Re: Looking for information on IGP choice in dual-stack networks
* Philip Matthews philip_matth...@magma.ca We are looking particularly at combinations of the following IGPs: IS-IS, OSPFv2, OSPFv3, EIGRP. We're using OSPFv2 and OSPFv3 as ships in the night for IPv4 and IPv6, respectively. That said, somewhere far down in the darkest depths of my TODO list I have an item about investigating the possibility of replacing OSPFv2 for IPv4 with OSPFv3 + RFC 5838. I see this possibility is briefly mentioned in your I-D - if you're able to gather more information about the viability of such a solution, that would be a very valuable addition to the I-D, I think. As an aside, I can mention that we're using AH for OSPFv3 authentication. I sometimes see people saying AH is never used for anything anymore and should be deprecated, but I'm not sure if there are any real alternatives to AH for securing OSPFv3? If you run something else (RIP?) then we would also like to hear about this, though we will likely document these differently. [We suspect you run RIP/RIPng only at the edge for special situations, but feel free to correct us]. Indeed, we run RIPv2 and RIPng on the edge to allow certain customer systems to advertise service addresses that can move between locations for redundancy reasons (or anycasted services). These advertisements get immediately turned into external routes in OSPF (in other words we do not have a RIP topology). To get speedy failover we lower the RIP timers as low as they can go, and have the customers send updates every second. Using BFD would be an alternative to lowering timers, but we haven't yet been able to deploy that because BIRD (which we're typically using on the customer systems) doesn't support BFD for RIP. I do feel rather dirty using RIP in 2015, so I would be interested in hearing about any alternatives approaches folks are using. We're not using BGP because we'd have to pre-configure every neighbour on the upstream router (not useful in dynamic or cloudy environments), nor OSPF because we need the ability to filter out invalid advertisements from the customer systems. Tore
Re: IPv6 QUIC traffic
On 2015-06-05 07:23, Mikael Abrahamsson wrote: On Thu, 4 Jun 2015, Philipp Kern wrote: Given that there is Happy Eyeballs for this and there is a probably not too unreasonable fallback with HTTP/2, can't we just see how this plays out? ;-) Happy Eyeballs doesn't solve things working badly (=ratelimiting), unfortunately, neither does it help in detecting PMTU blackholing. What's the bucket for ratelimiting? (Given that it's also a memory question how many buckets can be opened for this.) Because if enough people use QUIC, ratelimiting should be across all users and hence HE should work? Of course it would not if ratelimiting is per (srcip, dstip) tuple or something in which case it would only fail after the initial ramping up phase. At least there is TCP PMTU blackhole detection in modern TCP, I couldn't find any reference to this for QUIC in my 10 second google search. What Lorenzo said. Kind regards Philipp Kern
Re: Looking for information on IGP choice in dual-stack networks
On 05Jun15, 04:00 , Tore Anderson t...@fud.nomailto:t...@fud.no wrote: As an aside, I can mention that we're using AH for OSPFv3 authentication. I sometimes see people saying AH is never used for anything anymore and should be deprecated, but I'm not sure if there are any real alternatives to AH for securing OSPFv3? - RFC7166, updates/obsoletes 6506 and specifies an Authentication trailer for OSPFv3. It is already in some iOS versions.. Tim Martin - CCIE #2020 Solutions Architect If U R going 2 BYOD Cr8 an IoE, U had better be darn good @ IPv6
Re: Looking for information on IGP choice in dual-stack networks
On 2015-06-05, at 6:00 , Tore Anderson wrote: * Philip Matthews philip_matth...@magma.ca We are looking particularly at combinations of the following IGPs: IS-IS, OSPFv2, OSPFv3, EIGRP. We're using OSPFv2 and OSPFv3 as ships in the night for IPv4 and IPv6, respectively. Can you give me a rough idea of how many routers run this combination of protocols? Feel free to unicast me if you don't want to say on the mailing list. That said, somewhere far down in the darkest depths of my TODO list I have an item about investigating the possibility of replacing OSPFv2 for IPv4 with OSPFv3 + RFC 5838. I see this possibility is briefly mentioned in your I-D - if you're able to gather more information about the viability of such a solution, that would be a very valuable addition to the I-D, I think. So far, I have not heard of anyone who runs this combination. The support for this is still pretty new. I know that my company (Alcatel-Lucent) has only supported it for about a year and I have not had a chance yet to play with it personally. But indeed, part of this survey effort is to gather information on combinations like this and document our aggregated findings in the I-D. As an aside, I can mention that we're using AH for OSPFv3 authentication. I sometimes see people saying AH is never used for anything anymore and should be deprecated, but I'm not sure if there are any real alternatives to AH for securing OSPFv3? You can also use Encapsulating Security Payload for authentication -- at least on ALU routers, don't know about support on other vendors. If you run something else (RIP?) then we would also like to hear about this, though we will likely document these differently. [We suspect you run RIP/RIPng only at the edge for special situations, but feel free to correct us]. Indeed, we run RIPv2 and RIPng on the edge to allow certain customer systems to advertise service addresses that can move between locations for redundancy reasons (or anycasted services). These advertisements get immediately turned into external routes in OSPF (in other words we do not have a RIP topology). To get speedy failover we lower the RIP timers as low as they can go, and have the customers send updates every second. Using BFD would be an alternative to lowering timers, but we haven't yet been able to deploy that because BIRD (which we're typically using on the customer systems) doesn't support BFD for RIP. I do feel rather dirty using RIP in 2015, so I would be interested in hearing about any alternatives approaches folks are using. We're not using BGP because we'd have to pre-configure every neighbour on the upstream router (not useful in dynamic or cloudy environments), nor OSPF because we need the ability to filter out invalid advertisements from the customer systems. You are not the only one still using RIP on the edge. A number of large cable providers are also using RIP to talk to cable modems and looking at deploying RIPng. One of our goals is try to document the places that people are using RIP. - Philip
