OSPF and IS-IS: Choosing an IGP for Large-Scale Networks

9.2. Security and Reliability Features

OSPF and IS-IS have a number of features—some of them part of the protocol specifications, some of them extensions of the protocol, and some of them inherent characteristics of the protocol—that increase both the security and the reliability of the protocol.

9.2.1. Inherent Security

IS-IS has one significant security advantage over OSPF, which is that the protocol messages themselves are not carried in IP packets. Because of this, IS-IS cannot be attacked by sending faked protocol messages from an external source. Attacks on IS-IS require physical access to a link or router, or logical access such as Telnet or SNMP to a router running IS-IS.

In cases where OSPF accepts only IP packets addressed to the ...

Get OSPF and IS-IS: Choosing an IGP for Large-Scale Networks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

OSPF and IS-IS: Choosing an IGP for Large-Scale Networks by Jeff Doyle

9.2. Security and Reliability Features

9.2.1. Inherent Security

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly