Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

6 week online course

Start now!
back to overview

Could You Use IS-IS Instead of BGP for Routing on Hosts?

One of my readers sent me an interesting question a while ago:

Isn’t IS-IS a better fit for building L3-only networks than BGP, particularly considering that IS-IS already has a protocol to communicate with the end systems (ES-IS)?

In theory, he’s correct (see also this blog post).

In practice, ES-IS part never moved from CLNS to IP support because nobody felt the need to implement any host-to-router communication (apart from ARP and ICMP) in the IPv4 world. IPv6 sort-of reinvented ES-IS with Duplicate Address Detection and Neighbor Discovery, but never enforced the need for an end system to continuously announce itself.

Neighbor Discovery implementation on a router (ARP or IPv6 ND) could continuously probe the end hosts to verify they’re still reachable. Cisco is doing that whenever you’re using CEF switching, and Cumulus Networks uses the same approach with their Redistribute ARP functionality, as do several EVPN implementations.

In the IPv4 world that’s purely an implementation decision. IPv6 includes Neighbor Unreachability Detection but only for “the neighbors to which a node is sending packets” (section 7.3 of RFC 4861). Doing that for idle nodes is yet again implementation-dependent (NUD is traffic-driven, while we're looking for a topology-driven mechanism). In any case, we're misusing L2 address resolution protocol as a host reachability protocol, and the burden to figure out what’s going on is on the router, not on the end-host as it should be in a scalable network architecture.

Summary: The only way to get somewhat reliable IP address mobility (or service advertisement) in an IP environment is to use a routing protocol. Some people prefer RIP, others use BGP… just make sure you’re not using OSPF ;)

4 comments:

  1. with EVPN (even on vxlan) the local hosts for which vtep has identified the IP address via arp or dhcp can be redistribute in BGP as type-5 host-route. Combining this feature with evpn mac-mobility you can get fast convergent on IP migrations also among different data centers.

    ReplyDelete
    Replies
    1. Agree (added EVPN to the list of technologies doing that). However, that's misusing L2 address resolution protocol as a host reachability protocol. Bad form.

      Delete
    2. I view ISIS and ESIS as 2 totally different protocols.

      So people don't like OSPF on their hosts. One reason is that you don't want your host to become a transit-hop in your network. I am sure there will always be some weird corner-cases where a partitioned network will try to route through a host, if it sees the opportunity. Any other reasons ?

      If the "risk of having your host act as a transit router" is your biggest fear, then ISIS might be a good alternative over OSPF. ISIS has the "overload-bit". This bit was intended to be used when a router runs out of memory. By setting the overload-bit, all other routers in the network will know that this router's RIB and FIB can not be trusted anymore. And therefor they will router traffic around that failing router.

      So a host could run ISIS and always set the overload bit. The host would see all prefixes in the network. The host can advertise just its own ip-address. Without any risk that the host would ever be used for transit. OSPF can't do that. (Setting all metrics to MAX_METRIC wouldn't do the trick).

      Still, I think someone should do a proper ESIS version for IPv4 and IPv6. To replace IPv6-ND. And so we can get rid of VRRP/HSRP, redistribute-arp, running routing protocols on hosts, and a bunch of other kludges.

      Delete
  2. Speaking of the OL bit has its uses. I used it exclusively in a Fabricpath design a couple of years back for traffic control when needed but primarily for maintenance uses. Created an ops menu in NXOS so the ops, with one key, can put the switch into OL, FP routes around it, no impact to users activity(heavily tested) and the ops can work on the switch. Very fast. ISIS has some interesting knobs.



    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Sidebar