BFD chair response to presentation on draft-mirmin-bfd-extended

Jeffrey Haas <> Fri, 22 November 2019 02:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0E4BF12012E; Thu, 21 Nov 2019 18:48:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id pnEr8uS3k5xQ; Thu, 21 Nov 2019 18:48:55 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 8CBBF12012A; Thu, 21 Nov 2019 18:48:55 -0800 (PST)
Received: by (Postfix, from userid 1001) id 13B7F1E342; Thu, 21 Nov 2019 21:52:56 -0500 (EST)
Date: Thu, 21 Nov 2019 21:52:55 -0500
From: Jeffrey Haas <>
Subject: BFD chair response to presentation on draft-mirmin-bfd-extended
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 22 Nov 2019 02:48:57 -0000

In the interest of permitting the presentations to move smoothly at this
Friday's rtgwg session, I withheld my comments from microphone.  However,
please consider these comments for the record for IETF-106.

Firstly, I'm surprised the chairs had a BFD presentation at rtgwg.  rtgwg is
indeed intended to be a general purpose dispatch group for work without a
home, but that's not the case for BFD.

Secondly, Reshad and I intentionally did not schedule work on BFD extension
work, including Greg's presentation, for this IETF.  This is because there
is open charter discussions we're starting with the IESG on this space.


Specific comments on BFD extension work and the charter discussions:

During prior IETFs, and culminating at IETF-105, we've seen regular work to
try to stuff BFD with additional features of various forms.  The litmus test
generally used for BFD's core use case over the years has been "what do you
want to hear every 3.3ms?"  To that end, things that enhance BFD's core
continuity verification uses cases have ended up in the protocol.

Somewhat similar to other popular protocols such as DNS and BGP, BFD has
nice properties that make it an appealing place to try to extend.  In
particular, it's a continuing conversation between two systems.

During IETF-105, the IPPM group members attending explicitly noted that they
did not want to see their mechanisms present in BFD and did not consider it
a good fit.

As part of that discussion, the chairs noted that one option potentially
open is that we permit the "BFDv2" option we have discussed at IETF-105 and
previous to permit an option where we do not use the core BFDv1 session used
for continuity for these extensions, and use a different protocol version
and port set to enable the other use cases.

Thus, the discussion with the IESG is whether BFD hands over the "gift" of a
general and mature mechanism for a conversation between two systems that may
be generally extended to carry "interesting" information.

This addresses Tony Li's point about "please don't make BFD difficult to
implement in hardware".


Specific comments on draft-mirmin-bfd-extended:

The somewhat peculiar extension mechanism shown in Greg's draft was
originally seeded by work I started in BFD for draft-ietf-bfd-large-packets.
In fairness to history, this was similar to work that was done in OSPF years
back for how the authentication mechanism was spliced onto the protocol.
The one sentence description of that use case is "make the packet padded to
test MTU".  It's a hack, but one that does a reasonable job of its use case.

However, with regard to leveraging this hack for a general purpose extension
mechanism, I don't find it a good fit.  BFDv1 does not expect to find
information regarding the packet or state machine outside of the main PDU.
It is likely a new version number will need to be used to establish future
semantics.  (Per prior discussion in the working group.)

The capabilities mechanism will likely require either integration into some
form of an updated state machine for the new version header, or a different
form.  IMO, I find it likely that a "capability advertisement" mechanism
would be necessary rather than negotiation to avoid a wholesale replacement
of the BFD state machinery.  And if we replace that much of the machinery,
let's just stop calling this BFD at all and move on.

With regard to IPPM style content for the draft, I refer you to the IPPM
members comments above from IETF-105.

With regard to authentication, there are two possibilities here:
- Faster authentication of BFD style packets is covered by work completing
  BFD WGLC draft-ietf-bfd-optimitizing-authentication.  I'd encourage other
  working groups in need of a faster per-packet authentication mechanism to
  consider whether it's an appropriate fit.
- In the case that such a future BFD, or mechanism built on similar
  machinery, want a way to autenticate the payload different from the
  headers, there will likely need to be discussion about not only what
  envelope is used, but also strength vs. periodicity.  (And if you don't need
  this stuff periodically, why use something like BFD?)

-- Jeff