The Service Provider IGP Question: OSPF or Integrated IS-IS?

(Moved from my old blog, http://packetrancher.com, which I decided I didn’t have the time for so shuttered in 2011. This was one of the few blogs posts worth saving from it.)

I had a choice to make recently in the decision of which open standards based IGP Routing protocol (i.e. NOT EIGRP) to chose between, OSPF or Integrated IS-IS.  If you look out there on the Internets, you’ll find many, many different discussions about which one to go with.  There are a lot of engineers who think IS-IS is dead and that no one uses it anymore, often times confusing it with IGRP (which SHOULDN’T be used anymore).  That is far from the truth as most large networks have used IS-IS for years and many others switch to it all the time.

There are positives and negatives to both OSPF and IS-IS as you’d expect, but they are very similar protocols.  First, lets get a run down of some of the facets and features of each:

OSPF

  • Version 1 became RFC 1131 in October 1989
  • Uses Dijkstra’s Algorithm to determine shortest path
  • Distributes routing updates/information with LSA (Link State Advertisement)
  • Runs over Internet Protocol (IP)
  • Supports Non-Broadcast Multi-Access Networks (NBMA) and Point to Multi-Point (P2MP) in addition to Point to Point (P2P) and Broadcast
  • Partitioned into ‘Areas’ where Area 0 is the backbone that connects all other areas.
  • IPv6 support: Added with re-written version 3 of the protocol

Integrated IS-IS

  • Published as RFC 1195 in December 1990
  • Uses Dijkstra’s Algorithm to determine shortest path
  • Distributes routing updates/information with LSP (Link State Packet)
  • Runs over ConnectionLess Network Protocol (CLNP)
  • Unnumbered Broadcast in addition to Point to Point (P2P) and Broadcast. No NBMA or P2MP
  • Possible to be partitioned into ‘Levels’ where Level 2 is the backbone that interconnects all other Level 1 areas
  • IPv6 support:  Was added with a Type-Length-Value (TLV) addition to the protocol

As you can see, a lot of similarities.  In fact, when most network engineers who have experience in both are asked which they would recommend, they say it really comes down to preference because they are so similar.  Which protocol are your engineers accustomed to using and troubleshooting with?  That’s the one to go with.  I think it’s a little more involved than that, but from an network operations perspective I guess that could be a determining factor.

In evaluating my network to see which is going to be the best long term fit, I’ve come to the conclusion that Integrated IS-IS is the right choice for me.  There are a number of reasons why I came to this conclusion.

  1. Security – IS-IS runs in CLNP, not IP.  This means it is not as vulnerable to IP spoofing or other denial of service attacks that could affect OSPF.  Also if you run MPLS VPNs with OSPF in them, you’re less likely to have a NOC engineer accidentally add a customer to your core OSPF topology.
  2. Modularity – Equipment vendors can easily add newer protocols or features into IS-IS with the addition of new TLVs and sub-TLVs.  OSPF has historically required a re-write from the ground up to add support for protocols such as IPv6.
  3. Reputation – There is a very high opinion of IS-IS within engineering circles as being rock solid, quick converging and a very predictable IGP.  Granted, this is hearsay from my colleagues at other service providers, but I consider their opinion very valid.
  4. Simplification – I like the idea of keeping things simple so running IS-IS as both my IPv4 and IPv6 IGP is attractive.  In an OSPF world, that would require two routing instances, one for OSPFv2 routing IPv4 and the other for OSPFv3 routing IPv6.  I also think OSPF has too many knobs to play with that can let operators get a little carried away to make their networks more complicated than necessary.
  5. Vendor Focus – IS-IS is used predominantly and almost exclusively in the service provider space.  This creates a laser like focus of features and development on what service providers need.

So am I saying Integrated IS-IS is the best interior routing protocol ever invented that everyone should use?  By no means.  As with most comparisons of technologies so close to each other in operation, it comes down to the application of the technology.  Make sure you dig into the subject matter to get a good understanding so that you can really make a business case for your solution.  In decisions like the choice of an IGP, it’s something you are likely going to be stuck with for some time.  To swap it out for another protocol can be an absolute bitch to plan, test and change especially as the network grows.  It’s best to build it once so that it is stable and scales in YOUR environment.

Here’s a few great resources on the subject of ISIS vs. OSPF if you’re interested to read more: