Re: IGP protocol

On 18/Nov/18 18:00, Saku Ytti wrote: > In 7600 it is simply not possible because of hardware limitation. I'd > be surprised if 7600 was alone here. I've never ran the 7600 (the 6500 was as close as I got, but that was just purely for Ethernet switching). While it wouldn't surprise me that

Re: IGP protocol

On Sun, 18 Nov 2018 at 21:07, Grant Taylor via NANOG wrote: > Is it not possible to protect (just) the eBGP with IPsec? Not on all gears SPs are deploying. But people doing this. > I would think that IPsec would provide the desired protection and that > tuning filters to the proper ports would

Re: IGP protocol

Warning: n00b level question, ignore at your own discretion. On 11/18/18 3:59 AM, Saku Ytti wrote: Not arguing that MacSec isn't superior feature, it's just cost of MacSec is non-trivial compared to cost of HMAC-MD5, and it seems HMAC-MD5 for certain attacks is strong guarantee. Ideally we'd

Re: IGP protocol

On Sun, 18 Nov 2018 at 17:35, Mark Tinka wrote: > I've found my fair share of IS-IS bugs since I began using it back in 2007 > (when SRC ruled the roost on 7200/7600). What matters is that stuff gets > fixed. In 7600 it is simply not possible because of hardware limitation. I'd be surprised

Re: IGP protocol

On 18/Nov/18 13:13, Nick Hilliard wrote: >   > > one of the few uses for tcp/md5 protection on bgp sessions can be > found at IXPs where if you have an participant leaving the fabric, > there will often be leftover bgp sessions configured on other routers > on the exchange.  Pre-configuring

Re: IGP protocol

On 18/Nov/18 11:58, Saku Ytti wrote: > Should. OSPF you can protect in edge with ACL. In ISIS you hope it's > protected. > > 7600 punts it in every interface, if one interface speaks ISIS, > because it doesn't have per-interface punt masks. > > MX: > 2012-10-18 0002096778/2012-1018-0446

Re: IGP protocol

Saku Ytti wrote on 18/11/2018 10:59: AFAIK there are no known attacks against HMAC-MD5. eBGP I don't care about. But for iBGP I consider this a problem: one of the few uses for tcp/md5 protection on bgp sessions can be found at IXPs where if you have an participant leaving the fabric, there

Re: IGP protocol

On Sun, 18 Nov 2018 at 12:15, Alfie Pates wrote: > There's a school of thought which suggests MD5 security on single-hop BGP is > absolute theatre with no security benefit and that MACsec is the route you > should be taking. AFAIK there are no known attacks against HMAC-MD5. eBGP I don't care

Re: IGP protocol

> or MacSec There's a school of thought which suggests MD5 security on single-hop BGP is absolute theatre with no security benefit and that MACsec is the route you should be taking. ~ a

Re: IGP protocol

On Sun, 18 Nov 2018 at 11:15, Mark Tinka wrote: > Yes, IS-IS is designed to speak to connected hosts, but will only do so if > you enable IS-IS on the interface facing that host. > The scope of the exposure, while present, is limited to the radius between > your device and the connected host,

Re: IGP protocol

On 16/Nov/18 15:04, Victor Kuarsingh wrote: > 3. Based on your vendor preference / selection, how well does each > fair on your platform of choice ? (Most major vendors do a good job on > both, but there are considerations) IS-IS is notoriously bad in Quagga. I met with some of the

Re: IGP protocol

On 14/Nov/18 02:24, im wrote: > Thanks for all to letting me know. > > I have operating OSPF/iBGP backbone for 10+ years, now my brain has > entrenched to OSPF. > Now, I beginning to learn IS-IS for more knowledge. More power to you :-). Mark.

Re: IGP protocol

On 13/Nov/18 17:30, Saku Ytti wrote: > Do you know connected host can't talk ISIS to you? > > ISIS is false security. In modern platforms OSPF almost always can be > protected (iACL), ISIS in many times cannot. I'd run MD5 in either > case. Yes, IS-IS is designed to speak to connected hosts,

Re: IGP protocol

s in asia region... > So that, please could you explain me > > 1. what is your backbone's IGP protocol? > 2. why you choose it? > > > thanks, >

Re: IGP protocol

Let’s please stay on topic.

Re: IGP protocol

X11 forwarding -> WINE -> notepad.exe On Fri, Nov 16, 2018, 06:06 Jay Nugent On Fri, 16 Nov 2018, Randy Bush wrote: > > >> I heard that OSPF is only famous in asia region... > >> So that, please could you explain me > >> > >> 1. what i

Re: IGP protocol

On Fri, 16 Nov 2018, Randy Bush wrote: I heard that OSPF is only famous in asia region... So that, please could you explain me 1. what is your backbone's IGP protocol? emacs vi

Re: IGP protocol

> I heard that OSPF is only famous in asia region... > So that, please could you explain me > > 1. what is your backbone's IGP protocol? emacs

Re: IGP protocol

On 15 November 2018 01:51:28 GMT, Baldur Norddahl wrote: >Also not true that the management network is the last thing to boot. In >contrary, everything else depends on that being ready first. And that >would >also be true if we used is-is. It is when you out management in a VRF... >ons. 14.

SV: IGP protocol

@nanog.org Ämne: Re: IGP protocol We run a MPLS enabled network with internet in a VRF. Management is in VRF default (no VRF). The IGP is OSPFv2. IPv6 is handled by the L3VPN functionality of MPLS. So is IPv4. The IPv4 that is controlled by OSPF is totally separate from everything except management

Re: IGP protocol

We run a MPLS enabled network with internet in a VRF. Management is in VRF default (no VRF). The IGP is OSPFv2. IPv6 is handled by the L3VPN functionality of MPLS. So is IPv4. The IPv4 that is controlled by OSPF is totally separate from everything except management and could really be any

Re: IGP protocol

From Asia region (Bhutan): > On 10 Nov 2018, at 1:03 am, im wrote: > > I heard that OSPF is only famous in asia region… Not necessarily :-) > 1. what is your backbone's IGP protocol? IS-IS > 2. why you choose it? OSPFv3 was quite flaky (could have been OS bugs), and

Re: IGP protocol

> On 13 Nov 2018, at 6:34 pm, Aled Morris via NANOG wrote: > > On Tue, 13 Nov 2018 at 05:54, Brandon Martin > wrote: > I was of the impression that there was a draft or similar for > single-topology (IPv4+IPv6) OSPF. Did anything ever come of that? > > >

Re: IGP protocol

mous in asia region... > So that, please could you explain me > > 1. what is your backbone's IGP protocol? > 2. why you choose it? > > > thanks,

Re: IGP protocol

On Tue, 13 Nov 2018 at 12:09, Saku Ytti wrote: > > On Tue, 13 Nov 2018 at 12:37, Mark Tinka wrote: > > > Main reasons: > > - Doesn't run over IP. > > Why is this upside? I've seen on two platforms (7600, MX) ISIS punted > on routers running ISIS without interface having ISIS. With no >

Re: IGP protocol

On Tue, 13 Nov 2018 at 16:27, Alain Hebert wrote: > For those that got involved in fixing a network that goes down due to > OSPF spoofed packets... (Before OSPFv2|3) > + Security for IS-IS Do you know connected host can't talk ISIS to you? ISIS is false security. In modern platforms

Re: IGP protocol

H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 On 11/13/18 05:34, Mark Tinka wrote: On 9/Nov/18 17:03, im wrote: 1. what is your backbone's IGP protocol? IS-IS. 2. why you choose it? Main reasons:     - Stringy, i.e., no "all must pay taxes to A

Re: IGP protocol

On Tue, 13 Nov 2018 at 12:37, Mark Tinka wrote: > Main reasons: > - Doesn't run over IP. Why is this upside? I've seen on two platforms (7600, MX) ISIS punted on routers running ISIS without interface having ISIS. With no ability to limit it, so any connected interface can DoS device with

Re: IGP protocol

On 13/Nov/18 07:52, Brandon Martin wrote: >   > > I was of the impression that there was a draft or similar for > single-topology (IPv4+IPv6) OSPF.  Did anything ever come of that? Multiple Address Families in OSPFv3. But NLRI is conveyed over IPv6, even for IPv4. First saw it in Junos 9,

Re: IGP protocol

On 9/Nov/18 17:03, im wrote: > > 1. what is your backbone's IGP protocol? IS-IS. > 2. why you choose it? Main reasons:     - Stringy, i.e., no "all must pay taxes to Area 0" decree.     - Integrated for IPv4 and IPv6.     - Doesn't run over IP. Mark.

Re: IGP protocol

On Tue, 13 Nov 2018 at 05:54, Brandon Martin wrote: > I was of the impression that there was a draft or similar for > single-topology (IPv4+IPv6) OSPF. Did anything ever come of that? > > Juniper support IPv4 families ("realms") in OSPFv3. Aled

Re: IGP protocol

To be fair, Microsoft only just recently added BGP support to RRAS in 2012... On Mon, Nov 12, 2018, 21:50 Scott Weeks > > --- valdis.kletni...@vt.edu wrote: > On Mon, 12 Nov 2018 20:21:26 +, "Naslund, Steve" > said: > > > 2. Most corporate networks will be running OSPF > and/or EIGRP as

Re: IGP protocol

On 11/12/18 3:21 PM, Naslund, Steve wrote: 1. Most large networks (service providers) supporting MPLS will be using ISIS as their IGP. Some will have islands of OSPF because not everything speaks ISIS. Notably, support for OSPF is somewhat common on "layer 3 switch" products while IS-IS

Re: IGP protocol

--- valdis.kletni...@vt.edu wrote: On Mon, 12 Nov 2018 20:21:26 +, "Naslund, Steve" said: > 2. Most corporate networks will be running OSPF and/or EIGRP as an IGP. And I'm sure there's still some crazies out there using RIPv2. :) -- Yes,

RE: IGP protocol

Yeah there are those. Steve -Original Message- From: Valdis Kletnieks On Behalf Of valdis.kletni...@vt.edu Sent: Monday, November 12, 2018 2:29 PM To: Naslund, Steve Cc: nanog@nanog.org Subject: Re: IGP protocol On Mon, 12 Nov 2018 20:21:26 +, "Naslund, Steve" said:

Re: IGP protocol

The war is over. In IETF the OSPF and ISIS working groups merged. Now all of it is “link-state routing”. https://datatracker.ietf.org/group/lsr/about/

Re: IGP protocol

On Mon, 12 Nov 2018 20:21:26 +, "Naslund, Steve" said: > 2. Most corporate networks will be running OSPF and/or EIGRP as an IGP. And I'm sure there's still some crazies out there using RIPv2. :) pgpPMFjssCptV.pgp Description: PGP signature

RE: IGP protocol

will be running OSPF and/or EIGRP as an IGP. Steven Naslund Chicago IL -Original Message- From: NANOG On Behalf Of im Sent: Friday, November 9, 2018 9:03 AM To: nanog@nanog.org Subject: IGP protocol goodmorning nanog, I heard that OSPF is only famous in asia region... So that, please could

Re: IGP protocol

you explain me > > 1. what is your backbone's IGP protocol? > 2. why you choose it? > > > thanks,

Re: IGP protocol

> On Nov 9, 2018, at 10:03 AM, im wrote: > > goodmorning nanog, > > I heard that OSPF is only famous in asia region... > So that, please could you explain me > > 1. what is your backbone's IGP protocol? IS-IS > 2. why you choose it? Single topology, suppo

Re: IGP protocol

On Sat, 10 Nov 2018, im wrote: goodmorning nanog, I heard that OSPF is only famous in asia region... So that, please could you explain me 1. what is your backbone's IGP protocol? 2. why you choose it? This is a 20+ year old discussion. There are lots of comparisons. https://nsrc.org

IGP protocol

goodmorning nanog, I heard that OSPF is only famous in asia region... So that, please could you explain me 1. what is your backbone's IGP protocol? 2. why you choose it? thanks,