View
218
Download
0
Category
Preview:
Citation preview
8/8/2019 OSPFvsISIS
1/48
IS-IS and OSPFA Comparative Anatomy
Dave Katz, Juniper Networks
8/8/2019 OSPFvsISIS
2/48
June 12, 2000
Overview
Protocol History
Nuts and Bolts
Scalability Issues
Pragmatic ConsiderationsConclusions
8/8/2019 OSPFvsISIS
3/48
June 12, 2000
Protocol History
8/8/2019 OSPFvsISIS
4/48
8/8/2019 OSPFvsISIS
5/48
June 12, 2000
Protocol History
1989
OSPF v.1 RFC published
Proteon ships OSPF
IS-IS becomes ISO proposed standard
Public bickering ensues--OSPF and IS-IS areblessed as equals by IETF, with OSPFsomewhat more equal
Private cooperation improves both protocols
1990
Dual-mode IS-IS RFC published
8/8/2019 OSPFvsISIS
6/48
June 12, 2000
Protocol History
1991
OSPF v.2 RFC published
Cisco ships OSPF
Cisco ships OSI-only IS-IS1992
Cisco ships dual IS-IS (part of DEC Brouter)
Lots of OSPF deployed, but very little IS-IS
1993Novell publishes NLSP (IPX IS-IS knockoff)
8/8/2019 OSPFvsISIS
7/48
June 12, 2000
Protocol History
1994
Cisco ships NLSP (rewriting IS-IS as sideeffect)
Large ISPs need an IGP; IS-IS is recommendeddue to recent rewrite and OSPF field experience(and to lesser extent, NSF CLNP mandate)
1995
ISPs begin deployment of IS-IS, Ciscoimplementation firms up, protocol starts tobecome popular in niche
8/8/2019 OSPFvsISIS
8/48
June 12, 2000
Protocol History
1996-1998
IS-IS niche popularity continues to grow (someISPs switch to it from OSPF)
IS-IS becomes barrier to entry for routervendors targeting large ISPs
Juniper and other vendors ship IS-IS capablerouters
1999-2000
Extensions continue for both protocols (e.g,Traffic Engineering)
8/8/2019 OSPFvsISIS
9/48
June 12, 2000
Nuts and Bolts
8/8/2019 OSPFvsISIS
10/48
June 12, 2000
Nuts and Bolts
10,000 foot view
Protocols are recognizably similar in functionand mechanism (unsurprising, given commonheritage)
Link state algorithms (network map isdistributed, each router calculates routesindependently based on the map)
Two level hierarchies
Designated Router on LANs
Widely deployed (for some value of wide)
Multiple interoperable implementations
8/8/2019 OSPFvsISIS
11/48
June 12, 2000
Nuts and Bolts
10,000 foot view
OSPF is for the most part more optimized(and therefore significantly more complex)
IS-IS was not designed from the start as an IProuting protocol (and is therefore a bit clunkyin places)
8/8/2019 OSPFvsISIS
12/48
June 12, 2000
Nuts and Bolts
Encapsulation
OSPF runs on top of IP
Traditional IP routing protocol approach
Allows virtual links (if you like them)Relies on IP fragmentation for large LSAs
Subject to spoofing and DoS attacks (use ofauthentication is strongly advised)
Allows use of ATM VCmux encapsulation (soTCP acks fit in one ATM cell)
8/8/2019 OSPFvsISIS
13/48
June 12, 2000
Nuts and Bolts
Encapsulation
IS-IS runs directly over L2 (next to IP)
Sort of makes sense, architecturally
Partition repair requires tunneling (rarelyimplemented)
More difficult to spoof or attack
More difficult to implement in someenvironments
Requires ATM SNAP encapsulation, forcingtwo-cell TCP acks (but Henk Smits NLPIDhack fixes this)
8/8/2019 OSPFvsISIS
14/48
June 12, 2000
Nuts and Bolts
Media support
Both protocols support LANs and point-to-pointlinks in similar ways
IS-IS has no direct NBMA support--expects O/Sto present NBMA network as either pseudo-LAN(bad idea) or set of point-to-point links
OSPF NBMA mode is configuration-heavy andrisky (all routers must be able to reach DR; bad
news if VC fails)OSPF P2MP mode models NBMA as point-to-
point links (if O/S wont help)
8/8/2019 OSPFvsISIS
15/48
June 12, 2000
Nuts and Bolts
Packet Encoding
OSPF is efficiently encoded
Positional fields
Holy 32-bit alignment provides tidy packetpictures, but not much else
Only LSAs are extensible (not Hellos, etc.)
Unrecognized LSA types not flooded (thoughopaque LSAs can suffice, if implementeduniversally, and IS-IS-like encoding canprovide good granularity)
8/8/2019 OSPFvsISIS
16/48
June 12, 2000
Nuts and Bolts
Packet Encoding
IS-IS is mostly Type-Length-Value encoded
No particular alignment
Extensible from the start (unknown typesignored but still flooded)
All packet types are extensible
Nested TLVs provide structure for moregranular extension (though base spec doesnot use them; OSPF is starting to do so)
8/8/2019 OSPFvsISIS
17/48
June 12, 2000
Nuts and Bolts
Area Architecture
Both protocols support two-level hierarchy ofareas (to reduce SPF graph complexity, andpotentially to allow route aggregation)
OSPF area boundaries fall within a router
Interfaces bound to areas
Router may be in many areas
Router must calculate SPF per area
8/8/2019 OSPFvsISIS
18/48
June 12, 2000
Nuts and Bolts
Area Architecture
IS-IS area boundaries fall on links
Router is in only one area, plus perhaps theL2 backbone (area)
Biased toward large areas, area migration
Requires router per area (unless multiplevirtual routers are implemented)
Historically proven somewhat difficult forusers to grasp
Little or no multilevel deployment (large flatareas work so far)
8/8/2019 OSPFvsISIS
19/48
June 12, 2000
Nuts and Bolts
Database Granularity
OSPF database node is an LSAdvertisement
LSAs are mostly numerous and small (oneexternal per LSA, one summary per LSA)
Network and Router LSAs can become large
LSAs grouped into LSUpdates duringflooding
LSUpdates are built individually at each hop
Small changes can yield small packets (butRouter, Network LSAs can be large)
8/8/2019 OSPFvsISIS
20/48
June 12, 2000
Nuts and Bolts
Database Granularity
IS-IS database node is an LSPacket
LSPs are clumps of topology informationorganized by the originating router
Always flooded intact, unchanged across allflooding hops (so LSP MTU is anarchitectural constant--it must fit across alllinks)
Small topology changes always yield entireLSPs (though packet size turns out to bemuch less of an issue than packet count)
Implementations can attempt clever packing
8/8/2019 OSPFvsISIS
21/48
June 12, 2000
Nuts and Bolts
Neighbor Establishment
Both protocols use periodic multicast Hellopackets, I heard you mechanism to establish2-way communication
Both protocols have settable hello/holdingtimers to allow tradeoff between stability,overhead, and responsiveness
OSPF requires hello and holding timers to
match on all routers on the same subnet (sideeffect of DR election algorithm) making itdifficult to change timers without disruption
8/8/2019 OSPFvsISIS
22/48
June 12, 2000
Nuts and Bolts
Neighbor Establishment
IS-IS requires padding of Hello packets to fullMTU size under some conditions (to detectmedia with MTUs smaller than 1497 bytes)--
this is effectively useless and causes needlesssupport calls (deprecated in practice)
OSPF requires routers to have matching MTUsin order to become adjacent (or LSA flooding
may fail, since LSUpdates are built at each hopand may be MTU-sized)
8/8/2019 OSPFvsISIS
23/48
June 12, 2000
Nuts and Bolts
Neighbor Adjacency Establishment
The goal--synchronize databases
The method--tell your neighbor everythingyouve got
You (or your neighbor) will figure out whatyoure missing and make sure that you get it
Each protocols approach is driven by databasegranularity
8/8/2019 OSPFvsISIS
24/48
June 12, 2000
Nuts and Bolts
Neighbor Adjacency Establishment
OSPF uses complex, multistate process tosynchronize databases between neighbors
Intended to minimize transient routingproblems by ensuring that a newborn routerhas nearly complete routing informationbefore it begins carrying traffic
Accounts for a significant portion of OSPFs
implementation complexityPartially a side effect of granular database(requires many DBD packets)
8/8/2019 OSPFvsISIS
25/48
June 12, 2000
Nuts and Bolts
Neighbor Adjacency Establishment
IS-IS essentially uses its regular floodingtechniques to synchronize neighbors (thatswhat flooding naturally does)
Coarse database granularity makes this easy(just a few CSNPs)
Transient routing issues can be reduced(albeit nondeterministically) by judicious use
of the overload bit (one of a number ofopportunistic hacks)
8/8/2019 OSPFvsISIS
26/48
June 12, 2000
Nuts and Bolts
Designated Routers and Adjacency
Both protocols elect a designated router onmultiaccess networks to remove O(N^2) linkproblem (by creating a pseudonode) and to
reduce flooding traffic (DR ensures floodingreliability)
OSPF elects both a DR and a Backup DR, eachof which becomes adjacent with all other
routersBDR takes over if DR fails
DRship is sticky, not deterministic
Complex algorithm
8/8/2019 OSPFvsISIS
27/48
June 12, 2000
Nuts and Bolts
Designated Routers and Adjacency
In IS-IS all routers are adjacent (but adjacencyis far less stateful)
If DR dies, new DR must be elected, withshort connectivity loss (synchronization isfast)
DRship is deterministic (highest priority,highest MAC address always wins)
DRship can be made sticky by cool NLSPpriority hack (DR increases its DR priority)
8/8/2019 OSPFvsISIS
28/48
June 12, 2000
Nuts and Bolts
LAN Flooding
OSPF uses multicast send, unicast ack from DR
Reduces flood traffic by 50% (uninteresting)
Requires per-neighbor state (forretransmissions)
Interesting (but complex) acknowledgementsuppression
Flood traffic grows as O(N)
8/8/2019 OSPFvsISIS
29/48
June 12, 2000
Nuts and Bolts
LAN Flooding
IS-IS uses multicast LSP from all routers, CSNPfrom DR
Periodic CSNPs ensure databases are synced(tractable because of coarse databasegranularity)
Flood traffic constant regardless of numberof neighbors on LAN
But big LANs are uninteresting
8/8/2019 OSPFvsISIS
30/48
June 12, 2000
Nuts and Bolts
Routes and Metrics
IS-IS base spec used 6-bit metrics on links
Allowed an uninteresting SPF optimization(CPUs are fast these days)
Proved difficult to assign meaningful metricsin large networks
Wide metric extension addresses this
Dual IS-IS spec advertises only default into L1
areas
Interarea traffic routed suboptimally
Route leaking extension addresses this
8/8/2019 OSPFvsISIS
31/48
June 12, 2000
Nuts and Bolts
Authentication and Security
Both support cryptographic authentication
OSPF really needs this (packet bombs)
Successful IGP attacks will be catastrophic (orworse, subtle)
Use packet filtering, particularly with OSPF
8/8/2019 OSPFvsISIS
32/48
June 12, 2000
Nuts and Bolts
MPLS Traffic Engineering extensions
Protocols carry around TE link information(available bandwidth, link color, etc.) on behalfof MPLS but dont use the data themselves
TE functionality is identical for the twoprotocols (by design)
TE functions are IGP-independent, somechanisms ought to be identical
8/8/2019 OSPFvsISIS
33/48
June 12, 2000
Scalability Issues
8/8/2019 OSPFvsISIS
34/48
June 12, 2000
Scalability Issues
Database Size
OSPF topologies limited by Network and RouterLSA size (max 64KB) to O(5000) links
External and Interarea routes are essentially
unbounded
IS-IS topologies limited by LSP count (256fragments * 1470 bytes) for all route types
Various hacks (fake pseudonodes, etc.)
could make this biggerUltimately a non-issue for even slightly sane
topologies
8/8/2019 OSPFvsISIS
35/48
June 12, 2000
Scalability Issues
Database Churn
Both protocols have time-limited databaseentries and therefore require refreshing
IS-IS lifetime field is 16 bits, giving 18.7-hour
lifetimes (with refresh times close to this)
OSPF age (counts up) has an architecturallifetime limit of 1 hour (80,000 LSAs yield arefresh every 23 milliseconds)
Do-not-age LSAs are not backwardcompatible
Dont inject zillions of routes into your IGP
8/8/2019 OSPFvsISIS
36/48
June 12, 2000
Scalability Issues
Flooding load--the only serious issue
Full-mesh topologies are worst-case for both
N^2 copies of each update (each of which isO(N) in size)
Link failure: O(N^3) information
Router failure: O(N^4) information
IS-IS mesh group hack provides backward-compatible way of pruning flooding topology
OSPF has no solution without protocol change
8/8/2019 OSPFvsISIS
37/48
June 12, 2000
Pragmatic Considerations
8/8/2019 OSPFvsISIS
38/48
June 12, 2000
Pragmatic Considerations
OSPF spec is an excellent implementationguide
If followed to the letter, a working, if nave,implementation will likely result
Spec is complex but has almost no whyinformation, so other (potentially morescalable) implementation approaches are at theimplementors own risk
Barrier to entry in high-end router market (youneed to know the protocol intuitively)
8/8/2019 OSPFvsISIS
39/48
June 12, 2000
Pragmatic Considerations
IS-IS spec uses arcane ISOspeak and hasvery few implementation hints
Spec is inherently simple (once you get thelingo), with fewer implementation issues
Boilerplate at front and back of spec meansthat you can lose pages without affectingcontent
Barrier to entry in high-end router market (you
need to know the protocol intuitively)
8/8/2019 OSPFvsISIS
40/48
June 12, 2000
Pragmatic Considerations
Extensibility
Despite anti-OSI FUD, IS-IS has proven mucheasier politically to extend (primarily due tosmall constituency and IETF disinterest)
Self-interest of router vendors and large ISPsbrings extensions more quickly in IS-IS andpromotes implementation stability, scalability,and interoperability
8/8/2019 OSPFvsISIS
41/48
June 12, 2000
Pragmatic Considerations
ExtensibilityOSPFs encoding scheme difficult to extend
Difficult compatibility issues
Explicitly and proudly optimized for IPv4
IPv6 requires a completely new protocol
IS-IS encoding inefficient and simple-minded
But proven to be easy to extend, at least insome ways
IPv6-Ready (also IPX-Ready)
8/8/2019 OSPFvsISIS
42/48
June 12, 2000
Pragmatic Considerations
OptimalityOSPF was optimized for things that dont
matter any more (link bandwidth, CPUalignment)
IS-IS was optimized for things that dontmatter any more (large LANs, SPF cost)
Optimizations turn out to add complexity butnot much value
A lot has changed in 10 years...
8/8/2019 OSPFvsISIS
43/48
June 12, 2000
Pragmatic Considerations
OSPF is much more widely understood Broadly deployed in enterprise market
Many books of varying quality available
Preserves our investment in terminology
IS-IS is well understood within a niche
Broadly deployed within the large ISP market
Folks who build very large, very visible
networks are comfortable with it
8/8/2019 OSPFvsISIS
44/48
June 12, 2000
Conclusions
8/8/2019 OSPFvsISIS
45/48
June 12, 2000
Conclusions
For all but extreme cases (large full-meshnetworks), protocols are pretty muchequivalent in scalability and functionality
Stability and scalability are largelyartifacts of implementation, not protocoldesign
Familiarity and comfort in both
engineering and operations is probably thebiggest factor in choosing
8/8/2019 OSPFvsISIS
46/48
June 12, 2000
Conclusions
Does the world really need two protocols?Nearly complete overlap in functionality means
(ironically) that few people are motivated toswitch
Entrenched constituencies (large ISPs;everyone else) ensure that installed bases willcontinue to exist
As long as there are two, people will never
agree on only oneNot even the oft-predicted demise of IPv4 will
suffice
8/8/2019 OSPFvsISIS
47/48
June 12, 2000
Conclusions
Both protocols are over 10 years old, usinggraph theory thats at least 40 years old
Both protocols are (even still) works in
progressCherish Diversity (and job security)
Theyre both good protocols
Use the one that makes the most sense to
you
8/8/2019 OSPFvsISIS
48/48
http://www.juniper.net
Recommended