[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Interesting BFD discussion on reddit

Subject: Interesting BFD discussion on reddit
From: davewaters1970 at gmail.com (Dave Waters)
Date: Tue, 17 Feb 2015 07:42:20 +0530
In-reply-to: <[email protected]>
References: <CAARSoVzjf9n_2sYmuOMVRzx=Q7kAWXjgyGRC2PmkgwU-Nt_B=w@mail.gmail.com> <[email protected]>

Because BFD packets can get routed across multiple hops. Unlike EBGP where
you connect to a peer in a different AS and you have a direct connection,
BFD packets can traverse multiple hops to reach the endpoint.

In case of multihop BFD the BFD packets also get re-routed when the
topology changes so you can almost never bet on the TTL value to secure the
protocol.

Dave

On Tue, Feb 17, 2015 at 7:03 AM, Rob Seastrom <rs at seastrom.com> wrote:

>
> Dave Waters <davewaters1970 at gmail.com> writes:
>
> >
> http://www.reddit.com/r/networking/comments/2vxj9u/very_elegant_and_a_simple_way_to_secure_bfd/
> >
> > Authentication mechanisms defined for IGPs cannot be used to protect BFD
> > since the rate at which packets are processed in BFD is very high.
> >
> > Dave
>
> One might profitably ask why BFD wasn't designed to take advantage of
> high-TTL-shadowing, a la draft-gill-btsh.
>
> -r
>
>
>

Follow-Ups:
- Interesting BFD discussion on reddit
  - From: rs at seastrom.com (Rob Seastrom)
- Interesting BFD discussion on reddit
  - From: hugo at slabnet.com (Hugo Slabbert)

References:
- Interesting BFD discussion on reddit
  - From: davewaters1970 at gmail.com (Dave Waters)
- Interesting BFD discussion on reddit
  - From: rs at seastrom.com (Rob Seastrom)

Prev by Date: Interesting BFD discussion on reddit
Next by Date: Interesting BFD discussion on reddit
Previous by thread: Interesting BFD discussion on reddit
Next by thread: Interesting BFD discussion on reddit
Index(es):
- Date
- Thread