[c-nsp] "ipv6 router ospf" vs "router ospfv3"

Mark Tinka mark.tinka at seacom.mu
Tue Mar 25 12:17:43 EDT 2014


On Tuesday, March 25, 2014 06:12:52 PM Gert Doering wrote:

> We use BGP for that.  I just don't trust hosts taking
> part in my IGP...

As this is internal, we can reasonably trust the servers, 
since they are under the management of the the Network team.

However, we do have strict routing policies for the IGP 
redistribution between OSPF and IS-IS that permit only the 
Anycast address from the servers, and nothing else.

We don't even allow the server to see the router's Loopback 
address (not that that adds any extra level of security, 
but...).

> (Which, admittedly, needs lots more configuration to do
> anycast for IPv4+IPv6, as opposed to "just turn on
> OSPFv3 multi-af on the interface")

Using the IGP works well for us because we can always be 
sure that cost (which for us is latency + bandwidth) is 
always true, and uninfluenced by any potential BGP factors.

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20140325/bd732b17/attachment.sig>


More information about the cisco-nsp mailing list