[31919] in North American Network Operators' Group
Re: IS-IS protocol implementation problem
daemon@ATHENA.MIT.EDU (smd@clock.org)
Sun Oct 29 21:03:48 2000
From: smd@clock.org
To: nanog@merit.edu, sean@donelan.com
Message-Id: <20001030020027Z27949-3370+8@cesium.clock.org>
Date: Sun, 29 Oct 2000 18:00:19 -0800
Errors-To: owner-nanog-outgoing@merit.edu
| Because IS-IS is an IGP protocol, it does not propagate between
| providers.
This is not the reason why it will not propagate between separate ASes.
The "saving factor" here is that nobody really routes CLNS natively,
and therefore, the maximum hop-count of a CLNS datagram is 1.
It would be possible to cascade an IS-IS problem across multiple
separate ASes in the unfortunate event that more than one AS
treated a single LAN (e.g. an IX) or point-to-point link as an
internal one across which IS-IS is run, with the same key.
This kind of mutual poisoning between separate ASes happens with some
regularity, amusingly often with RIP as the IGP.
An IGP based on a natively routed protocol (including routed CLNS)
widens the scope for inter-AS poisoning. This is why it is important
to have good authentication in one's IGP. Unfortunately, *no* IGPs
currently in wide use have any such thing. :-(
For clarity, a separate AS is really short hand for, "a collection
of routers participating in a common IGP instantiation"; there are
cases where different ASes (in the BGP sense) share a common IGP.
Also, "propagating between providers" seems to ignore the fact that there
are single providers who have multiple IGP instantiations.
Sean.
P.S.: any chance you can be a bit more concrete about what's happening?
