RE: Resetting the sequence number in an authenticated BFD session
"Peter Arberg" <parberg@redback.com> Fri, 11 January 2008 18:07 UTC
Return-path: <rtg-bfd-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JDOI7-0003pb-7w; Fri, 11 Jan 2008 13:07:39 -0500
Received: from rtg-bfd by megatron.ietf.org with local (Exim 4.43) id 1JDOI6-0003pW-1K for rtg-bfd-confirm+ok@megatron.ietf.org; Fri, 11 Jan 2008 13:07:38 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JDOI5-0003pO-KK for rtg-bfd@ietf.org; Fri, 11 Jan 2008 13:07:37 -0500
Received: from prattle.redback.com ([155.53.12.9]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JDOI4-0007LJ-Tr for rtg-bfd@ietf.org; Fri, 11 Jan 2008 13:07:37 -0500
Received: from localhost (localhost [127.0.0.1]) by prattle.redback.com (Postfix) with ESMTP id 5197E9FD90D; Fri, 11 Jan 2008 10:07:36 -0800 (PST)
Received: from prattle.redback.com ([127.0.0.1]) by localhost (prattle [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14737-02; Fri, 11 Jan 2008 10:07:36 -0800 (PST)
Received: from PARBETM2XP2 (unknown [172.31.253.219]) by prattle.redback.com (Postfix) with ESMTP id 6922A9FD90C; Fri, 11 Jan 2008 10:07:35 -0800 (PST)
From: Peter Arberg <parberg@redback.com>
To: 'David Ward' <dward@cisco.com>, 'Alexander Vainshtein' <Alexander.Vainshtein@ecitele.com>
Date: Fri, 11 Jan 2008 10:07:30 -0800
Organization: Redback Networks Inc.
Message-ID: <032d01c8547c$d59e2c10$0a01a8c0@ad.redback.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_032E_01C85439.C77AEC10"
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AchUXZNMauHh/oRTSyOKOfFhwu/mmwAHu8FQ
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
In-Reply-To: <391301D2-1265-41AA-ABC7-7FFCFD1188E5@cisco.com>
X-Virus-Scanned: by amavisd-new at redback.com
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 570a5b81f8c75fea8dcc4c9f6a8a6e54
Cc: 'BFD WG' <rtg-bfd@ietf.org>, 'Ronen Sommer' <Ronen.Sommer@ecitele.com>, 'Igor Danilovich' <Igor.Danilovich@ecitele.com>, 'Dave Katz' <dkatz@juniper.net>
Subject: RE: Resetting the sequence number in an authenticated BFD session
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: parberg@redback.com
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
Errors-To: rtg-bfd-bounces@ietf.org
Hi David, When you say: --- Difficult but, not impossible. Again, there are multiple interoperable implementations that work over enet bundles, MLPP, etc. Fortunately none of them change the packets on the wire or protocol state machine. --- I take it you are refering to BFD over a link-bundle, where the bundle is considered "1" link, so just 1 BFD session, so it is a bundle "keepalive" instead of a per link inside the bundle monitoring/keepalive. correct ? thanks, Peter _____ From: David Ward [mailto:dward@cisco.com] Sent: 11. januar 2008 06:23 To: Alexander Vainshtein Cc: Ronen Sommer; Dave Katz; Igor Danilovich; David Ward; BFD WG Subject: Re: Resetting the sequence number in an authenticated BFD session Sasha - On Jan 11, 2008, at 4:21 AM, Alexander Vainshtein wrote: David, Nitin and all, IMHO the problem raised is specific because it represents a combination of situations: 1. Handling of a non-planned event is required * From my experience, card failures fail quite often into this category This is a generic problem. * * Since the ecent is non-planned, the BFD machine cannot prepare the peer for this event. Handling of planned events could, e.g., begin with the peer expecting * such an event decalring the BFD session administratively down and thus precluding any undesirable action by the peer This is also a generic problem. 2. The event affects the authentication procedure. This means (and my reading of the draft) that regardless of what the BFD machine after the event tries to do, it will not be achieved because the packets it sends shall not be authenticated and hence shall not affect the peer behavior. Again, this is no different if other "helping" BFD processes didn't have any of the session state. Any BFD information given w/ unknown session information is ignored. This isn't limited to Auth. The real-time side of the story (namely sequence numbers chagning quite fast) makes any solution based on synchronization between tow incarnations (before and after the event) of the BFD machine very difficult. Difficult but, not impossible. Again, there are multiple interoperable implementations that work over enet bundles, MLPP, etc. Fortunately none of them change the packets on the wire or protocol state machine. -DWard Regards, Sasha _____ From: David Ward [mailto:dward@cisco.com] Sent: Fri 1/11/2008 1:39 AM To: Nitin Bahadur Cc: David Ward; Alexander Vainshtein; Dave Katz; Ronen Sommer; BFD WG; Igor Danilovich Subject: Re: Resetting the sequence number in an authenticated BFD session The solution for this is outside the scope of the spec. Note that the problem you describe is not specific to auth at all, it is a generic system problem. The problem is the same if you receive any BFD notification over any link and you need to disseminate that information to all component links. Discrim change, timer change, etc they all fit into this category. You can home the BFD machine on one LC (yes, a form of centralization) and fwd bfd packets to it, you can run BFD on all LCs homing component links and send notifications between them (proprietary solution) - there are many variants of this. It is much, much harder to put the solution into forwarding chips themselves but, again it is not an unsolvable problem either. In any event, the meta point is that this problem is not limited to authentication seq_id rollover and unfort is not a solution that requires specification for interoperability. Towards that end I know of multiple interoperable implementations that work over bundles. -DWard On Jan 10, 2008, at 5:14 PM, Nitin Bahadur wrote: The case I was thinking of was as follows.. ____________ ________ | Bundle | | Bundle | A +---------------------+ B ------ C ------ D +------------+ E |____________ | A and E are iBGP peers. iBGP doesn't know/care bout link bundling. The peers establish a BFD mhop session between them. The links A-B and D-E are link bundles. One cannot guarantee that the link bundle components will be on the same line-card. How can one maintain auth semantics if the line card on A hosting the BFD session goes down. _____ * run BFD on all component links independently This solution does not work for multi-hop bfd sessions. If the outgoing link for a mhop session is a link-bundle, then you would need to create a 1 session per component link just to monitor the health of a single bfd peer. Also, for a mhop session, if there are link bundles on both the peers, I'm not sure how it would work. DW: The picture would be that the component links in an L2 bundle are directly adjacent. In an L2 bundle situation where you want to test each link independently with bidir comms between two routers why would it be mhop? MHop session are for those w/o being directly adjacent. DW: Perhaps you meant that two routers running a mhop BFD session that traversed a link bundle somewhere inbetween. In this case there is nothing you can do as there is nothing you can to to guarantee you are going to traverse the same component links of the bundle inbetween two other routers. The forwarding choice of how to balance those flows over the component links is a local decision that the mhop BFD'ing routers cannot bias.
- Resetting the sequence number in an authenticated… Alexander Vainshtein
- RE: Resetting the sequence number in an authentic… Nitin Bahadur
- RE: Resetting the sequence number in an authentic… Nitin Bahadur
- Re: Resetting the sequence number in an authentic… David Ward
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Nitin Bahadur
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- Re: Resetting the sequence number in an authentic… David Ward
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Peter Arberg
- Re: Resetting the sequence number in an authentic… Dave Katz
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein