I was listening to very interesting Future of Networking with Fred Baker a long while ago and enjoyed Fred’s perspectives and historical insight, until unfortunately Greg Ferro couldn’t possibly resist the usual bashing of traditional routing protocols and praising of intent-based (or flow-based or SDN or…) whatever.
Here’s what I understood he said around 35:17
The problem with the dynamic or distributed algorithms is that they quite often do unexpected things.
You might think it was a Freudian slip-of-tongue, but it seems to be a persistent mantra. Recently it became “a fallacy that a network will ever be reliable or predictable.”
Well, I totally believe that routing algorithms like OSPF would surprise Greg or myself (as I often admit during my network automation workshops), but that only means that with all the nerd knobs we added they became too complex for mere mortals to intuitively grasp their behavior.
On a side note, I would love to see how expected the results of complex intent-based systems will be.
Anyway, let’s move from subjective unexpected to objective unpredictable or non-deterministic.
Interestingly, with the clear split between information distribution (LSA flooding) and route computation (SPF algorithm), link-state routing protocols are one of the most predictable distributed algorithms out there, and can in the worst-case scenario result in temporary forwarding loops due to eventual consistency of topology database.
Assuming you have infinite patience, it’s quite easy to predict what an OSPF network will look like:
- Take topology database;
- Follow all the intricate rules in various OSPF-related RFCs;
- Get the final forwarding table.
Speaking about the intricate rules: many of them seem like Rube Goldberg fixes introduced to correct unexpected OSPF behavior, probably proving my “lack of intuitive grasp” hypothesis.
Nobody in his right mind would do something like that, but once the steps to a solution are well-defined, it’s trivial (from the perspective of a mathematical proof, not the actual implementation) to carry them out… and there are tools like Cariden’s MATE that do exactly that.
However, because it’s easier to not spend money on something that would prevent an event with uncertain probability (network going down due to misconfigured OSPF, or losing customer data due to an intrusion), vendors like Cariden have relatively few customers, resulting in expensive tools.
Of course there’s another way of dealing with the “unexpectedness” of OSPF: stop being a MacGyver, forget the nerd knobs, keep your network design as simple as possible, and use the absolute minimum subset of features you need to get the job done.