Fortinet white logo
Fortinet white logo

Handbook

6.0.0

Comparison of dynamic routing protocols

Comparison of dynamic routing protocols

Each dynamic routing protocol was designed to meet a specific routing need. Each protocol does some things well and other things not so well. For this reason, choosing the right dynamic routing protocol for your situation isn't an easy task.

Features of dynamic routing protocols

Each protocol is better suited for some situations over others.

Choosing the best dynamic routing protocol depends on the size of your network, speed of convergence required, the level of network maintenance resources available, what protocols the networks you connect to are using, and so on. For more information about these dynamic routing protocols, see RIP, BGP, OSPF, and IS-IS.

Comparing RIP, BGP, and OSPF dynamic routing protocols

Protocol

RIP

BGP

OSPF / IS-IS

Routing algorithm

Distance vector, basic

Distance vector, advanced

Link-state

Common uses

Small, non-complex networks

Network backbone, ties multinational offices together

Common in large, complex enterprise networks

Strengths

Fast and simple to implement

Near universal support

Good when no redundant paths

Graceful restart

BFD support

Only needed on border routers

Summarize routes

Fast convergence

Robust

Little management overhead

No hop count limitation

Scalable

Weakness

Frequent updates can flood network

Slow convergence

Maximum 15 hops may limit network configuration

Required full mesh in large networks can cause floods

Route flap

Load-balance multi-homed networks

Not available on low-end routers

Complex

No support for unequal cost multipath routing

Route summary can require network changes

Authentication

Optional authentication using text string or MD5 password.

(RIP v1 has no authentication)

IPv6 support

Only in RIPng

Only in BGP4+

Only in OSPF6 / Integrated IS-IS

Routing protocols

  • Routing Information Protocol (RIP) uses classful routing, as well as incorporating various methods to stop incorrect route information from propagating, such as the poisoned horizon method. However, on larger networks its frequent updates can flood the network and its slow convergence can be a problem.
  • Border Gateway Protocol (BGP) has been the core Internet backbone routing protocol since the mid-1990s, and is the most used interior gateway protocol (IGP). However, some configurations require full mesh connections which flood the network, and there can be route flap and load balancing issues for multihomed networks.
  • Open Shortest Path First (OSPF) is commonly used in large enterprise networks. It is the protocol of choice, mainly due to its fast convergence. However, it can be complicated to setup properly.
  • Intermediate System to Intermediate System (IS-IS) protocol allows routing of ISO’s OSI protocol stack Connectionless Network Service (CLNS). IS-IS is an Interior Gateway Protocol (IGP) that's not intended to be used between Autonomous Systems (ASes). IS-IS is a link state protocol well-suited to smaller networks that's in widespread use and has near universal support on routing hardware.
  • Multicast addressing is used to broadcast from one source to many destinations efficiently. Protocol Independent Multicast (PIM) is the protocol commonly used in enterprises, multimedia content delivery, and stock exchanges.

Routing algorithm

Each protocol uses a slightly different algorithm for choosing the best route between two addresses on the network. The algorithm is the intelligent part of a dynamic protocol because the algorithm is responsible for deciding which route is best and should be added to the local routing table. RIP and BGP use distance vector algorithms, where OSPF and IS-IS use link-state or a shortest path first algorithm.

Vector algorithms are essentially based on the number of hops between the originator and the destination in a route, possibly weighting hops based on how reliable, fast, and error-free they are.

The link-state algorithm used by OSPF and IS-IS is called the Dijkstra algorithm. Link-state treats each interface as a link and records information about the state of the interface. The Dijkstra algorithm creates trees to find the shortest paths to the routes it needs based on the total cost of the parts of the routes in the tree.

For more information about the routing algorithm used, see Distance vector versus link-state protocols.

Authentication

If an attacker gains access to your network, they can masquerade as a router on your network to either gain information about your network or disrupt network traffic. If you have a high quality firewall configured, it will help your network security and stop many of these types of threats. However, the main method for protecting your routing information is to use authentication in your routing protocol. Using authentication on a FortiGate and other routers, prevents access by attackers because all routers must authenticate with passwords, such as MD5 hash passwords, to ensure they are legitimate routers.

When you configure authentication on your network, ensure that you configure it the same way on all devices on the network. Failure to do so will create errors and outages as those forgotten devices fail to connect to the rest of the network.

For example, to configure an MD5 key of 123 on an OSPF interface called ospf_test, enter the following CLI commands:

config router ospf

config ospf-interface

edit ospf_test

set authentication md5

set md5-key 123

next

end

Convergence

Convergence is the ability of a networking protocol to re-route around network outages. Static routing can't do this. Dynamic routing protocols can all converge, but take various amounts of time to do this. Slow convergence can cause problems, such as network loops, which degrade network performance.

You may also hear robustness and redundancy used to describe networking protocols. In many ways, they're the same thing as convergence. Robustness is the ability to keep working even though there are problems, including configuration problems as well as network outages. Redundancy involves having duplicate parts that can continue to function in the event of some malfunction, error, or outage. It's relatively easy to configure dynamic routing protocols to have backup routers and configurations that will continue to function no matter what the network problem is, short of a total network failure.

IPv6 support

IPv4 addressing is in common use everywhere around the world. IPv6 has much larger addresses and it's used by many large companies and government departments. IPv6 isn't as common as IPv4 yet, but more companies are adopting it.

If your network uses IPv6, your dynamic routing protocol must support it. None of the dynamic routing protocols supported IPv6 originally, but they all have additions, expansions, or new versions that now support IPv6. For more information, see RIP, BGP, OSPF, and IS-IS.

When to adopt dynamic routing

Static routing is more than enough to meet your networking needs when you have a small network. However, as your network grows, the question you need to answer is at what point do you adopt dynamic routing in your networking plan and start using it in your network? The main factors in this decision are typically budget, current network size and topology, expected network growth, and available resources for ongoing maintenance.

Budget

When making any business decision, you must always consider your budget. Static routing doesn't involve special hardware, fancy software, or expensive training courses.

Dynamic routing can include all of these extra expenses. Any new hardware, such as routers and switches, need to support the routing protocols that you choose. Network management software and routing protocol drivers may also be necessary to help configure and maintain your more complex network. If the network administrators are not well versed in dynamic routing, you must budget either a training course or some hands-on learning time so they can administer the new network with confidence. Together, these factors can impact your budget.

Additionally, people will always account for network starting costs in the budgets but usually leave out the ongoing cost of network maintenance. Any budget must provide for the hours that will be spent on updating the network routing equipment and fixing any problems. Without that money in the budget, you may end up back at static routing before you know it.

Current network size and topology

As stated earlier, static routing works well on small networks. As those networks get larger, routing takes longer, routing tables get very large, and general performance isn't what it could be.

Topology is a concern as well. If all your computers are in one building, it is much easier to stay with static routing longer. However, connecting a number of locations will be easier with the move to dynamic routing.

If you have a network of 20 computers, you can still likely use static routing. If those computers are in two or three locations, static routing will still be a good choice for connecting them. Also, if you just connect to your ISP and don't worry about any special routing to do that, you're likely safe with just static routing.

If you have a network of 100 computers in one location, you can use static routing but it will be slower, more complex, and there won't be much room for expansion. If those 100 computers are spread across three or more locations, dynamic routing is the way to go.

If you have 1000 computers, you definitely need to use dynamic routing no matter how many locations you have.

Hopefully this section has given you an idea of what results you'll likely experience from different sized networks using different routing protocols. Your choice of which dynamic routing protocol to use is partly determined by the network size and topology.

Expected network growth

You may not be sure if your current network is ready for dynamic routing. However, if you're expecting rapid growth in the near future, it's a good idea to start planning for that growth now so you're ready for the coming expansion.

Static routing is very labor intensive. Each network device’s routing table needs to be configured and maintained manually. If there's a large number of new computers being added to the network, they each need to have the static routing table configured and maintained. If devices are being moved around the network frequently, they must also be updated each time.

Instead, consider putting dynamic routing in place before the new computers are installed on the network. The installation issues can be worked out with a smaller and less complex network, and when the new computers or routers are added to the network there will be nowhere near the level of manual configuration required. Depending on the level of growth, the labor savings can be significant. For example, in an emergency you can drop a new router into a network or AS, wait for it to receive the routing updates from its neighbors, and then remove one of the neighbors. While the routes will not be the most effective possible, this method is much less work than static routing in the same situation, with less chance of mistakes.

Also, as your network grows and you add more routers, the new routers can help share the load in most dynamic routing configurations. For example, if you have 4 OSPF routers and 20,000 external routes, those few routers will be overwhelmed. But a network with 15 OSPF routers will be better able to handle that number of routes. However, be aware that adding more routers to your network will increase the amount of updates sent between the routers, which will use up a greater part of your bandwidth and use more bandwidth overall.

Available resources for ongoing maintenance

As explained in the budget section, there must be resources dedicated to ongoing network maintenance, upgrades, and troubleshooting. These resources include administrator hours to configure and maintain the network, training for the administrator (if needed), extra hardware and software as needed, and possible extra staff to help the administrator in emergencies. Without these resources, you'll quickly find the network reverting to static routing out of necessity. This is because:

  • Routing software updates require time
  • Routing hardware updates require time
  • Office reorganizations or significant personnel movement require time from a networking point of view
  • Networking problems that occur, such as failed hardware, require time to locate and fix the problem

If resources to accomplish these tasks are not budgeted, the tasks will either not happen at the required level to continue operation or not happen at all. This will result in both the network administration staff and the network users being very frustrated.

A lack of a maintenance budget will also result in an increasingly heavy reliance on static routing as the network administrators are forced to use quick fixes for problems that come up. This invariably involves going to static routing, and dropping the more complex and time-consuming dynamic routing.

Comparison of dynamic routing protocols

Comparison of dynamic routing protocols

Each dynamic routing protocol was designed to meet a specific routing need. Each protocol does some things well and other things not so well. For this reason, choosing the right dynamic routing protocol for your situation isn't an easy task.

Features of dynamic routing protocols

Each protocol is better suited for some situations over others.

Choosing the best dynamic routing protocol depends on the size of your network, speed of convergence required, the level of network maintenance resources available, what protocols the networks you connect to are using, and so on. For more information about these dynamic routing protocols, see RIP, BGP, OSPF, and IS-IS.

Comparing RIP, BGP, and OSPF dynamic routing protocols

Protocol

RIP

BGP

OSPF / IS-IS

Routing algorithm

Distance vector, basic

Distance vector, advanced

Link-state

Common uses

Small, non-complex networks

Network backbone, ties multinational offices together

Common in large, complex enterprise networks

Strengths

Fast and simple to implement

Near universal support

Good when no redundant paths

Graceful restart

BFD support

Only needed on border routers

Summarize routes

Fast convergence

Robust

Little management overhead

No hop count limitation

Scalable

Weakness

Frequent updates can flood network

Slow convergence

Maximum 15 hops may limit network configuration

Required full mesh in large networks can cause floods

Route flap

Load-balance multi-homed networks

Not available on low-end routers

Complex

No support for unequal cost multipath routing

Route summary can require network changes

Authentication

Optional authentication using text string or MD5 password.

(RIP v1 has no authentication)

IPv6 support

Only in RIPng

Only in BGP4+

Only in OSPF6 / Integrated IS-IS

Routing protocols

  • Routing Information Protocol (RIP) uses classful routing, as well as incorporating various methods to stop incorrect route information from propagating, such as the poisoned horizon method. However, on larger networks its frequent updates can flood the network and its slow convergence can be a problem.
  • Border Gateway Protocol (BGP) has been the core Internet backbone routing protocol since the mid-1990s, and is the most used interior gateway protocol (IGP). However, some configurations require full mesh connections which flood the network, and there can be route flap and load balancing issues for multihomed networks.
  • Open Shortest Path First (OSPF) is commonly used in large enterprise networks. It is the protocol of choice, mainly due to its fast convergence. However, it can be complicated to setup properly.
  • Intermediate System to Intermediate System (IS-IS) protocol allows routing of ISO’s OSI protocol stack Connectionless Network Service (CLNS). IS-IS is an Interior Gateway Protocol (IGP) that's not intended to be used between Autonomous Systems (ASes). IS-IS is a link state protocol well-suited to smaller networks that's in widespread use and has near universal support on routing hardware.
  • Multicast addressing is used to broadcast from one source to many destinations efficiently. Protocol Independent Multicast (PIM) is the protocol commonly used in enterprises, multimedia content delivery, and stock exchanges.

Routing algorithm

Each protocol uses a slightly different algorithm for choosing the best route between two addresses on the network. The algorithm is the intelligent part of a dynamic protocol because the algorithm is responsible for deciding which route is best and should be added to the local routing table. RIP and BGP use distance vector algorithms, where OSPF and IS-IS use link-state or a shortest path first algorithm.

Vector algorithms are essentially based on the number of hops between the originator and the destination in a route, possibly weighting hops based on how reliable, fast, and error-free they are.

The link-state algorithm used by OSPF and IS-IS is called the Dijkstra algorithm. Link-state treats each interface as a link and records information about the state of the interface. The Dijkstra algorithm creates trees to find the shortest paths to the routes it needs based on the total cost of the parts of the routes in the tree.

For more information about the routing algorithm used, see Distance vector versus link-state protocols.

Authentication

If an attacker gains access to your network, they can masquerade as a router on your network to either gain information about your network or disrupt network traffic. If you have a high quality firewall configured, it will help your network security and stop many of these types of threats. However, the main method for protecting your routing information is to use authentication in your routing protocol. Using authentication on a FortiGate and other routers, prevents access by attackers because all routers must authenticate with passwords, such as MD5 hash passwords, to ensure they are legitimate routers.

When you configure authentication on your network, ensure that you configure it the same way on all devices on the network. Failure to do so will create errors and outages as those forgotten devices fail to connect to the rest of the network.

For example, to configure an MD5 key of 123 on an OSPF interface called ospf_test, enter the following CLI commands:

config router ospf

config ospf-interface

edit ospf_test

set authentication md5

set md5-key 123

next

end

Convergence

Convergence is the ability of a networking protocol to re-route around network outages. Static routing can't do this. Dynamic routing protocols can all converge, but take various amounts of time to do this. Slow convergence can cause problems, such as network loops, which degrade network performance.

You may also hear robustness and redundancy used to describe networking protocols. In many ways, they're the same thing as convergence. Robustness is the ability to keep working even though there are problems, including configuration problems as well as network outages. Redundancy involves having duplicate parts that can continue to function in the event of some malfunction, error, or outage. It's relatively easy to configure dynamic routing protocols to have backup routers and configurations that will continue to function no matter what the network problem is, short of a total network failure.

IPv6 support

IPv4 addressing is in common use everywhere around the world. IPv6 has much larger addresses and it's used by many large companies and government departments. IPv6 isn't as common as IPv4 yet, but more companies are adopting it.

If your network uses IPv6, your dynamic routing protocol must support it. None of the dynamic routing protocols supported IPv6 originally, but they all have additions, expansions, or new versions that now support IPv6. For more information, see RIP, BGP, OSPF, and IS-IS.

When to adopt dynamic routing

Static routing is more than enough to meet your networking needs when you have a small network. However, as your network grows, the question you need to answer is at what point do you adopt dynamic routing in your networking plan and start using it in your network? The main factors in this decision are typically budget, current network size and topology, expected network growth, and available resources for ongoing maintenance.

Budget

When making any business decision, you must always consider your budget. Static routing doesn't involve special hardware, fancy software, or expensive training courses.

Dynamic routing can include all of these extra expenses. Any new hardware, such as routers and switches, need to support the routing protocols that you choose. Network management software and routing protocol drivers may also be necessary to help configure and maintain your more complex network. If the network administrators are not well versed in dynamic routing, you must budget either a training course or some hands-on learning time so they can administer the new network with confidence. Together, these factors can impact your budget.

Additionally, people will always account for network starting costs in the budgets but usually leave out the ongoing cost of network maintenance. Any budget must provide for the hours that will be spent on updating the network routing equipment and fixing any problems. Without that money in the budget, you may end up back at static routing before you know it.

Current network size and topology

As stated earlier, static routing works well on small networks. As those networks get larger, routing takes longer, routing tables get very large, and general performance isn't what it could be.

Topology is a concern as well. If all your computers are in one building, it is much easier to stay with static routing longer. However, connecting a number of locations will be easier with the move to dynamic routing.

If you have a network of 20 computers, you can still likely use static routing. If those computers are in two or three locations, static routing will still be a good choice for connecting them. Also, if you just connect to your ISP and don't worry about any special routing to do that, you're likely safe with just static routing.

If you have a network of 100 computers in one location, you can use static routing but it will be slower, more complex, and there won't be much room for expansion. If those 100 computers are spread across three or more locations, dynamic routing is the way to go.

If you have 1000 computers, you definitely need to use dynamic routing no matter how many locations you have.

Hopefully this section has given you an idea of what results you'll likely experience from different sized networks using different routing protocols. Your choice of which dynamic routing protocol to use is partly determined by the network size and topology.

Expected network growth

You may not be sure if your current network is ready for dynamic routing. However, if you're expecting rapid growth in the near future, it's a good idea to start planning for that growth now so you're ready for the coming expansion.

Static routing is very labor intensive. Each network device’s routing table needs to be configured and maintained manually. If there's a large number of new computers being added to the network, they each need to have the static routing table configured and maintained. If devices are being moved around the network frequently, they must also be updated each time.

Instead, consider putting dynamic routing in place before the new computers are installed on the network. The installation issues can be worked out with a smaller and less complex network, and when the new computers or routers are added to the network there will be nowhere near the level of manual configuration required. Depending on the level of growth, the labor savings can be significant. For example, in an emergency you can drop a new router into a network or AS, wait for it to receive the routing updates from its neighbors, and then remove one of the neighbors. While the routes will not be the most effective possible, this method is much less work than static routing in the same situation, with less chance of mistakes.

Also, as your network grows and you add more routers, the new routers can help share the load in most dynamic routing configurations. For example, if you have 4 OSPF routers and 20,000 external routes, those few routers will be overwhelmed. But a network with 15 OSPF routers will be better able to handle that number of routes. However, be aware that adding more routers to your network will increase the amount of updates sent between the routers, which will use up a greater part of your bandwidth and use more bandwidth overall.

Available resources for ongoing maintenance

As explained in the budget section, there must be resources dedicated to ongoing network maintenance, upgrades, and troubleshooting. These resources include administrator hours to configure and maintain the network, training for the administrator (if needed), extra hardware and software as needed, and possible extra staff to help the administrator in emergencies. Without these resources, you'll quickly find the network reverting to static routing out of necessity. This is because:

  • Routing software updates require time
  • Routing hardware updates require time
  • Office reorganizations or significant personnel movement require time from a networking point of view
  • Networking problems that occur, such as failed hardware, require time to locate and fix the problem

If resources to accomplish these tasks are not budgeted, the tasks will either not happen at the required level to continue operation or not happen at all. This will result in both the network administration staff and the network users being very frustrated.

A lack of a maintenance budget will also result in an increasingly heavy reliance on static routing as the network administrators are forced to use quick fixes for problems that come up. This invariably involves going to static routing, and dropping the more complex and time-consuming dynamic routing.