North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IS-IS protocol implementation problem

  • From: smd
  • Date: Sun Oct 29 21:05:01 2000

| Because IS-IS is an IGP protocol, it does not propagate between
| providers.

This is not the reason why it will not propagate between separate ASes.
The "saving factor" here is that nobody really routes CLNS natively,
and therefore, the maximum hop-count of a CLNS datagram is 1.

It would be possible to cascade an IS-IS problem across multiple
separate ASes in the unfortunate event that more than one AS
treated a single LAN (e.g. an IX) or point-to-point link as an
internal one across which IS-IS is run, with the same key.
This kind of mutual poisoning between separate ASes happens with some
regularity, amusingly often with RIP as the IGP.

An IGP based on a natively routed protocol (including routed CLNS)
widens the scope for inter-AS poisoning.  This is why it is important
to have good authentication in one's IGP.  Unfortunately, *no* IGPs
currently in wide use have any such thing. :-(

For clarity, a separate AS is really short hand for, "a collection
of routers participating in a common IGP instantiation"; there are
cases where different ASes (in the BGP sense) share a common IGP.
Also, "propagating between providers" seems to ignore the fact that there
are single providers who have multiple IGP instantiations.


P.S.: any chance you can be a bit more concrete about what's happening?