IETF Logo Mail Archive

RE: New BFD Authentication Optimization draft draft-mahesh-bfd-authentication-00

Gregory Mirsky <gregory.mirsky@ericsson.com> Wed, 25 February 2015 01:03 UTC

Return-Path: <gregory.mirsky@ericsson.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D4B51A1A28 for <rtg-bfd@ietfa.amsl.com>; Tue, 24 Feb 2015 17:03:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.2
X-Spam-Level:
X-Spam-Status: No, score=-104.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ufm8O4UBq3Iv for <rtg-bfd@ietfa.amsl.com>; Tue, 24 Feb 2015 17:03:02 -0800 (PST)
Received: from usevmg21.ericsson.net (usevmg21.ericsson.net [198.24.6.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABEE61A0396 for <rtg-bfd@ietf.org>; Tue, 24 Feb 2015 17:03:01 -0800 (PST)
X-AuditID: c6180641-f79916d00000623a-d5-54ecbec684d0
Received: from EUSAAHC006.ericsson.se (Unknown_Domain [147.117.188.90]) by usevmg21.ericsson.net (Symantec Mail Security) with SMTP id 0D.73.25146.6CEBCE45; Tue, 24 Feb 2015 19:11:18 +0100 (CET)
Received: from EUSAAMB103.ericsson.se ([147.117.188.120]) by EUSAAHC006.ericsson.se ([147.117.188.90]) with mapi id 14.03.0210.002; Tue, 24 Feb 2015 20:02:55 -0500
From: Gregory Mirsky <gregory.mirsky@ericsson.com>
To: Manav Bhatia <manavbhatia@gmail.com>
Subject: RE: New BFD Authentication Optimization draft draft-mahesh-bfd-authentication-00
Thread-Topic: New BFD Authentication Optimization draft draft-mahesh-bfd-authentication-00
Thread-Index: AQHQR7tadvoqvosDD0+T/Ufc9u97uZ0AsdOAgAAfRQD//8PhUIAAVT0A//+w+TA=
Date: Wed, 25 Feb 2015 01:02:54 +0000
Message-ID: <7347100B5761DC41A166AC17F22DF1121B9136A6@eusaamb103.ericsson.se>
References: <BAY176-W28F0D2D92D57BFDD165555FA230@phx.gbl> <20150224211328.GF25639@pfrc> <CAG1kdoi79yg5+HW7KY76anp6QMvsgtWw8iHkvB=5zPRQN5xX_A@mail.gmail.com> <7347100B5761DC41A166AC17F22DF1121B91363E@eusaamb103.ericsson.se> <CAG1kdojdJfV_KO=TMPSDK6=4DRvR7JQgOnoOkcnvQ=76E0wwiA@mail.gmail.com>
In-Reply-To: <CAG1kdojdJfV_KO=TMPSDK6=4DRvR7JQgOnoOkcnvQ=76E0wwiA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.10]
Content-Type: multipart/alternative; boundary="_000_7347100B5761DC41A166AC17F22DF1121B9136A6eusaamb103erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpikeLIzCtJLcpLzFFi42KZXLonSvfYvjchBnv7rCz2H3zLanF5Uhu7 xec/2xgdmD12zrrL7rFkyU8mj8u9W1kDmKO4bFJSczLLUov07RK4Mtqnrmcv+DGHsWLzv0nM DYwPZjB2MXJySAiYSFyddJ4ZwhaTuHBvPVsXIxeHkMARRonJ0z4yQjjLGSUu/4ToYBMwknix sYcdxBYR0JBofX8ArJtZwEOib+tuNhBbWCBaYn3TcVaImhiJyVsXQ9l+Emsm/wSrZxFQlbh7 +AELiM0r4Cux4sNssLiQwGomiQnTdEBsToFAiWPLNoLtYgS67vupNUwQu8Qlbj2ZzwRxtYDE kj0wH4hKvHz8jxXCVpKYtPQckM0BVJ8vsfS+E8QqQYmTM5+wTGAUnYVk0iyEqllIqiDCmhLr d+lDVCtKTOl+yA5hA/0+Zy47svgCRvZVjBylxalluelGhpsYgZF2TILNcQfjgk+WhxgFOBiV eHgNXr4OEWJNLCuuzD3EKM3BoiTOW3blYIiQQHpiSWp2ampBalF8UWlOavEhRiYOTqkGRra9 LxjTDRhsPt9fZuZU6ZSpdvSCaWZ/5+456n5huxkCtuywOGBiF6u1h/lT0UuZzZqXON/rFrhs e32eT1Funswet3MP10rEhnBV37aK2qSqXubAMfGirdfVRyqH360rqHr160P/7rRIn51167X6 Lm7lc5N1SftswH7u5RJVsY/F+cc4bxvfV2Ipzkg01GIuKk4EAL3AYdiVAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtg-bfd/1OONSW90k4m2BXl0avONRyk6aMA>
Cc: "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2015 01:03:04 -0000

Hi Manav, et. al,
I think that authors had not considered impact of the proposal on defined in RFC 6428 RDI functionality. Perhaps you’ll call support of the RDI “broken implementation”. But that’s OK.

                Regards,
                                Greg

From: Manav Bhatia [mailto:manavbhatia@gmail.com]
Sent: Tuesday, February 24, 2015 4:35 PM
To: Gregory Mirsky
Cc: Jeffrey Haas; rtg-bfd@ietf.org
Subject: Re: New BFD Authentication Optimization draft draft-mahesh-bfd-authentication-00

Hi Greg,

It requires no changes on the RX side. I concede that it does require some changes on the TX side.

If somebody tells me that this requires changes on the RX side as well, then that vendor's implementation is broken! :-)

Cheers, Manav

On Wed, Feb 25, 2015 at 6:02 AM, Gregory Mirsky <gregory.mirsky@ericsson.com<mailto:gregory.mirsky@ericsson.com>> wrote:
Hi Manav,
what evidence authors have to state:
“What we have proposed here requires no change to the current hardware based implementations.”
Had you performed a poll? Would you kindly share the results?

                Regards,
                                Greg

From: Rtg-bfd [mailto:rtg-bfd-bounces@ietf.org<mailto:rtg-bfd-bounces@ietf.org>] On Behalf Of Manav Bhatia
Sent: Tuesday, February 24, 2015 3:05 PM
To: Jeffrey Haas
Cc: rtg-bfd@ietf.org<mailto:rtg-bfd@ietf.org>
Subject: Re: New BFD Authentication Optimization draft draft-mahesh-bfd-authentication-00

Hi Jeff,

I am not sure how easy is it to do this for HW based implementations where you would be required to cache the last good packet heard from all sessions.

What we have proposed here requires no change to the current hardware based implementations.

Cheers, Manav

On Wed, Feb 25, 2015 at 2:43 AM, Jeffrey Haas <jhaas@pfrc.org<mailto:jhaas@pfrc.org>> wrote:
On Fri, Feb 13, 2015 at 10:31:43AM -0800, Ashesh Mishra wrote:
> Hi BFD Experts,
> The 00 version of BFD Authentication Optimization draft is now online:
> https://datatracker.ietf.org/doc/draft-mahesh-bfd-authentication/
> The draft describes method for selectively authenticating certain BFD frames to avoid computational overhead.

I have perhaps a rather basic question which I'd been thinking on since it
was said this draft may be coming:

Is there any reason we couldn't simply use the non-meticulous versions of
the keyed authentication and rely on caching?

Essentially, in stable state BFD packets will be the same thing over and
over again.  As long as the sequence number isn't increased, knowing that a
given packet has passed authentication previously is sufficient if it's the
same packet.

Given how small BFD packets are, cache the entire packet?  Is the memory at
that level of preciousness in the hardware implementations?

Basically, in RFC 5880, section 6.8.6, at the procedural component that says
"MUST be authenticated", once this step has completed for this sequence
number and caching is determined to be okay, store the packet.  When the
sequence number is seen a second time and the authentication contents are
the same, simply compare the bytes of the packet to the cache.

I suspect I'm about to get a very strong reality check here. :-)

-- Jeff

v2.23.0 | Report a Bug | By Email