The Service Provider IGP Question: OSPF or Integrated IS-IS?

Home > Service Provider > The Service Provider IGP Question: OSPF or Integrated IS-IS?

The Service Provider IGP Question: OSPF or Integrated IS-IS?

March 23rd, 2009

I had a choice to make recently in the decision of which open standards based IGP (i.e. NOT EIGRP) to chose between, OSPF or Integrated IS-IS. If you look out there on the Internets, you’ll find many, many different discussions about which one to go with. There are a lot of engineers who think IS-IS is dead and that no one uses it anymore, often times confusing it with IGRP (which SHOULDN’T be used anymore). That is far from the truth as most large networks have used IS-IS for years and many others switch to it all the time.

There are positives and negatives to both OSPF and IS-IS as you’d expect, but they are very similar protocols. First, lets get a run down of some of the facets and features of each:

OSPF

Version 1 became RFC 1131 in October 1989
Uses Dijkstra’s Algorithm to determine shortest path
Distributes routing updates/information with LSA (Link State Advertisement)
Runs over IP at layer 3
Supports Non-Broadcast Multi-Access Networks (NBMA) and Point to Multi-Point (P2MP) in addition to Point to Point (P2P) and Broadcast
Partitioned into ‘Areas’ where Area 0 is the backbone that connects all other areas.
IPv6 support: Added with re-written version 3 of the protocol

Integrated IS-IS

Published as RFC 1195 in December 1990
Uses Dijkstra’s Algorithm to determine shortest path
Distributes routing updates/information with LSP (Link State Packet)
Runs over ConnectionLess Network Protocol (CLNP) at layer 2
Unnumbered Broadcast in addition to Point to Point (P2P) and Broadcast. No NBMA or P2MP
Possible to be partitioned into ‘Levels’ where Level 2 is the backbone that interconnects all other Level 1 areas
IPv6 support: Was added with a Type-Length-Value (TLV) addition to the protocol

As you can see, a lot of similarities. In fact, when most network engineers who have experience in both are asked which they would recommend, they say it really comes down to preference because they are so similar. Which protocol are your engineers accustomed to using and troubleshooting with? That’s the one to go with. I think it’s a little more involved than that, but from an network operations perspective I guess that could be a determining factor.

In evaluating my network to see which is going to be the best long term fit, I’ve come to the conclusion that Integrated IS-IS is the right choice for me. There are a number of reasons why I came to this conclusion.

Security - IS-IS runs at layer 2 not layer 3. This means it is not as vulnerable to IP spoofing or other denial of service attacks that could affect OSPF. Also if you run MPLS VPNs with OSPF in them, you’re less likely to have a NOC engineer accidentally add a customer to your core OSPF topology.
Modularity - Equipment vendors can easily add newer protocols or features into IS-IS with the addition of new TLVs and sub-TLVs. OSPF has historically required a re-write from the ground up to add support for protocols such as IPv6.
Reputation - There is a very high opinion of IS-IS within engineering circles as being rock solid, quick converging and a very predictable IGP. Granted, this is hearsay from my colleagues at other service providers, but I consider their opinion very valid.
Simplification - I like the idea of keeping things simple so running IS-IS as both my IPv4 and IPv6 IGP is attractive. In an OSPF world, that would require two routing instances, one for OSPFv2 routing IPv4 and the other for OSPFv3 routing IPv6. I also think OSPF has too many knobs to play with that can let operators get a little carried away to make their networks more complicated than necessary.
Vendor Focus - IS-IS is used predominantly and almost exclusively in the service provider space. This creates a laser like focus of features and development on what service providers need.

So am I saying Integrated IS-IS is the best interior routing protocol ever invented that everyone should use? By no means. As with most comparisons of technologies so close to each other in operation, it comes down to the application of the technology. Make sure you dig into the subject matter to get a good understanding so that you can really make a business case for your solution. In decisions like the choice of an IGP, it’s something you are likely going to be stuck with for some time. To swap it out for another protocol can be an absolute bitch to plan, test and change especially as the network grows. It’s best to build it once so that it is stable and scales in YOUR environment.

Here’s a few great resources on the subject of ISIS vs. OSPF if you’re interested to read more:

Vijay Gil from the AOL Transport Data Network (PDF): OSPF to ISIS
Dave Katz from Juniper (PPT): Abstract: OSPF and IS-IS - A Comparative Anatomy
OSPF vs ISIS from RoutingFreak.com (Web): OSPF vs ISIS

jason Service Provider isis, isis vs. ospf, network design, ospf

Comments (4) Trackbacks (1) Leave a comment Trackback

IPv6Freely

March 24th, 2009 at 07:39 | #1

Reply | Quote

I think I actually found IS-IS easier to understand when I was doing the CCIE written and CCNP (Was it on the CCNP? That was so long ago…)

The one thing I would have to say for OSPF is that if you have a problem with it, there are FAR more people around who will be able to lend a hand in troubleshooting. Most people know OSPF inside and out, very few know IS-IS inside and out (though the ones that do, tend to REALLY know it well).

It’s a tough decision. Another issue is that the engineer that replaces you when you leave may not know IS-IS, and while that should at least be a small consideration, it certainly shouldn’t be your primary reason.

Hard to say, really… I guess it comes down to preference.
Proteus Networks (Joe Soricelli)

March 27th, 2009 at 10:19 | #2

Reply | Quote

A very nice and concise report! I too am in the IS-IS camp these days but it wasn’t always like that. When I was in Cisco land (CCIE 4803) IS-IS was a bit of a black art. When I look back on it I think it had to do with the implementation in IOS and the use of the NSAP values for everything (brought out my visceral hate reaction to ATM - LOL).

When I moved to Juniper in 2000 (JNCIE 14), I was “forced” to learn more about it as the customers at the time were all heavy IS-IS users. What I found, to my surprise, was that I actually liked it better than OSPF. For some reason I can hear my Mother saying “How do you know you don’t like peas when you haven’t even tried them?”

Anyway, if I was starting a network from scratch I would choose IS-IS without a second thought. A lot of it has to do with the points Jason made above. For me (having a training background) I am confident that I could have an OSPF rock star running an IS-IS network in no time flat. I also believe that there are a lot of folks out there who are proficient in IS-IS but perhaps they are not prolific writers or bloggers.

I DO whole-heartedly agree that it boils down to a personal preference between the two protocols.
Johnny

May 15th, 2010 at 19:50 | #3

Reply | Quote

I tried IS-IS OSPF differences link and it didnt work. Little bit of googling led me to http://routingfreak.wordpress.com/category/ospf-vs-is-is/

Its the same blog maintained by one of the original authors. You might want to update your bookmarks to point to the right page.
jason

June 29th, 2010 at 08:29 | #4

Reply | Quote

Thanks, Johnny. I’ve updated the links.

April 13th, 2009 at 15:01 | #1

Internets of Interest: 7th Apr - 13th Apr | My Etherealmind

Are You Afraid of the Big Bad Conficker? What the Hell is Cisco Doing in the Server Market With UCS?

Packet Rancher