Could You Use IS-IS Instead of BGP for Routing on Hosts?
One of my readers sent me an interesting question a while ago:
Isn’t IS-IS a better fit for building L3-only networks than BGP, particularly considering that IS-IS already has a protocol to communicate with the end systems (ES-IS)?
In theory, he’s correct (see also this blog post).
In practice, ES-IS part never moved from CLNS to IP support because nobody felt the need to implement any host-to-router communication (apart from ARP and ICMP) in the IPv4 world. IPv6 sort-of reinvented ES-IS with Duplicate Address Detection and Neighbor Discovery, but never enforced the need for an end system to continuously announce itself.
Neighbor Discovery implementation on a router (ARP or IPv6 ND) could continuously probe the end hosts to verify they’re still reachable. Cisco is doing that whenever you’re using CEF switching, and Cumulus Networks uses the same approach with their Redistribute ARP functionality, as do several EVPN implementations.
In the IPv4 world that’s purely an implementation decision. IPv6 includes Neighbor Unreachability Detection but only for “the neighbors to which a node is sending packets” (section 7.3 of RFC 4861). Doing that for idle nodes is yet again implementation-dependent (NUD is traffic-driven, while we're looking for a topology-driven mechanism). In any case, we're misusing L2 address resolution protocol as a host reachability protocol, and the burden to figure out what’s going on is on the router, not on the end-host as it should be in a scalable network architecture.
Summary: The only way to get somewhat reliable IP address mobility (or service advertisement) in an IP environment is to use a routing protocol. Some people prefer RIP, others use BGP… just make sure you’re not using OSPF ;)
So people don't like OSPF on their hosts. One reason is that you don't want your host to become a transit-hop in your network. I am sure there will always be some weird corner-cases where a partitioned network will try to route through a host, if it sees the opportunity. Any other reasons ?
If the "risk of having your host act as a transit router" is your biggest fear, then ISIS might be a good alternative over OSPF. ISIS has the "overload-bit". This bit was intended to be used when a router runs out of memory. By setting the overload-bit, all other routers in the network will know that this router's RIB and FIB can not be trusted anymore. And therefor they will router traffic around that failing router.
So a host could run ISIS and always set the overload bit. The host would see all prefixes in the network. The host can advertise just its own ip-address. Without any risk that the host would ever be used for transit. OSPF can't do that. (Setting all metrics to MAX_METRIC wouldn't do the trick).
Still, I think someone should do a proper ESIS version for IPv4 and IPv6. To replace IPv6-ND. And so we can get rid of VRRP/HSRP, redistribute-arp, running routing protocols on hosts, and a bunch of other kludges.