A recent discussion on the nanog mailing list brought up some issues on the OSPF vs IS-IS, some which I am aware of but some that I hadn't seen before.
- OSPF runs directly over IP. IS-IS uses CLNS (connectionless mode network service) over the link layer.
- OSPFv3 must be used for IPv6, but IS-IS can be used for both v4 and v6.
- OSPF has a hierarchy of 2 (area, AS) while IS-IS is being extended in the IETF for up to 8 levels of hierarchy (levels 1 to 8).
- Those that can route CLNS is dying out (not needed in most cases, though).
- Most switches don't have a way to protect IS-IS making it easy for an attacker to kill the box.
- IS-IS frames don't have a DSCP for QoS.
- Most implementation of IS-IS do not contain a proper CLNS implementation, but just a bunch of hacks to get the CLNS header and 802.3 header on the packet.
- No standard way to carry jumbo frames in 802.3, so vendors don't interoperate.
- Due to lack of LSP rollover, ISIS is subject to an attack vector which is very difficult to troubleshoot and resolve.
