OSPF vs IS-IS

A recent discussion on the nanog mailing list brought up some issues on the OSPF vs IS-IS, some which I am aware of but some that I hadn't seen before.

• OSPF runs directly over IP.  IS-IS uses CLNS (connectionless mode network service) over the link layer.
• OSPFv3 must be used for IPv6, but IS-IS can be used for both v4 and v6.
• OSPF has a hierarchy of 2 (area, AS) while IS-IS is being extended in the IETF for up to 8 levels of hierarchy (levels 1 to 8).
• Those that can route CLNS is dying out (not needed in most cases, though).
• Most switches don't have a way to protect IS-IS making it easy for an attacker to kill the box.
• IS-IS frames don't have a DSCP for QoS.
• Most implementation of IS-IS do not contain a proper CLNS implementation, but just a bunch of hacks to get the CLNS header and 802.3 header on the packet.
• No standard way to carry jumbo frames in 802.3, so vendors don't interoperate.
• Due to lack of LSP rollover, ISIS is subject to an attack vector which is very difficult to troubleshoot and resolve.

Secondary addresses and multinetting

Secondary addresses and multinetting are often confused with one another.  Some vendors even have CLI commands for multinetting that use the term secondary address.

Multinetting

Multinetting refers to the configuration of multiple subnets on a given IP interface.  In days prior to VLANs and the use of VLSM (variable length subnet mask) this was used as a way to configure multiple Class C subnets on the same IP interface so that one could have > 254 hosts reachable from that router port.  This functionality continues to be used for legacy reasons, but in most modern networks multinetting has more or less been superceded by the use of classes addressing via VLSM and VLANs, each with its own subnet.

Secondary addresses

Secondary addresses refers to the configuration of multiple IP addresses from the same subnet on a given IP interface. 

This is used by some standards-based protocols such as VRRP (RFC 5798) where we have a virtual IP and an interface IP address on a given interface.  The virtual IP address is the one configured as the default gateway on hosts and the VRRP master responds to ARP requests for that address.  On the other hand, the interface IP address typically is owned just by a given router and is used to reach the router when using protocols such as ping and ssh.  If one wants the router to receive protocol packets on the virtual IP address, it needs to be configured as a secondary address.  Additionally, a router will respond to any other addresses configured as secondary (that it doesn't own) when it becomes master.

In some legacy networks, hosts may be configured with different default gateway addresses within the same subnet.  In that case, secondary addresses are required even without VRRP.