Re: New BFD Authentication Optimization draft draft-mahesh-bfd-authentication-00
Manav Bhatia <manavbhatia@gmail.com> Wed, 25 February 2015 00:35 UTC
Return-Path: <manavbhatia@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 214CF1A1A28 for <rtg-bfd@ietfa.amsl.com>; Tue, 24 Feb 2015 16:35:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ktDhxBn7o8LB for <rtg-bfd@ietfa.amsl.com>; Tue, 24 Feb 2015 16:35:20 -0800 (PST)
Received: from mail-ob0-x232.google.com (mail-ob0-x232.google.com [IPv6:2607:f8b0:4003:c01::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BADC21A19E4 for <rtg-bfd@ietf.org>; Tue, 24 Feb 2015 16:35:19 -0800 (PST)
Received: by mail-ob0-f178.google.com with SMTP id uz6so569947obc.9 for <rtg-bfd@ietf.org>; Tue, 24 Feb 2015 16:35:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=KyyfKhUAS4v3pGMHWVgqwOKxMpTtrjHwXOWnwgokOwI=; b=GbJY4kc45k2sYc7zVVd/pSiRbTgehMHTNGztYgg68/Z0bvUA8Xu2UWtkpUya4fAYSG wPtAGU/nFnHbA4uKdnKW9av7KdLeIIdIigO4dAYGw/o8JgWCpEqMYFtyr3nR6AQfRXNx dCgr/3tQf2ycb6izo4CyIGLkUlQ27LIXUbinmSoK9bsDmCKvJ8oH1bjuFIjbe6CF33Xj LUTkjvoUIwoWg6o6RVupvJrh/yw34Kf4eLzJNyQBOx1rpBSx/1XE+BxI1ca7r/1rt1a7 x9QsUbvC32Gghh/MwftVgM3Py2fxTzI34OwDMtnw0YJyAW4WHXTM1qe/Ey8lOFFIH3sY /zqw==
MIME-Version: 1.0
X-Received: by 10.60.97.35 with SMTP id dx3mr461040oeb.6.1424824519005; Tue, 24 Feb 2015 16:35:19 -0800 (PST)
Received: by 10.76.112.136 with HTTP; Tue, 24 Feb 2015 16:35:18 -0800 (PST)
In-Reply-To: <7347100B5761DC41A166AC17F22DF1121B91363E@eusaamb103.ericsson.se>
References: <BAY176-W28F0D2D92D57BFDD165555FA230@phx.gbl> <20150224211328.GF25639@pfrc> <CAG1kdoi79yg5+HW7KY76anp6QMvsgtWw8iHkvB=5zPRQN5xX_A@mail.gmail.com> <7347100B5761DC41A166AC17F22DF1121B91363E@eusaamb103.ericsson.se>
Date: Wed, 25 Feb 2015 06:05:18 +0530
Message-ID: <CAG1kdojdJfV_KO=TMPSDK6=4DRvR7JQgOnoOkcnvQ=76E0wwiA@mail.gmail.com>
Subject: Re: New BFD Authentication Optimization draft draft-mahesh-bfd-authentication-00
From: Manav Bhatia <manavbhatia@gmail.com>
To: Gregory Mirsky <gregory.mirsky@ericsson.com>
Content-Type: multipart/alternative; boundary="089e01227a1852be5d050fdecfaa"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtg-bfd/N21Yo5NWgI8yaxPu7BsLuAdZWJ0>
Cc: "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2015 00:35:22 -0000
Hi Greg, It requires no changes on the RX side. I concede that it does require some changes on the TX side. If somebody tells me that this requires changes on the RX side as well, then that vendor's implementation is broken! :-) Cheers, Manav On Wed, Feb 25, 2015 at 6:02 AM, Gregory Mirsky <gregory.mirsky@ericsson.com > wrote: > Hi Manav, > > what evidence authors have to state: > > “What we have proposed here requires no change to the current hardware > based implementations.” > > Had you performed a poll? Would you kindly share the results? > > > > Regards, > > Greg > > > > *From:* Rtg-bfd [mailto:rtg-bfd-bounces@ietf.org] *On Behalf Of *Manav > Bhatia > *Sent:* Tuesday, February 24, 2015 3:05 PM > *To:* Jeffrey Haas > *Cc:* rtg-bfd@ietf.org > *Subject:* Re: New BFD Authentication Optimization draft > draft-mahesh-bfd-authentication-00 > > > > Hi Jeff, > > > > I am not sure how easy is it to do this for HW based implementations where > you would be required to cache the last good packet heard from all sessions. > > > > What we have proposed here requires no change to the current hardware > based implementations. > > > > Cheers, Manav > > > > On Wed, Feb 25, 2015 at 2:43 AM, Jeffrey Haas <jhaas@pfrc.org> wrote: > > On Fri, Feb 13, 2015 at 10:31:43AM -0800, Ashesh Mishra wrote: > > Hi BFD Experts, > > The 00 version of BFD Authentication Optimization draft is now online: > > https://datatracker.ietf.org/doc/draft-mahesh-bfd-authentication/ > > The draft describes method for selectively authenticating certain BFD > frames to avoid computational overhead. > > I have perhaps a rather basic question which I'd been thinking on since it > was said this draft may be coming: > > Is there any reason we couldn't simply use the non-meticulous versions of > the keyed authentication and rely on caching? > > Essentially, in stable state BFD packets will be the same thing over and > over again. As long as the sequence number isn't increased, knowing that a > given packet has passed authentication previously is sufficient if it's the > same packet. > > Given how small BFD packets are, cache the entire packet? Is the memory at > that level of preciousness in the hardware implementations? > > Basically, in RFC 5880, section 6.8.6, at the procedural component that > says > "MUST be authenticated", once this step has completed for this sequence > number and caching is determined to be okay, store the packet. When the > sequence number is seen a second time and the authentication contents are > the same, simply compare the bytes of the packet to the cache. > > I suspect I'm about to get a very strong reality check here. :-) > > -- Jeff > > >
- New BFD Authentication Optimization draft draft-m… Ashesh Mishra
- RE: New BFD Authentication Optimization draft dra… Santosh P K
- Re: New BFD Authentication Optimization draft dra… Manav Bhatia
- Re: New BFD Authentication Optimization draft dra… MALLIK MUDIGONDA (mmudigon)
- Re: New BFD Authentication Optimization draft dra… Manav Bhatia
- Re: New BFD Authentication Optimization draft dra… MALLIK MUDIGONDA (mmudigon)
- RE: New BFD Authentication Optimization draft dra… Vengada Prasad Govindan (venggovi)
- RE: New BFD Authentication Optimization draft dra… Marc Binderberger
- Re: New BFD Authentication Optimization draft dra… Mahesh Jethanandani
- Re: New BFD Authentication Optimization draft dra… Marc Binderberger
- RE: New BFD Authentication Optimization draft dra… Santosh P K
- Re: New BFD Authentication Optimization draft dra… Jeffrey Haas
- Re: New BFD Authentication Optimization draft dra… Manav Bhatia
- Re: New BFD Authentication Optimization draft dra… Jeffrey Haas
- RE: New BFD Authentication Optimization draft dra… Gregory Mirsky
- Re: New BFD Authentication Optimization draft dra… Manav Bhatia
- Re: New BFD Authentication Optimization draft dra… Manav Bhatia
- RE: New BFD Authentication Optimization draft dra… Gregory Mirsky
- RE: New BFD Authentication Optimization draft dra… Ashesh Mishra
- Re: New BFD Authentication Optimization draft dra… Jeffrey Haas