> > The differences between the two protocols are so small, that people > > really grasp at straws when 'proving' that one is better over the > > other. 'IS-IS doesn't work over IP, so its more secure'. 'IS-IS uses > > TLVs so new features are quicker to implement'. While these may be > > vaguely valid arguments, they don't hold much water. If you don't > > secure your routers to bad actors forming OSPF adjacencies with you, > > you're doing something wrong.Who is running code that is so bleeding > > edge that feature X might be available for IS-IS, but not OSPF? > > > > Chose whichever you and your operational team are most comfortable > > with, and run with it.
Basic point I very much agree with. However, if that was all there was to it, nobody would ever switch from OSPF to IS-IS or vice versa :-) > OSPFv3 scaled better than OSPFv2 in 2008. But multi-AF support for > OSPFv3 was only developing then, so that was not a viable replacement > for OSPFv2. > > OSPFv2 should scale better in 2015 (I say "should" because more routers > now have x86-based control planes, but I don't run OSPF so I'm hand-waving). > > You're right, a single Level-2 domain in IS-IS is akin to a single Area > 0 in OSPF. But those "so small" differences between the protocols in > 2008 meant I was less eager to try the single area with OSPF than I was > the single level with IS-IS. Some points I've noticed - YMMV. - Needing OSPFv3 for IPv6 when you're alredy running OSPFv2 for IPv4 is less than optimal. I believe nowadays several vendors support OSPFv3 for both IPv4 and IPv6 - but this is not universal. - Probably mostly due to large operators running IS-IS, new features are more likely to show up first in IS-IS. - OSPFv3 security depends on IPsec, while IS-IS uses MD5. You could certainly argue that MD5 is starting to get long in the tooth - on the other hand, it's significantly better than nothing, and significantly less complex than IPsec. - We still have a few cases of needing OSPF towards customers. IS-IS as core IGP makes it slightly easier to ensure that core routing and customer routing are never mixed. I see no reason to mention anything about scaling, since I believe the protocols (both OSPF and IS-IS) nowadays scale to much larger topologies than we're likely to need. Steinar Haug, Nethelp consulting, sth...@nethelp.no