[178119] in North American Network Operators' Group
Re: Interesting BFD discussion on reddit
daemon@ATHENA.MIT.EDU (Rob Seastrom)
Mon Feb 16 21:50:06 2015
X-Original-To: nanog@nanog.org
To: Dave Waters <davewaters1970@gmail.com>
From: Rob Seastrom <rs@seastrom.com>
Date: Mon, 16 Feb 2015 21:50:02 -0500
In-Reply-To: <CAARSoVzCwMb1HyDPWfS+_3_Qv8oBU1tZ5Jtqf5RfY0vTsDKmpA@mail.gmail.com> (Dave
Waters's message of "Tue, 17 Feb 2015 07:42:20 +0530")
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Many moons ago, Mike O'Dell had a pithy observation about "can"
vs. "should" that is escaping me at this moment, which is a pity since
it almost certainly applies here.
-r
Dave Waters <davewaters1970@gmail.com> writes:
> Because BFD packets can get routed across multiple hops. Unlike EBGP where you connect to a
> peer in a different AS and you have a direct connection, BFD packets can traverse multiple
> hops to reach the endpoint.
>
>
>
> In case of multihop BFD the BFD packets also get re-routed when the topology changes so you
> can almost never bet on the TTL value to secure the protocol.
>
>
>
> Dave
>
>
>
> On Tue, Feb 17, 2015 at 7:03 AM, Rob Seastrom <[[rs@seastrom.com]]> wrote:
>
> Dave Waters <[[davewaters1970@gmail.com]]> writes:
>
> >
> [[http://www.reddit.com/r/networking/comments/2vxj9u/very_elegant_and_a_simple_way_to_secure_bfd/]]
> >
> > Authentication mechanisms defined for IGPs cannot be used to protect BFD
> > since the rate at which packets are processed in BFD is very high.
> >
> > Dave
>
>
>
>
> One might profitably ask why BFD wasn't designed to take advantage of
> high-TTL-shadowing, a la draft-gill-btsh.
>
> -r
>
>
>
