Jeff Doyle chat transcript

You've read Routing TCP/IP, you follow the Jeff Doyle on IP Routing blog, now get in front of Jeff Doyle live. He will answer your questions on IP routing, Internet scaling, NSF, IPv6, OSPF, BGP, time, space and the meaning of life.

Moderator-JulieRouting TCP/IP, Volumes I (read an excerpt) and II.  He also writes the popular IP Routing blog for Network World's Cisco Subnet. Jeff is an expert on all things routing and is ready to answer your questions. So, let's get started.

Hello and welcome to today's Network World Chat. Our guest is Jeff Doyle.  Jeff is the well-known author of the CCIE bible,

Jeff_Doyle

Hi, I'm Jeff Doyle of the consulting firm Jeff Doyle and Associates. This is the first time Network World has tried a live chat, so you and I get to be guinea pigs for this mad little experiment. I'd like to thank my friends at Network World for inviting me to help out on this project. I'm all set up, loaded with caffeine, and ready to demonstrate to you both what a terrible typist I am and how little I know, so let's get started! First question?

(Pre-submitted question): Can OSPFv3 support IPv4, or is it only for IPv6?

Jeff_Doyle

Right now, OSPFv3 only supports IPv6. So if you want to route both IPv4 and IPv6, you need to run both OSPFv2 and OSPFv3. But there are currently proposals in the IETF to add "address family" support to OSPFv3, which primarily means adding IPv4 support. I hope this happens, both because running two versions of OSPF is an operational and scaling hassle and because OSPFv3 is an improved, more modern version of the protocol.

Plnnightsky

Those networks using IPv4 addresses, will they have to completely redo their networks to IPv6 or can existing IPv4 be mapped IPv6  i.e. 1.1.1.1  --> aa:aa:1:1:1:1?

Jeff_Doyle

Although there are no standard ways to incorporate IPv4 addresses (other than some tunneling protocols) there are a number of tricks you can use to do it. So yes, you can incorporate IPv4 addresses.

Bo

Jeff, thanks for doing this. I've read over the years about a concept called "network coding" that I understand some people think could eventually play a big role in enterprise and carrier networks, perhaps even replacing traditional switch and router architectures. Are you familiar with network coding and do you have any thoughts on what impact it could have on enterprise networks in the near term?

Jeff_Doyle

I'm afraid I haven't heard much about network coding. What are the sources on this?

Moderator-Keith

Update on network coding definitions:

Wikipedia entry: http://en.wikipedia.org/wiki/Network_coding

Bo also contributed this link from Scientific American:

http://scientificamerican.com/article.cfm?articleID=77129353-E7F2-99DF-37738629167B4856&chanID=sa006

SteveEyler

What tools have you used to gain your mastery of the TCP/IP routing?

Jeff_Doyle

Mark Twain said the three secrets to being a good writer are Write, Write, and Write. The same applies to networking knowledge. No substitute to long experience. Volunteer for as much as you can, keep up with the IETF working groups, and read a lot.

Moderator-Julie

While we give Jeff time to type up another answer, here is another question from those submitted in advance.

Q: I understand the need for password protection for BGP, but is it really needed for OSPF? After all, OSPF is pretty well protected from outside attacks just because of the way it works.

Jeff_Doyle

While attacks against BGP are certainly more common (as the "protocol that runs the Internet" it is a more attractive and more available target), but OSPF is not as impervious as many think. While attacks usually require compromising a router or link, there are distinct vulnerabilities. For example, while most OSPF packets are multicast there are some unicast (DR ACKs, for instance) that can present openings. And there are tools available like OSPF Attack Shell that can exploit these openings to establish adjacencies and cause some havoc. Bottom line: Any "automatic" protocol by nature removes some control from you, and must be protected. So always use strong password protection for your OSPF adjacencies, always configure specific neighbor addresses for adjacencies, always use strong filtering, and never, ever run OSPF on a link external to your AS.

ccie11664

Does a static default route "ip default route 0.0.0.0 0.0.0.0" have to point to an address on a directly connected network?

Jeff_Doyle

It can point to an address or an interface, as I recall.

Tony

When IPv6 is coming and how it will affect the Internet?

Jeff_Doyle

July 13, 2010. Just kidding. There's a lot of debate on that, but I do think you will see IPv6 taking off in the next couple of years. Now is the time to be preparing for it.

William

In the older Cisco routers, there was a way to do Slit Horizon where a packet would be redirected back out the same interface it came in on. Is there a way to do this in the newer routers or the new ASA boxes?

Jeff_Doyle

I'm afraid I don't know the answer to that. I haven't found a reason to do it in a while. Thanks! Please ping me offline later (jdoyle@doyleassociates.net) and we can discuss it after I've had a chance to educate myself.

Moderator-Julie

We have another question submitted in advance., while Jeff continues to answer live questions.

Q: Do you see any advantages to using RIP instead of OSPF or EIGRP?

Jeff_Doyle

Someone at the last NANOG said "RIP" now stands for "Rest In Peace," and I entirely agree. OSPF and EIGRP are no more difficult to configure than EIGRP, so why run an ancient, slow, and vulnerable protocol? You occasionally run into equipment that only supports RIP, but my opinion is that if you need dynamic routing, equipment like that has no place in your network. If your routing needs are simple, use static routes.

Douglas20St.Clair

Back in the old days (when there were only switched circuits) one way of protecting your data was to lease a private line. The need for privacy has not gone away. Other than going back to leased lines is there any way to regain the same level of privacy?

Jeff_Doyle

Absolutely. MPLS, and particularly MPLS-based VPNs, are a reliable and cheap way of replacing private lines; most large service providers support L3 and L2 MPLS VPNs, plus Virtual Private LAN Service (VPLS).

ccie11664

Do you know of any major providers exchanging MPLS packets with BGP?

Jeff_Doyle

All of them, as far as I know. Multiprotocol BGP is key to supporting MPSL VPNs, and from an ISP service provider's point of view it makes sense to use BGP for support of as many technologies as possible.

Moderator-Julie

Jeff is working on another live question. So here's the answer from another one submitted in advance.

Q: Why in the OSPFv2 we need to be connected to the backbone area 0 to go  from one area to other area? Or let's take an example: I get one router with area 1 on one link and connected to area 2 on the second link,  then the adjacent router with one link in area 2 and another one in area  0. I use my area virtual-link to connect area 1 to area 0 and allow  the inter-area LSAs. What's the best answer for the question on WHY we do that , WHY we need to connect these two areas to the backbone area 0?

Jeff_Doyle

In a nutshell: loop avoidance. As you know, Link State 101 teaches that one of the big advantages of a link state protocol over a distance vector protocol is that link state has a "picture" of the network topology, and can therefore calculate loop-free routes. Distance vector knows only what its directly connected neighbors tell it ("I have a route to destination X. Trust me."), and so can be fooled, resulting in routing loops.

But if you look at what is happening at the edge of an OSPF area, you have an ABR telling everyone in the area, "I have a route to destination X. Trust me." So inter-area, OSPF is distance vector, not link state, and so is vulnerable to routing loops.

How to solve it? Make sure that physically there *are* no loops. 

That's what Area 0 is all about: Make a rule that says there is only one backbone area, and that all inter-area traffic must pass through this backbone area, and you have a loop-free topology.

By the way, you have the same principle at work in IBGP: There is no mechanism for detecting loops, so a default rule is in place (full mesh IBGP topologies) that eliminates the possibility of loops.

Raj

Jeff, Is there work on changing OSPF metrics based on BGP Attributes on the fly. I guess my question is on more on "Dynamically changing policy" based on events in the Traffic-events in the network. Thanks.

Jeff_Doyle

Broadly, there have been quite a few proposals for dynamic policy changes over the years. There's consistent concern around them for scaling and security; anything dynamic opens up the potential for abuse.

Motohead

We recently replaced the core switch and implemented the OSPF protocol in place of RipV2. What would the advantages going to OSPFv2 or 3?

Jeff_Doyle

Good that you got rid of RIP, which (as I said in another post) these days stands for "Rest in Peace". Right now, for IPv4 your only OSPF choice is OSPFv2; OSPFv3 only supports IPv6. But there is talk of adding address family support to OSPFv3, which essentially means supproting IPv4. I hope it happens, becuase OSPFv3 is an improved protocol over OSPFv2.

Tony

Jeff Doyle, thank you for this opportunity. I want to know what in your opinion life is? Is it IPv4 IPv6 or some protocol?

Jeff_Doyle

Well, anyone that has heard me speak at recent seminars would think my opinion of life is IPv6 :-) In reality, the IP networking industry is a blast; I can't imagine ever retiring. But for opinion of life? It's all about skiing...

Motohead

Is there anything that sticks out in your mind that makes OSPFv3 better?

Jeff_Doyle

Scaling and simplicity. I've always been a big fan of IS-IS because of these qualities, and OSPFv3 has adopted some of them. However, these qualities really only show themselves at large-scale.

Mmconsulting

Do you think any vendor has successfully demonstrated so-called "non-stop routing"?

Jeff_Doyle

Every vendor tries to define it favorably for themselves, of course. I think you'll see some interesting things come out in Juniper's JUNOS 8.4, scheduled for release this month.

Terrys

Jeff, do you have any comments on the Internet routing table size with the transition to IPv6 and the desire of organizations to have some control over in-bound traffic by advertising longer prefixes through specific ISP links?

Jeff_Doyle

On the first part, I think IPv6 is going to significantly increase the size of the Internet routing table over the next 10 years --probably more than anyone is now projecting. There are a number of proposals for controlling this, but I'm pessimistic that they will happen. As for the second part, the "traffic engineering" practices you mention currently contribute to the routing table size (more than 50% of the current table is /24s!) and the practice will likely continue and get worse with IPv6, barring better technical or practice policies.

Raj

Jeff: Do you think the routers in the edges will start looking at Layer-7 headers and start making changes in the IP/MPLS header? Is this really going to catch on?

Jeff_Doyle

I've heard discussion, but I hope this doesn't happen at Layer 7. Routers have a specific L3 function, and shouldn't diverge. But for changing IP/MPLS, they do that already to some degree. It all depends on what kind of changes you are thinking of.

Raj

Jeff: If Humans develop telepathic powers then Router people may have to find another job.  Is it likely to happen soon?. :)

Jeff_Doyle

I can't even keep up with the current new crop of router engineers. The telepathic ones will have me moving to the fast-food industry...

Moderator-Julie

Jeff is working on another live question. So here's the answer from one submitted in advance.

Q: Someone recently called COS "poor man's bandwidth." Isn't COS always important when you have VoIP?

Jeff_Doyle: I'm amazed by the amount of time spent in many design sessions "tweaking" very complex CoS policies, with the misguided idea that it is somehow going to improve network performance. CoS is necessary, but in the same way an insurance policy is necessary: You want the protection but hope you never have to use it. All CoS does is, when bandwidth is insufficient and packets "must" be dropped, give you some control over "what" packets are dropped. If you want to run voice and video reliably and at quality, there is no substitution for sufficient bandwidth.

Rob Larsen

Hi Jeff, thanks for your time today!  In my previous job I worked on designing a multi-domain multi-AS MPLS network for a large public enterprise (using OSPF, MBGP and MPLS).  The customer's requirement was sub-second convergence, and (against my advice) they used very aggressive timers for BFD, OSPF and BGP, but found that this caused network instability.  My suggestion was to by all means keep BFD aggressive, but leave OSPF and BGP at defaults.  Are there any recommended guidelines as far as the interaction between these protocols are concerned (particularly with regard to achieving fast convergence) that I can refer them to?

Jeff_Doyle

I agree entirely with your position on aggressive timers, and have seen a number of networks suffer because of them. In most cases I recommend just staying with the vendors' specific defaults. But there are some other good tools for improving convergence, like MPLS FRR.

Nhguy

What will the impact of IPv6 be on home users with older gear that need to connect to a corporate environment running IPv6?

Jeff_Doyle

This is a big shortcoming in current IPv6 support: The only SOHO routers supporting IPv6 currently are in Japan, and those are not sold (as far as I know) outside the country. That market is so competitive, and has such tight margins, that the vendors are not going to dedicate development resources to IPv6 until customers demand it. On the good side, home routers are cheap, so when the need arises it will likely be a matter of replacing rather than upgrading.

Pkumar

On topic of MPLS with  different provider in different region routing  and class of service can be a real issue. I have heard there are RFC which provide Inter provider routing and class of service rather than customers doing the cross over for MPLS between carriers. Is this something carriers are doing now ?

Jeff_Doyle

There's been talk of it for a while, and attempts at standardization like IPSphere. This could be a big business case for carriers that can't extend profitable CoS capabilities to end-users. But so far there's not much implementation going on.

JG

Jeff, thanks for doing this chat. What do you see as the greatest security risk in routing today?

Jeff_Doyle

Poor software implementation and engineering. That's the number one cause of network outages, greatly outweighing malicious attacks.

ccie11664

In EIGRP, let's say you have two sites inter-connected via two different providers for redundancy.  Provider A and provider B are both using EIGRP to advertise your two site's networks to each other.  If you want to prefer one provider's path versus the other, would you use the "delay" command on your own routers or should you ask one provider to add 'delay' to their router.  Why?

Jeff_Doyle

Delay will work. But more importantly, I wouldn't use EIGRP, OSPF, or any other IGP to talk to a provider. Use EBGP.

B

Do you think mobile devices will give IPv6 a push?

Jeff_Doyle

Mobile has been cited for years as a driver for IPv6, but I don't think it will hasten adoption. I do, however, think there are significant advantage to MIPv6 over MIPv4, like elimination of foreign agents and the availability of address binding. Also, potentially better scaling.

Moderator-Julie

Jeff is working on another live question. So here's the answer from another one submitted in advance.

Q: Please tell me the structure of IPv6 and the changes it will bring, and when it will be implemented?

Jeff_Doyle

I'm not sure what you mean by the structure of IPv6, but I'm going to guess that you mean the structure of IPv6 addresses. Hard to go very far into that without drawing some pictures (I'm a whiteboard addict), but basically IPv6 addresses are 128 bits (rather than the 32 bits of IPv4) and are written in 8 16-bit hexadecimal segments separated by colons. The good news is that IPv6 addresses are easier to work with than IPv4: There is no variable length subnet masking, and the subnet fields are a part of the network (locator) portion, where they should be, rather than stolen from the host (identifier) portion. As for the changes it will bring, the biggest is simply the ability to continue building new IP infrastructure and developing new IP applications. IPv4 addresses are a limited resource and are increasingly limiting our ability to grow and innovate.

Mmconsulting

Is "graceful-restart" a reality so far as you know in enterprise networks? Or is it really an ISP thing?

Jeff_Doyle

Sure, graceful restart is available with all common routing protocols and is supported by Cisco and Juniper and others. Its a useful first step toward true NSR.

Raj

In our network we have equal cost MPLS primary paths.  Now it so happens when we set up the secondary-paths (hot-standby), then the secondary paths do not get set up. Because the primary path setup has chosen links such that no diversity for the secondary path is possible. Have you had a chance to deal with such problems, any solutions, suggestions etc. Thanks.

Jeff_Doyle

I have dealt with that quite a bit, but I'm not sure I can answer in any useful detail on this chat-- there are so many variables and it is so dependent on specific topologies and TE parameters. I'd be happy, however, to discuss it further with you offline (jdoyle@doyleassociates.net).

Moderator-Keith

We're about 5 minutes away from the conclusion of the chat. Please submit any final questions now...

Motohead

Would you know the procedure a person could use to get a 2500 series Cisco router to connect to the Internet using the "IP Unumbered" command on the Ethernet interface?

Jeff_Doyle

You'd have to talk to your provider. Most would probably object, because they want to have the visibility and control an IP address on a physical interface provides.

B

Why do you think ospfv3 scales better?

Jeff_Doyle

Primarily because the address semantics have been removed from the Type 1 LSAs (OSPFv3 has a new LSA for carrying addresses). So Type 1 LSAs do not get flooded, causing a new SPF run, every time an address changes. This can have significant impact on edge and PE devices.

Moderator-Keith

We've got one final question and answer coming from Jeff.

Pkumar

We have planning to multiple providers in different region with diverse path from same provider for redundancy. We are panning to use BGP. We not have OSPF network with multiple area. What is the best way to reach the final design. One of the main problems we're having during transition phase is one ospf and one BGP circuit during cutover.

Jeff_Doyle

Quick and completely inadequate answer is to manipulate administrative distances. FOr a more inteligent answer to this ratehr complex question, I'd be happy to discuss with you offline.

Moderator-Juliehttp://www.networkworld.com/community/?q=doyle

So, remember to keep reading Jeff's blog on Cisco Subnet at

Also, mark your calendars for 2 p.m. EDT, Friday, August 17. Our next chat is with Cool Tools columnist, Keith Shaw.

Then join us 2 p.m. EDT, Tuesday, August 28 for The truth about NAC with Joel Snyder.

Hope to see you then.

Moderator-Keithour Archive section on NetworkWorld.com. Thanks to Jeff Doyle for helping us out also!

Thanks again to everyone who attended today's chat. Again, the transcript of this will be in

Jeff_Doylejdoyle@doyleassociates.net.

Thanks, everyone, for participating! Feel free to contact me for further questions at

1 2 3 4 5 6 Page 1
Must read: 10 new UI features coming to Windows 10