Total 286 Blogs

Created by - Orhan Ergun

BGP Route Reflector vs Confederation

BGP Route Reflector - RR vs Confederation is one of the first things Network Engineers would like to understand when they learn both of these Internal BGP scalability mechanisms. For those who don't know the basics of these mechanisms, please read BGP Route Reflector in Plain English and BGP Confederation Blog posts from the website first. BGP Route Reflector vs BGP Confederation There are many differences when we compare Confederation vs Route Reflector and in this post, some of the items in the comparison chart will be explained.   BGP Route Reflector vs Confederation Scalability Both of these techniques are used in Internal BGP for scalability purposes. But BGP RR changes the Full Mesh IBGP topologies to the Hub and Spoke. BGP confederation divides the Autonomous System into the sub-ASes but inside every Sub-AS, IBGP rules are applied. Inside BGP Sub Autonomous System, full Mesh IBGP or Route Reflector is used. So, we consider BGP RR compare to Confederation to be more scalable because inside Sub-AS still full-mesh IBGP might be used. If RR inside Sub-AS is deployed, then configuration complexity would increase. BGP Route Reflector vs Confederation Loop Prevention BGP Route Reflector in order to prevent the routing loop uses two BGP attributes. Originator-ID and Cluster List. Originator ID is basically if BGP RR sees its own Router ID in the BGP update, it will not accept the update so routing won't form. Luster list is, when the route passes through the routers, revert router adds its Cluster-ID into the Cluster list, if same Cluster-ID update comes, BGP update is not accepted, thus routing loop is prevented. Using Different IGP in BGP Route Reflector and Confederation BGP RR is used in a single BGP AS. Inside single BGP AS, usually single IGP is used. But this is not the hard rule. In theory, there can be multiple IGP protocols in different parts of the network for internal prefixes and customer prefixes, or Internet prefixes still can be carried within BGP. But in practice, as said above, single BGP AS and single IGP routing protocol designs are much more common in real-life networks. But the BGP confederation is almost always the opposite. BGP Confederation is seen in real life because of Mergers and Acquisitions. The companies before the merger and acquisition might be using different IGP protocols and usually, they continue to use different IGP protocols. The reason they continue to use different IGP protocols is, that their network engineers get familiar with the protocol over years, operatinally and design-wise, thus it doesn't make sense to have a common IGP and push the engineers to learn whichever that IGP. Although in the above list and in general there might be many more comparison points between BGP RR vs Confederation, for this post hopefully it is enough and was useful for our readers.

Published - Fri, 22 Apr 2022

Created by - Orhan Ergun

BGP vs EIGRP 10 Important differences between them!

In this post, we will compare BGP and EIGRP. We will look at some of the important aspects when we compare BGP vs EIGRP. Although EIGRP is used as an IGP and BGP is used mainly as an External routing protocol, we will compare from many different design aspects. Also, BGP can be used as an Internal IGP protocol as well and we will take that into consideration as well.   We prepared the above comparison chart for BGP vs EIGRP comparison. We will look at some of those important Comparison criteria from a design point of view. BGP vs EIGRP Scalability One of the biggest reasons we choose BGP, not EIGRP is Scalability. BGP is used as a Global Internet routing protocol and as of 2022, the Global routing table size for IPv4 unicast prefixes is around 900 000. So almost a million prefixes we carry over BGP on the Internet. So, proven scalability for BGP we can say. EIGRP usually can carry only a couple of thousands of prefixes, this is one of the reasons, EIGRPrp is used as an Internal dynamic routing protocol, not over the Internet. BGP vs EIGRP in Full Mesh, Ring and Hub and Spoke Topologies The full mesh may require a lot of logical connections, meaning BGP neighborship or EIGRP adjacencies. BGP Full Mesh is required because of the Split Horizon loop prevention requirement of BGP. But with the BGP Route Reflector, BGP can work well and can scale well in Full Mesh topologies. When it comes to large-scale Hub and Spoke topologies, EIGRP is a very suitable protocol for it. DMVPN is a very good example of this kind of topologies and both EIGRP and BGP are the most suitable protocols for the large Hub and Spoke topologies. Ring topologies are usually a nightmare for many aspects of every routing protocol.  Converge slowly, hard for the capacity planning as well. BGP  vs EIGRP Fast Reroute EIGRP can support IP Fast Reroute. BGP also with BGP PIC, Prefix Independent Convergence supports BGP Fast Reroute, so both protocols can give us data plane protection opportunity. Although Fast convergence in the control plane can be achieved with EIGRP Feasible Successor, because it can't provide a fast reroute, which is a data plane convergence mechanism, we won't further discuss it here. BGP vs EIGRP Standard When we compare EIGRP vs BGP from their standardization point of view, we need to know that BGP is a standard, and there is many standard track RFC for it, EIGRP RFC 7868 is only an informational track, thus EIGRP is not an IETF standard protocol. BGP vs EIGRP Complexity BGP supports many different address families and their purposes, use cases, and configuration, making in real-life BGP much harder to configure, troubleshoot and engineer compare to EIGRP networks. BGP vs EIGRP Policy Support Another most important reason we choose BGP  is when we need to deploy policy, its excellent policy support. This means, that if we want to engineer the traffic inbound or outbound, BGP gives us many tools to do it. EIGRP has only bandwidth and delay, which is used to calculate routing metrics, and it is used for the Outbound traffic engineering/path manipulation purpose only. BGP vs EIGRP Resource Requirement BGP if there are so many prefixes may require a lot of CPU and Memory. EIGRP runs a Dual algorithm for the best path selection and it is considered a much less CPU consumed protocol, even compared to OSPF''s SPF algorithm, the amount of prefixes that EIGRP needs to calculate the best path can be easily handled by the today's modern networking devices. BGP vs EIGRP Extendibility Both BGP and EIGRP are TLV-based protocols, thus both are considered extendible protocols. Similar to IS-IS, they don't require a new version of the protocol when IPv6 support is added to the protocols for example. BGP vs. EIGRP IPv6 Support Both BGP and EIGRP support IPv6 of course. BGP supports IPv6 as just a new BGP AFI, SAFI. BGP vs EIGRP Convergence From the network convergence point of view, BGP is always known as a slow converged protocol. But saying BGP is slow, is wrong. If we understand Network Convergence better, we have two types of convergence. Control plane convergence and Dataplane convergence. It is a huge topic and we have a separate very detailed Network Convergence Course on the website. But overall, Data plane convergence is Fast Reroute and with the BGP PIC feature, BGP can support Fast Reroute, thus, it can converge so fast too. Thus, maybe saying BGP Control plane convergence might be slow, due to a number of prefixes, device hardware, BGP TCP input queue, whether there is BGP RR or Full mesh, and many factors. Although there can be many other criteria to compare EIGRP vs BGP, for this blog post, I think it is enough. If you want to more about it, you can take our BGP course or you can check many of our free blog posts on this topic.

Published - Fri, 22 Apr 2022

Created by - Orhan Ergun

What does PE-CE mean in MPLS?

What does PE-CE mean in the context of MPLS? What are CE, P, and PE devices in MPLS and MPLS VPN? These are foundational terms and definitions in MPLS. MPLS is one of the most commonly used encapsulation mechanisms in Service Provider networks and before studying more advanced mechanisms, this article is a must-read. In order to understand PE-CE, we need to understand first what are PE and CE in MPLS. I am explaining this topic in deep detail in our CCIE Enterprise and Self-Paced CCDE course. Let's take a look at the below figure. Note: If you are looking for a much more detailed resource on this topic, please click here. Figure -1 MPLS network PE, P, and CE routers In Figure-1 MPLS network is shown. This can be an Enterprise or Service Provider network. MPLS is not only a service provider technology. It can provide segmentation/multi-tenancy for the enterprise environment as well. Three different types of routers are shown. CE, PE, and P routers. CE devices are located on the customer site. PE and P devices are located on the Service Provider site. If it is an Enterprise network, WAN routers can be considered PE routers, and the switches can be CE devices. PE routers don’t have to be connected to P routers. PE routers can be directly connected to each other. CE devices don’t run MPLS. PE devices run both IP and MPLS. P devices don’t run IP but only MPLS. You find the above sentence everywhere when you study MPLS. It actually means CE devices don’t switch the MPLS label to function. PE devices, when a packet arrives first lookup IP destination address and then use MPLS label to function. P devices don’t do IP lookup at all but only switch MPLS labels. Otherwise, P devices of course have IP addresses on their interfaces as well. In MPLS, the service can be Layer 2 or Layer 3. In Layer 3 MPLS VPN, IP routing is enabled between PE and CE devices. These devices have their own roles. Provider Edge and Customer Edge. The provider Edge device is attached to the customer site and the MPLS network, on the other side Customer Edge device, is at the customer site and doesn't require MPLS protocol for its function. Routing protocols in theory can be Static Routing, RIP, EIGRP, OSPF, IS-IS, and BGP. All of them are IETF standards. But in real life, most service providers only provide Static Routing and BGP as a routing protocol with the customer. PE-CE interface is only IP and not MPLS. This interface is the boundary between the MPLS network and the IP network. If Enterprise purchases MPLS VPN service, this means, the customer is receiving VPN service from the MPLS backbone service provider and the customer doesn't run MPLS with the Service Provider. MPLS is only enabled in the Service Provider network. A specific application of PE-CE as MPLS is called CSC (Carrier Supporting Carrier). But in basic MPLS Layer 3 MPLS VPN, the PE-CE link is always IP. To have a great understanding of SP Networks, you can check my newly published Service Provider Networks Design and Perspective Book. It covers the SP network Technologies also explains in detail a factious SP network.

Published - Thu, 21 Apr 2022

Created by - Orhan Ergun

AWS SAA vs. CLF - Can I skip one?

AWS are known for their famous highly demanded Solutions Architect Associate (SAA) Certificate, and many thinks that it is the first step with AWS and Cloud Computing, the question now is it?, or is there any step that should be taken before, like the AWS Cloud Practitioner CLF exam?. In this blog post we will discover and compare the agenda and the main pillars each exam teach you, and see if it worth skipping CLF and start directly with SAA. Cloud Concepts Your very first chapter to start studying AWS CLF with will be the cloud concepts, this will give a general overview of what is the idea and concept of cloud computing, what would AWS provide regarding that, and are you about to experience. Luckily this part is shared between both the exams of AWS CLF and SAA, and we'll find a share for it here and there, to understand what we are about to start with such exams. that makes them equal here, 1-1. Security and Compliance Having zero knowledge about cloud computing and the restrictions and differentiations that might occur with it, upon implementing a new network on the cloud for the first time will require the knowledge of official documents, government restrictions and compliances, regional compliances as well. Now that is a point where CLF wins as it mentions and provides all the necessary documents and resources to check the security and compliances requirements based on the region you are planning to implement a cloud network on. so far 2-1 for CLF. AWS Core Services This pillar represent the back bone of whatever you should study and learn with AWS, all the services hosted on cloud, in other words, inside AWS real Data Centers, are shown and detailed here, service after another. The CLF exam focuses for more than 30% of its weight on the Core services giving you a good knowledge to call it a start with AWS, while the SAA exam is "about" this pillar, you will spend your time with that exam studying the core services, designing the core services, architecting solutions together, all within the same cloud, one solid well-built/designed network on the cloud of AWS. In general, you will learn about the Core services of AWS 3 times more with SAA compared to CLF, making SAA the ultimate beginning with AWS services. we can say it is a point to SAA, so we have 2-2 now. AWS Economics The last pillar to check and talk about in this post is the one that teaches you billing, payments, discounts, Free tier, support, programs, and pricings. All of that is in the CLF exam but NOT mentioned in the SAA exam unfortunately, it is a major and big point for the CLF as ignoring these skills will result is disasters when dealing with AWS services in real life. And that sent the last point for today to the CLF exam, 3-2. Conclusion With all the above being said, does that make starting with AWS SAA directly a mistake or a wrong step in the path of AWS carrier for me! The Answer is that you can practice and prepare the best with AWS by: Either Start with CLF and then SAA Or, start with SAA but refer to the official documents from AWS the fills the gaps of Compliance and Economics which will be equal to the amount of time and efforts spend studying the CLF exam! Resources For us on orhanergun.net, we provide both the AWS CLF and AWS SAA exams courses on the website, detailed explanation based on the official agenda of the exams by AWS, alongside with many other AWS and Cloud courses, you can either get a life-time subscription per course, which will provide all the future exam updates for free. or contact our sales to get a full annual access to a variety of courses based on the tier you desire.

Published - Wed, 20 Apr 2022

Created by - Orhan Ergun

OSPF Administrative Distance - How preferred is it

OSPF Administrative Distance, or OSPF AD, is the key of electing OSPF among other routing protocols (if existed) leading to the same target within the same routing table, in this blog post we will discover the basics and types of Administrative Distances for OSPF across multiple different platform. Administrative Distance For Cisco systems operating systems, regardless of their platforms, all the IOS-XE, IOS-XR, and NX-OS OS's treats OSPF based on the "AD" which has the value of "110". Now the most important thing is not just to know the numerical value which will be useless without knowing its order of preference among the other routing protocol Administrative Distances. OSPF AD with Cisco OS's The values will be as follows regarding the Static and Dynamic Routing Protocols: Direct = 0 Static = 1 eBGP = 20 EIGRP = 90 OSPF 110 IS-IS = 115 RIP = 120 iBGP = 200 This Shows that OSPF routes to a specific target can be hidden if one of the dynamics (EIGRP or eBGP) routes was installed in the routing table, that also includes the Direct and Static as well. Route Preference Dealing with devices/platforms from Juniper Networks will get you to face and operate with JunOS, the one unified operating system they have, across their different platforms. with juniper the concept of Administrative Distance still exists and still play the same role, but instead, they name it only differently here by calling it as "Route Preference". OSPF AD with Juniper JunOS Some protocols will be treated differently here, and some others will be missing (cases like EIGRP as it is a Cisco proprietary). Direct/Local = 0 Static = 5 OSPF internal = 10 IS-IS L1/L2 = 15/18 RIP = 100 OSPF external = 150 IS-IS external L1/L2 = 160/165 BGP = 170 OSPF here has to types of routes and stands in the middle of the table, with the absence of EIGRP, only Direct/Local and Static routes can beat OSPF routes, making it the most preferred dynamic routing protocol. Routing Protocol Preference With another operating system like Huawei's Versatile Routing Platform (VRP) we will see many similarities with the one of JunOS, but there is a small difference to catch in the table described below. OSPF AD with Huawei's VRP Still missing EIGRP here, check the surprise of where OSPF stands within the table: Direct = 0 OSPF = 10 IS-IS L1/L2 = 15/18 Static = 60 RIP = 100 OSPF external = 150 BGP = 255 OSPF is the first protocol here!, putting away the Static route, even IS-IS beats Static route as well, interesting... Route Preference Again One more platform to check their preferences and that would be The Nokia Service Router Operating System (SR OS). OSPF AD with Nokia's SR OS It has the same name and many similar numbers to Juniper's JunOS table: Direct = 0 Static = 5 OSPF = 10 IS-IS L1/L2 = 15/18 OSPF external 150 IS-IS external L1/L2 = 160/165 BGP = 170 So at the end we find Cisco is almost the only one who names it differently, have different protocols, different order, and clearly different numbers of values for the Administrative Distances.

Published - Wed, 20 Apr 2022

Created by - Orhan Ergun

OSPF Protocol Basic Overview

What is OSPF Language-wise it stands for Open Shortest Path First, and Family wise it belongs to the Link-State Interior Gateway Dynamic Routing Protocols. Done with the CV yet?, OSPF is an open standard internal routing protocol that is supported across all the different vendors manufacturing networking platforms. In this article, we will review the basics and specs of this protocol, and see its own unique features. OSPF Neighbor States As a start, the OSPF routing protocol uses a multicast hello message that is destined to the OSPF Multicast address of 244.0.0.5 seeking any possible other OSPF routers in the area. This message keeps repeating every 10 seconds by default, and that will be out of the interfaces that announced an OSPF configuration, which depends on how you configured it + the vendor-specific configuration template. Upon receiving a multicast hello message from another router we already sent it a hello message earlier, and that should be within the dead timer of 40 seconds maximum (by default). An OSPF neighbor process will start by: Init: at the moment of confirmation that a bidirectional multicast hello has initiated 2-Way: communication from the 2 parts has successfully occurred ExStart: OSPF router-id gets exchanged and database information begins to be shared Exchange: link states bidirectional communication and exchange Loading: final synchronization of LSA's Full: settlement and official neighboring announcement OSPF Routing Protocol Before starting routing, OSPF understands its neighboring environment by drawing a shortest-path tree SPT to those neighbors that it established a neighboring state with them earlier, based on the Dijkstra's Algorithm. Having the tree will allow the OSPF router to know how to reach each neighbor in the best way, and that will depend on the OSPF metric calculated per neighbor. named as the "Cost". OSPF at Rest With no triggers or events, OSPF routers will be calm, with no need to exchange any routes or LSA's, leaving the databases named LSDB's as steady, identical between routers, and containing the same types and amounts of LSA's. Only the OSPF hello message will be forever bidirectionally exchanged to maintain the neighbor state.

Published - Wed, 20 Apr 2022

Created by - Orhan Ergun

OSPF Configuration - A sample template on multi-vendor routers

There are commons and differences to the time when it comes to configuring an OSPF routing protocol on a router you manage, based on the router's manufacturer. We will take a look at the basic sample of configuring OSPF on Cisco IOS-XE and Juniper's JunOS operation systems. OSPF on Cisco IOS-XE With ios-xe we start configuring OSPF by mentioning the numerical value of the: OSPF Process ID And what that does mean is just a number to isolate some hierarchical designs of the OSPF process on the router of cisco. Does it have to be matched on both the peering ends?, the answer is NO Does it affect some priorities in some OSPF election processes?, the answer is also NO Is it that mandatory?, well based on that "OS" it is, but it is not a general OSPF concept? As it is missing with the other vendors!! That makes the first line of configuration look like this:         OERouter1(config)#router OSPF [Process ID] i.e. "OERouter1(config)#router ospf 10 OSPF Network Advertisement The later step after getting into the hierarchical mode of OSPF, specifying the process ID as well, is to advertise the networks. These networks prefixes and prefix lengths will be announced to the adjacent neighbors inside the transported LSA's of the OSPF routing protocol. OERouter1(config-router)#network [network prefix] [network wild card mask] _____ i.e. "OERouter1(config-router)#network 10.10.10.0 0.0.0.255 _____ and that will be advertising a network with the prefix of 10.10.10.0 and the prefix length of 24 OSPF Area ID The real key here in OSPF configuration is the Area ID, the Area ID does the isolation, it does the creation of multiple databases LSDB, it generates the need and the role for the ABR Router, It has to be matched on both the ends of the peering OSPF routers, and there will be a database for every area. OERouter1(config-router)#network [network prefix] [network wild card mask] Area [Area ID] i.e. "OERouter(1config-router)#network 10.10.10.0 0.0.0.255 Area 0 That line had just advertised the network of 10.10.10.0/24 into the domain and database of Area 0 Any other participating router within the same area will receive some LSA's carrying the 10.10.10.0/24 network advertisement. OSPF on JunOS OS On the other end, the other router awaiting to peer with the Cisco IOS-XE router will be a router from Juniper Networks, Having the one unified intelligent JunOS OS installed on, Here, just like it is with many other vendors, there will be no "Process ID" Advertise a network and its Area ID under the umbrella of OSPF configuration hierarchy, and that is it. [edit] [email protected]#edit protocols [dynamic routing protocol] [email protected]#edit area [Area ID] i.e. [email protected]#edit protocols OSPF [email protected]#edit area 0.0.0.0 Areas with JunOS can be mentioned either as a normal numerical value [0] or as a 32-bit value [0.0.0.0] The classic of JunOS is to use the [0.0.0.0] form. After specifying the Area ID, and also making sure that the syntax started with "edit" We will log in another JunOS hierarchical mode, where we can advertise "Participating Interfaces" instead of "Networks" [email protected]#set interfaces [interface_ID.logical_unit] i.e [email protected]#set interfaces ge-0/0/0.0 or: [email protected]#set interfaces ge-0/0/0 unit 0 Now any network getting advertised within the interface ge-0/0/0 generally (unit 0) Will be advertised out of that interface as a network participating in OSPF Area 0, to the other side. Point of Argument Will the above samples of configuring 2 different platforms, running 2 different operating systems, Having 2 different ways of advertising a network out, and also one of them misses a mandatory statement based on the other aspect, Will all of that work!!! The answer is YES, OSPF is an open standard protocol, it is supported across multiple vendors, the slight differences in configuration samples are just some languages differentiations, But neighboring adjacency will come up and full Link-State Databases (LSDB's) will be established and fully synchronized between the routers using LSA's. A more unified method As we've seen earlier, with Cisco IOS-XE, the OSPF configuration was done by advertising a network, while in JunOS it was done by advertising an interface. That can have an alternative way on Cisco's IOS-XE, by also advertising an interface, BUT, from the interface hierarchical config. mode. OERouter1(config)#interface [interface ID] OERouter1(config-if)#ip ospf [Process ID] Area [Area ID] i.e. OERouter1(config)#interface gi 0/1 OERouter1(config-if)#ip ospf 10 area 0

Published - Wed, 20 Apr 2022

Created by - Orhan Ergun

DMVPN vs MPLS VPN

DMVPN - Dynamic Multipoint VPN and MPLS VPN are two of the most popular VPN mechanisms. In this post, we will look at DMVPN vs MPLS VPN comparison, from many different aspects. At the end of this post, you will be more comfortable positioning these private VPN mechanisms. DMVPN vs MPLS VPN When we compare the two protocols, we look at many different aspects. For this comparison, I think very first we should say that DMVPN is a Cisco preparatory tunnel-based VPN mechanism but MPLS VPN is standard-based, RFC 2547, non-tunnel based VPN mechanism. Although, whether MPLS LSP is a tunnel or not is an open discussion in the networking community, we won't start that discussion here again. DMVPN and MPLS VPN over the Internet Another important consideration for MPLS VPN vs DMVPN is, that DMVPN can be set up over the Internet but MPLS VPN works over private networks, Layer 2 or Layer 3 based private networks. DMVPN tunnels can come up over the Internet and inside the tunnels routing protocols can run to advertise the Local Area Networks subnets. But MPLS requires Private network underlay. Figure - DMVPN Networks can run over Internet or Private Networks    DMVPN vs MPLS VPN Security Both VPN mechanisms don't come with encryption by default. Many people wrongly know that DMVPN comes with the IPSEC. In fact, it is wrong. There is only two standard-based technology for DMVPN, they are mandatory for DMVPN. These are; MGRE - Multipoint GRE and NHRP - Next Hop resolution protocol. IPSEC is optional for the DMVPN. Same for the MPLS VPN. IPSEC or GETVPN can run over MPLS VPN but they don't come together with the MPLS VPN, which means that MPLS VPN doesn't require IPSEC or GETVPN for its operation This is true for the DMVPN as well. It doesn't require either of them. Last but not least for the security of the MPLS vs DMVPN, GETVPN can provide the most scalable encryption method for both MPLS VPN as well as DMVPN. MPLS over DMVPN MPLS can run over DMVPN. The reason for it is to create even more scalable VPNs over DMVPN. Without MPLS, if there are many different business units that need to communicate river DMVPN, to segment those business units' network traffic, many different tunnels would be required. With MPLS VPN over DMVPN, which is commonly known as 2547 over DMVPN method, we don't need to create multiple DMVPN tunnels, but with just 1 single DMVPN tunnel, we can carry many different business units by segmenting their traffic in a scalable manner. DMVPN over MPLS VPN DMVPN can run over MPLS VPN as well. So, DMVPN doesn't only run over the Internet but the underlay network for DMVPN can be an MPLS network. In this case, DMVPN tunnel endpoint reachability is provided by the underlay MPLS VPN network. Underlay MPLS network can be MPLS Layer 2 VPN or MPLS Layer 3 VPN. In both cases, MPLS VPNs can provide reachability between the DMVPN Hub and Spokes. So far all this information about MPLS VPN vs DMVPN is applicable for every DMVPN Phase, DMVPN Phase 1, DMVPN Phase 2, and DMVPN Phase 3.  

Published - Mon, 18 Apr 2022

Created by - Orhan Ergun

IS-IS Routing Ptrotocol

IS-IS is a link-state routing protocol, similar to OSPF. If you are looking for Service Provider grade, MPLS Traffic Engineering support, and extendible routing protocol for easier future migration then the only choice is IS-IS. Commonly used in Service Providers, Datacenter (as an underlay), and some large Enterprise networks. IS-IS Routing Protocol in Networking IS-IS works based on TLV format. TLVs provide extensibility to the IS-IS protocol. IS-IS TLV Codes - Specified in RFC 1195   You don’t need totally different protocol to support new extensions. In IS-IS IPv6, MTR and many other protocols just can be used with additional TLVs. 1. IPv6 Address Family support (RFC 2308) 2. Multi-Topology support (RFC 5120) 3. MPLS Traffic Engineering (RFC 3316) IS-IS is a Layer 2 protocol and is not encapsulated in IP, thus it is hard if not impossible to attack Layer2 networks remotely, IS-IS is considered more secure than OSPF. IS-IS uses a NET (Network Entity Title) address similar to OSPF Router ID. IP support to IS-IS is added by the IETF after ISO invented it for the CLNS. If IS-IS is used together with IP, it is called Integrated IS-IS. IS-IS doesn’t require an IP address for the neighborship. ISPs commonly choose addresses as follows: 1. First 8 bits – pick a number (49 used in these examples) 2. Next 16 bits – area ID 3. Next 48 bits – router loopback address (6 bytes, every 4 numbers is 2 bytes) 4. Final 8 bits ( 2 Numbers) is 00 on the routers Let's say NET ID is:  49.0001.1921.6800.1001.00 When we look at each part of it: 49.0001 is the IS-IS Area ID 2.192.168.1.1(Router loopback) in Area1 3.00 is the NSEL OSPF vs IS-IS Terminology Comparison IS-IS       vs                   OSPF End System (ES)                                  Host Intermediate System (IS)                   Router Circuit                                                     Link Protocol Data Unit (PDU)                  Packet Designated IS (DIS)                             Designated Router (DR) N/A (no BDIS is used)                         Backup Designated Router (BDR) Link-State PDU (LSP)                          Link-State Advertisement (LSA) Sub-domain/Level                                Area Level 1 IS-IS Domain                            Non-Backbone Area Level 2 IS-IS Domain                           Backbone Area L1L2 Router                                           Area Border Router (ABR) Any Intermediate System (IS)           Autonomous System Boundary Router (ASBR).   There is no Backup DIS concept within IS-IS, because DIS sends CSNP very often, so routers get the latest info all the time and all routers are neighbors of each other, so they send the LSPs to each other anyway, DIS is like a backup mechanism to ensure receiving LSP. SPF (Dijkstra) runs when the topology has to be calculated (SPF Tree). PRC (Partial Route Calculation) runs when IP Routing information has to be calculated. If a router (IS) receives an LSP where only IP information has changed, it will run PRC only (Less CPU compare to SPF), thus better compare to OSPF. IS-IS Scalability •Scalability can be achieved through IS-IS Multi-level design as well which we will discuss next. IS-IS has two Levels: Level 2 and Level 1 Levels are similar to the Backbone Area and Non-Backbone areas of OSPF. Level 2 IS-IS is similar to OSPF Backbone, Level 1 IS-IS is similar to OSPF Non-Backbone Area. How IS-IS Routing Protocol Works If the Area ID is the same on the 2 routers, they can set up both L1 and L2 adjacency. If Area ID is different they can only set up an L2 IS-IS adjacency. There is no backbone area in IS-IS as in the case of OSPF. There are only contiguous Level2 routers. Level 2 domains have to be contiguous. But still for the new learners, the IS-IS level 2 domain can be considered similar to the OSPF backbone area. There are three types of routers in IS-IS IS-IS Level 1 Router 1. Can only form adjacencies with Level 1 routers within the same area 2. LSDB only carries an IS-IS intra area information 3. Use the closest Level 2 router to exit the area 4. This may result in suboptimal routing IS-IS Level 2 Router 1. Can form adjacencies in multiple areas 2. Exchange information about the whole network IS-IS Level1-2 Router 1. These routers keep separate LSDB for each level, 1 for Level 1database, and 1 for level 2 databases. 2. These routers allow L1 routers to reach other L1 in the different areas via the L2 topology. Level 1 routers look at the ATT- Attached bit in L1 LSP of L1-L2 routers. And use it as a default route to reach the closest Level 1-2 router in the area. This can create suboptimal routing in IS IS network. The L1 domain is similar to OSPF Totally NSSA Area since the L1 domain doesn’t accept anything other than the default route from the Level 2 domain and redistribution is allowed into the L1 domain.

Published - Sun, 17 Apr 2022