Mailing List Archive

We run a couple hundred routers in our network, all dual-stacked.

Primarily, we use IS-IS as our IGP, supporting both IPv4 and IPv6
address families.

However, due to poor IS-IS support in Quagga, we run OSPFv2 and OSPFv3
between servers that offer Anycast-based services (DNS, NTP, TACACS+,
e.t.c.) and our service routers that route for them. We then
redistribute (restrictively) from OSPFv2 and OSPFv3 into IS-IS to get
those routes into the backbone.

Quagga had a few issues back in March with an update that broke OSPFv3.
There was an interim hack in March, and a full fix in April for that
issue. So one wants to be on quagga-0.99.24.1_1 or later.

All works well.

IPv4 traffic is MPLS-switched, while IPv6 traffic is carried natively in
the core. We've started deploying router code that supports LDPv6, but
that's another story.

Mark.

On 4/Jun/15 17:02, Philip Matthews wrote:
> Folks:
>
> We are the co-authors of an Internet-Draft of some design choices
> people need to make when designing IPv6 and dual-stack networks
> (https://tools.ietf.org/html/draft-ietf-v6ops-design-choices).
>
> We are looking for information on the IGP combinations people are
> running in their dual-stack networks. We are gathering this
> information so we can document in our draft which IGP choices are
> known to work well (i.e., people actually run this combination in
> production networks without issues). The draft will not name names,
> but just discuss things in aggregate: for example, "there are 3 large
> and 2 small production networks that run OSPF for IPv4 and IS-IS for
> IPv6, thus that combination is judged to work well".
>
> If you have a production dual-stack network, then we would like to
> know which IGP you use to route IPv4 and which you use to route IPv6.
> We would also like to know roughly how many routers are running this
> combination. Feel free to share any successes or concerns with the
> combination as well.
>
> We are looking particularly at combinations of the following IGPs:
> IS-IS, OSPFv2, OSPFv3, EIGRP.
> If you run something else (RIP?) then we would also like to hear about
> this, though we will likely document these differently. [.We suspect
> you run RIP/RIPng only at the edge for special situations, but feel
> free to correct us].
>
> And if you have one of those modern networks that carries dual-stack
> customer traffic in a L3VPN or similar and thus don’t need a
> dual-stacked core, then please email us and brag ...
>
> Philip Matthews
> Victor Kuarsingh
>

* Philip Matthews <philip_matthews@magma.ca>

> We are looking particularly at combinations of the following IGPs:
> IS-IS, OSPFv2, OSPFv3, EIGRP.

We're using OSPFv2 and OSPFv3 as ships in the night for IPv4 and IPv6,
respectively. That said, somewhere far down in the darkest depths of my
TODO list I have an item about investigating the possibility of
replacing OSPFv2 for IPv4 with OSPFv3 + RFC 5838. I see this
possibility is briefly mentioned in your I-D - if you're able to gather
more information about the viability of such a solution, that would be
a very valuable addition to the I-D, I think.

As an aside, I can mention that we're using AH for OSPFv3
authentication. I sometimes see people saying AH is never used for
anything anymore and should be deprecated, but I'm not sure if there
are any real alternatives to AH for securing OSPFv3?

> If you run something else (RIP?) then we would also like to hear
> about this, though we will likely document these differently. [.We
> suspect you run RIP/RIPng only at the edge for special situations,
> but feel free to correct us].

Indeed, we run RIPv2 and RIPng on the edge to allow certain
customer systems to advertise service addresses that can move between
locations for redundancy reasons (or anycasted services). These
advertisements get immediately turned into external routes in OSPF (in
other words we do not have a RIP topology). To get speedy failover we
lower the RIP timers as low as they can go, and have the customers send
updates every second. Using BFD would be an alternative to lowering
timers, but we haven't yet been able to deploy that because BIRD (which
we're typically using on the customer systems) doesn't support BFD for
RIP.

I do feel rather dirty using RIP in 2015, so I would be interested in
hearing about any alternatives approaches folks are using. We're not
using BGP because we'd have to pre-configure every neighbour on the
upstream router (not useful in dynamic or "cloudy" environments), nor
OSPF because we need the ability to filter out invalid advertisements
from the customer systems.

Tore

On 5/Jun/15 12:00, Tore Anderson wrote:
> * Philip Matthews <philip_matthews@magma.ca>
>
>> We are looking particularly at combinations of the following IGPs:
>> IS-IS, OSPFv2, OSPFv3, EIGRP.
> We're using OSPFv2 and OSPFv3 as ships in the night for IPv4 and IPv6,
> respectively. That said, somewhere far down in the darkest depths of my
> TODO list I have an item about investigating the possibility of
> replacing OSPFv2 for IPv4 with OSPFv3 + RFC 5838. I see this
> possibility is briefly mentioned in your I-D - if you're able to gather
> more information about the viability of such a solution, that would be
> a very valuable addition to the I-D, I think.

The OSPFv3 spec. does support carriage of IPv4 NLRI in OSPFv3, although
you'd still require IPv6 link-local communications for the OSPFv3
process itself.

I know Juniper introduced support for this around Junos 9, and I know
Cisco have it IOS 15.

Would be nice to hear how come doing this, if you do go ahead. I'm
ambivalent about whether I would do this if I were an OSPF house.
Hopefully, I would...

Mark.

On 05Jun15, 04:00 , "Tore Anderson" <tore@fud.no<mailto:tore@fud.no>> wrote:

As an aside, I can mention that we're using AH for OSPFv3
authentication. I sometimes see people saying AH is never used for
anything anymore and should be deprecated, but I'm not sure if there
are any real alternatives to AH for securing OSPFv3?

- RFC7166, updates/obsoletes 6506 and specifies an Authentication trailer for OSPFv3. It is already in some iOS versions..

Tim Martin - CCIE #2020
Solutions Architect
"If U R going 2 BYOD & Cr8 an IoE,
U had better be darn good @ IPv6"

On 2015-06-05, at 6:00 , Tore Anderson wrote:

> * Philip Matthews <philip_matthews@magma.ca>
>
>> We are looking particularly at combinations of the following IGPs:
>> IS-IS, OSPFv2, OSPFv3, EIGRP.
>
> We're using OSPFv2 and OSPFv3 as ships in the night for IPv4 and IPv6,
> respectively.

Can you give me a rough idea of how many routers run this combination of protocols? Feel free to unicast me if you don't want to say on the mailing list.

> That said, somewhere far down in the darkest depths of my
> TODO list I have an item about investigating the possibility of
> replacing OSPFv2 for IPv4 with OSPFv3 + RFC 5838. I see this
> possibility is briefly mentioned in your I-D - if you're able to gather
> more information about the viability of such a solution, that would be
> a very valuable addition to the I-D, I think.

So far, I have not heard of anyone who runs this combination. The support for this is still pretty new. I know that my company (Alcatel-Lucent) has only supported it for about a year and I have not had a chance yet to play with it personally. But indeed, part of this survey effort is to gather information on combinations like this and document our aggregated findings in the I-D.

>
> As an aside, I can mention that we're using AH for OSPFv3
> authentication. I sometimes see people saying AH is never used for
> anything anymore and should be deprecated, but I'm not sure if there
> are any real alternatives to AH for securing OSPFv3?

You can also use Encapsulating Security Payload for authentication -- at least on ALU routers, don't know about support on other vendors.

>
>> If you run something else (RIP?) then we would also like to hear
>> about this, though we will likely document these differently. [.We
>> suspect you run RIP/RIPng only at the edge for special situations,
>> but feel free to correct us].
>
> Indeed, we run RIPv2 and RIPng on the edge to allow certain
> customer systems to advertise service addresses that can move between
> locations for redundancy reasons (or anycasted services). These
> advertisements get immediately turned into external routes in OSPF (in
> other words we do not have a RIP topology). To get speedy failover we
> lower the RIP timers as low as they can go, and have the customers send
> updates every second. Using BFD would be an alternative to lowering
> timers, but we haven't yet been able to deploy that because BIRD (which
> we're typically using on the customer systems) doesn't support BFD for
> RIP.
>
> I do feel rather dirty using RIP in 2015, so I would be interested in
> hearing about any alternatives approaches folks are using. We're not
> using BGP because we'd have to pre-configure every neighbour on the
> upstream router (not useful in dynamic or "cloudy" environments), nor
> OSPF because we need the ability to filter out invalid advertisements
> from the customer systems.

You are not the only one still using RIP on the edge. A number of large cable providers are also using RIP to talk to cable modems and looking at deploying RIPng. One of our goals is try to document the places that people are using RIP.

- Philip

On 05/06/2015 11:00, Tore Anderson wrote:
> * Philip Matthews <philip_matthews@magma.ca>
>
>> We are looking particularly at combinations of the following IGPs:
>> IS-IS, OSPFv2, OSPFv3, EIGRP.
>
> We're using OSPFv2 and OSPFv3 as ships in the night for IPv4 and IPv6,


We do the same, FWIW. Not large numbers - 27 OSPFv2 and 25 OSPFv3
routers, mix of IOS and JunOS. Works fine, without any real caveats. Bit
more typing with two protocols, but meh, not significantly.