 minutes u Max. Age = 1 hour u Up-counting timer u Design flaw: Cannot change Max. Age

Database Refresh: ISIS u LSP refresh every 15 minutes v Minus u LSP random

Database Refresh: ISIS u LSP refresh every 15 minutes v Minus u LSP random jitter timer of up to 25% Lifetime = 20 minutes (default) u Down-counting timer u LSP Lifetime configurable up to 18. 2 hours u Major reason ISIS scales better to large areas

Designated Routers: OSPF u Highest priority becomes DR v 0 -255, default 128 v

Designated Routers: OSPF u Highest priority becomes DR v 0 -255, default 128 v Highest router ID tie-breaker u Backup Designated Router v Speeds u DR recovery from failed DR cannot be preempted v So, the DR is usually the first active router u Adjacencies formed only with DR and BDR

Designated Routers (DIS): ISIS u Highest priority becomes DR v 0 -127, default 64

Designated Routers (DIS): ISIS u Highest priority becomes DR v 0 -127, default 64 v Highest MAC address tie-breaker u No Backup Designated Router u DR can be preempted v Adding a router to a LAN can cause temporary instability u Adjacencies formed with all routers on LAN, not just DR v Separate L 1 and L 2 adjacencies on same LAN

Area Structure: OSPF u Area boundaries fall on routers u Router types: v Interior

Area Structure: OSPF u Area boundaries fall on routers u Router types: v Interior (or backbone) v ABR v ASBR Area 1 ASBR Area 2 ABR/ ASBR Area 0 External Routes ASBR

Area Structure: ISIS u Area boundaries fall between routers u External reachability information in

Area Structure: ISIS u Area boundaries fall between routers u External reachability information in L 2 LSPs only Area 01 Area 02 u Router types: L 1 v L 1/L 2 v L 2 L 1/L 2 v L 1/L 2 External Routes L 2 Area 03 L 1

Metrics: OSPF Dimensionless metric u Large metric field u Type 1 LSA = 16

Metrics: OSPF Dimensionless metric u Large metric field u Type 1 LSA = 16 bits v Type 3, 4, 5, and 7 LSA = 24 bits v u Cost = Reference BW/ Interface BW v Default Reference BW = 100 Mbps v If (Ref BW/Interface BW) > 1, Cost = 1 v Cost can also be set arbitrarily v u External Metrics v Type 1 (E 1) = Assigned cost + cost to ASBR v Type 2 (E 2) = Assigned cost only

Metrics: ISIS Dimensionless metric u ISO 10589 defines 4 metric fields u v u

Metrics: ISIS Dimensionless metric u ISO 10589 defines 4 metric fields u v u Small 6 -bit metric field v v v u Default = 10 for all interfaces Maximum interface value = 64 Maximum route metric = 1023 Possible limited metric granularity in large networks Originally intended to simplify SPF calculation (irrelevant with modern CPUs) Wide Metrics v u Only default used in practice Extends metric field to 32 bits Metrics tagged as internal or external (I/E Bit)

LSA Scalability: OSPF u Famous “rules of thumb” carry little real meaning u 64

LSA Scalability: OSPF u Famous “rules of thumb” carry little real meaning u 64 KB maximum LSA size u Only Router (type 1) LSAs likely to grow large v 24 bytes of fixed fields v 12 bytes to represent each link v 5331 links, maximum (but isn’t this enough? ) u Types v One 3, 4, 5, 7 LSAs destination prefix per LSA v Be careful what you redistribute!

LSP Scalability: ISIS u Single LSP per router, per level u Fragmentation supported, but.

LSP Scalability: ISIS u Single LSP per router, per level u Fragmentation supported, but. . . v Maximum fragment size = 1470 bytes v Maximum number of fragments = 256 v …but isn’t this enough? u Be careful what you redistribute!

Stub Areas u Trade routing precision for improved scalability u OSPF v Stub areas

Stub Areas u Trade routing precision for improved scalability u OSPF v Stub areas eliminate type 5 LSA load v Totally stubby areas extend the concept v All area routers must understand stubbiness u ISIS v L 1 routers are “totally stubby” by default v Attached (ATT) set by L 1/L 2 router

ISIS Inter-Area Route Leaking u Why leak routes? v Improved routing precision v More

ISIS Inter-Area Route Leaking u Why leak routes? v Improved routing precision v More accurate BGP next-hop resolution v Using ISIS metric as BGP MED u L 1 -->L 2 route leaking happens by default v Internal routes only v External routes require policy u L 2 -->L 1 route leaking requires policy v Internal or external v Up/Down bit prevents looping

Not-So-Stubby Areas u OSPF feature v “Trick” to allow advertisement of external routes through

Not-So-Stubby Areas u OSPF feature v “Trick” to allow advertisement of external routes through stub areas (type 5 LSAs illegal) v All routers in area must understand type 7 LSAs u Similar function with ISIS v Using simple L 1 -->L 2 policy

NBMA Networks u OSPF v Point-to-Point v Point-to-Multipoint mode v NBMA mode (but why?

NBMA Networks u OSPF v Point-to-Point v Point-to-Multipoint mode v NBMA mode (but why? ) v P-T-MP and NBMA require manual specification of neighbor addresses u ISIS v No multipoint support v Must configure interfaces as logical P-T-Ps

Virtual Links u Useful for v Patching partitioned areas v Area migrations u Should

Virtual Links u Useful for v Patching partitioned areas v Area migrations u Should be a temporary solution! u Full OSPF support u No ISIS support v Specified in ISO 10589, but not implemented but major router vendors

Overload Bit u ISIS feature v Enables router to signal memory overload v No

Overload Bit u ISIS feature v Enables router to signal memory overload v No transit traffic sent to overloaded router v Set separately for Level 1 and Level 2 v Can be manually set, useful for graceful router turn-up u No comparable OSPF feature

Mesh Groups u ISIS feature (RFC 2973) v Can sharply curtail LSP flooding in

Mesh Groups u ISIS feature (RFC 2973) v Can sharply curtail LSP flooding in full-mesh topologies v Each router in mesh group receives only one copy of each LSP (one-hop flooding) v Risk of lost LSPs-- Insure design is robust enough! v Interfaces can be manually configured to block LSPs (increased scalability, but increased risk) u OSPF has no comparable feature

Security u Both protocols support authentication v Plain-text passwords (sniffable!) v MD 5 cryptographic

Security u Both protocols support authentication v Plain-text passwords (sniffable!) v MD 5 cryptographic hash u Authentication OSPF especially important with v Runs over IP, so subject to spoofing and other attacks u Non-IP secure v But nature makes ISIS inherently more authentication still a good idea

Conclusion u Both protocols are mature and stable (with the right vendor) u Both

Conclusion u Both protocols are mature and stable (with the right vendor) u Both protocols continue to be extended u Enterprise networks v IGP requirements can be complex v OSPF is a “no-brainer” u Service v IGP provider networks requirements usually simpler v Scalability, stability are paramount v Consider your requirements carefully, pick the protocol that fits

Thank You! roosevelt@juniper. net http: //www. juniper. net

Thank You! roosevelt@juniper. net http: //www. juniper. net