[178135] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Interesting BFD discussion on reddit

daemon@ATHENA.MIT.EDU (Hugo Slabbert)
Tue Feb 17 11:37:37 2015

X-Original-To: nanog@nanog.org
Date: Tue, 17 Feb 2015 08:37:34 -0800
From: Hugo Slabbert <hugo@slabnet.com>
To: Dave Waters <davewaters1970@gmail.com>
In-Reply-To: <CAARSoVzCwMb1HyDPWfS+_3_Qv8oBU1tZ5Jtqf5RfY0vTsDKmpA@mail.gmail.com>
Cc: Rob Seastrom <rs@seastrom.com>, nanog@nanog.org
Errors-To: nanog-bounces@nanog.org


--CblX+4bnyfN0pR09
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

>Because BFD packets can get routed across multiple hops. Unlike EBGP where
>you connect to a peer in a different AS and you have a direct connection,
>BFD packets can traverse multiple hops to reach the endpoint.

Then what's this "multihop" knob I have available in my BGP config?  Again,=
=20
as Rob pointed out, "can" vs. "should" is a good consideration here, but=20
unless I'm missing something both EBGP and BFD "can" do multihop...so...?

--
Hugo

On Tue 2015-Feb-17 07:42:20 +0530, Dave Waters <davewaters1970@gmail.com> w=
rote:

>Because BFD packets can get routed across multiple hops. Unlike EBGP where
>you connect to a peer in a different AS and you have a direct connection,
>BFD packets can traverse multiple hops to reach the endpoint.
>
>In case of multihop BFD the BFD packets also get re-routed when the
>topology changes so you can almost never bet on the TTL value to secure the
>protocol.
>
>Dave
>
>On Tue, Feb 17, 2015 at 7:03 AM, Rob Seastrom <rs@seastrom.com> wrote:
>
>>
>> Dave Waters <davewaters1970@gmail.com> writes:
>>
>> >
>> http://www.reddit.com/r/networking/comments/2vxj9u/very_elegant_and_a_si=
mple_way_to_secure_bfd/
>> >
>> > Authentication mechanisms defined for IGPs cannot be used to protect B=
FD
>> > since the rate at which packets are processed in BFD is very high.
>> >
>> > Dave
>>
>> One might profitably ask why BFD wasn't designed to take advantage of
>> high-TTL-shadowing, a la draft-gill-btsh.
>>
>> -r
>>
>>
>>

--CblX+4bnyfN0pR09
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU425OAAoJEJqxD/2xeDE+gHwQAKRyvmkMZ9tkjqkXtY53nd/m
k0+J2xC+nnibytcE4L8bL2v5VUzCd1tA/7OdHjNEg83Covp71Idx2XwczVTGP3Jo
WTcH30lWIgQ6/Rq2RGgkY1KU5BhdzjLNOVVdoEFhfzC8SkHix03aIcJsBSvDgHSd
FtXddu3O3uGf1g3f5Sh6WaJ2X49k7ig8Acjjdlv+2zgYCkGGCcEj0twQisFQBA+W
vldPoDmYw1VeTaMGdCkXmvYYbtXpoXTrrYPzRuZ1w0cCGHUebYCRKtjj8gvCcXw2
B1End6QYTHPhzp58e/3jWyhgpr29c9ga9ldrMXsX8gHbpbXhXCGfRp4Hmh6Ck7yx
5nSzmzzZqQmUEooDcsRRQlaIn0GCdUu6FRCLALXpyyWzwxwoQh0ckD/XgDJDjGnN
DqThY6pYq0A9VF67+WfJpPIwtGwL5z+043NIS3kSoGAuhfnueB+DjaqSzC1THCmQ
VBafeC5T0k7NBHlsW4WTm5rcilNud+MDh1ThYpVaGSxw0PuV7joUFp8CxY8pzigo
Rbr0VgohaNcBlAFoVcU5H5te7CVEArrHxlgkAiXcgmpOiWolooBuKVK9Chhub4je
16kYdGdE5uvy89M+vq42HfVcej5HstIITHAF/l7DDEBFW7x3dD7AS/OXQo6wAyIZ
g1haiXJrM8GC7NGsyDLW
=x27D
-----END PGP SIGNATURE-----

--CblX+4bnyfN0pR09--


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[178135] in North American Network Operators' Group

Re: Interesting BFD discussion on reddit

daemon@ATHENA.MIT.EDU (Hugo Slabbert)Tue Feb 17 11:37:37 2015

daemon@ATHENA.MIT.EDU (Hugo Slabbert)
Tue Feb 17 11:37:37 2015