Comments on Optimizing BFD Authentication

Jeffrey Haas <> Wed, 28 March 2018 16:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 173E712D7F5; Wed, 28 Mar 2018 09:57:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eD4Yww5jnyYs; Wed, 28 Mar 2018 09:57:20 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 7E77912DA23; Wed, 28 Mar 2018 09:57:14 -0700 (PDT)
Received: by (Postfix, from userid 1001) id 45C181E401; Wed, 28 Mar 2018 12:57:36 -0400 (EDT)
Date: Wed, 28 Mar 2018 12:57:36 -0400
From: Jeffrey Haas <>
Subject: Comments on Optimizing BFD Authentication
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 28 Mar 2018 16:57:25 -0000


Several comments on the draft in no particular order:


The document header says "BFD Authentication".  You should include the word
"optimizing" somewhere in that. :-)


The NULL Auth TLV has a recommended Authentication Type of 0.  While this
seems like a good idea, it's problematic in a few regards.

RFC 5880 defines the bfd.AuthType variable.  This is basically set using the
received AuthType in the packet when authentication is received.  E.g.:

:    Authentication Present (A)
:       Set to 1 if authentication is in use on this session (bfd.AuthType
:       is nonzero), or 0 if not.

Further, section 6.8.6 contains the following:

:       If the A bit is set and no authentication is in use (bfd.AuthType
:       is zero), the packet MUST be discarded.

My recommendation is to remove the AuthType of 0 and replace it with a TBD
to be assigned by IANA.  This impacts the IANA Considerations section.


Section 3 notes a "Reserved" field.  It notes "multiple keys". This seems to
be missing text describing how it's intended to be used.


There are also a few other issues that require attention, which are largely
operational considerations:

How do you go about enabling the optimized procedures?  Is it expected to be
via configuration?

What are the yang model considerations?  (See prior point.)

-- Jeff