IETF Logo Mail Archive

Re: Resetting the sequence number in an authenticated BFD session

David Ward <dward@cisco.com> Thu, 10 January 2008 22:25 UTC

Return-path: <rtg-bfd-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JD5pk-000466-1n; Thu, 10 Jan 2008 17:25:08 -0500
Received: from rtg-bfd by megatron.ietf.org with local (Exim 4.43) id 1JD5pi-00045z-Qw for rtg-bfd-confirm+ok@megatron.ietf.org; Thu, 10 Jan 2008 17:25:06 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JD5pi-00045r-D1 for rtg-bfd@ietf.org; Thu, 10 Jan 2008 17:25:06 -0500
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JD5pf-0006Wk-Gl for rtg-bfd@ietf.org; Thu, 10 Jan 2008 17:25:06 -0500
X-IronPort-AV: E=Sophos; i="4.24,268,1196668800"; d="scan'208,217"; a="19550567"
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-3.cisco.com with ESMTP; 10 Jan 2008 14:25:02 -0800
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m0AMP2iY013578; Thu, 10 Jan 2008 14:25:02 -0800
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id m0AMOeFk028942; Thu, 10 Jan 2008 22:24:57 GMT
Received: from xmb-rtp-202.amer.cisco.com ([64.102.31.52]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 10 Jan 2008 17:24:54 -0500
Received: from [127.0.0.1] ([171.68.225.134]) by xmb-rtp-202.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 10 Jan 2008 17:24:53 -0500
In-Reply-To: <CC15BFAB-5E34-4D4C-914E-8320804B1731@cisco.com>
References: <64122293A6365B4A9794DC5636F9ACFD0252D70A@ILPTEX02.ecitele.com> <7FA0C743C38E5340BFC2873488FA1E8E8B22F9@emailcorp3.jnpr.net> <A1C094AD-3891-4660-AE2C-DADE1FF7DD96@cisco.com> <7FA0C743C38E5340BFC2873488FA1E8E8B22FC@emailcorp3.jnpr.net> <CC15BFAB-5E34-4D4C-914E-8320804B1731@cisco.com>
Mime-Version: 1.0 (Apple Message framework v753)
Content-Type: multipart/alternative; boundary="Apple-Mail-7-505866687"
Message-Id: <2F29F5E4-C64E-4F36-BD27-DCE8F3E66919@cisco.com>
From: David Ward <dward@cisco.com>
Date: Thu, 10 Jan 2008 16:24:42 -0600
To: David Ward <dward@cisco.com>
X-Mailer: Apple Mail (2.753)
X-OriginalArrivalTime: 10 Jan 2008 22:24:54.0058 (UTC) FILETIME=[9F9698A0:01C853D7]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=40960; t=1200003902; x=1200867902; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dward@cisco.com; z=From:=20David=20Ward=20<dward@cisco.com> |Subject:=20Re=3A=20Resetting=20the=20sequence=20number=20i n=20an=20authenticated=20BFD=20session |Sender:=20; bh=r8KYBL1ai2Z3psvaB73cnUXf6cHUpM8Kro4c2WUG49s=; b=vWSAkrzLUYU4QmrOXETg++xxq3xK9ddLv4tpRRHiHiBSFECWvllcEpOyVA Ny9+YWR816GPhPZ+BLu2oAv1tvi7Hzi7FK2ifZ+yFAkzDC/C4BV81Zrb9Ymo G4VD+u5Xv4;
Authentication-Results: sj-dkim-2; header.From=dward@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
X-Spam-Score: 0.6 (/)
X-Scan-Signature: c6d4566aad1fef50f784fa8a77ccada7
Cc: Ronen Sommer <Ronen.Sommer@ecitele.com>, Dave Katz <dkatz@juniper.net>, Igor Danilovich <Igor.Danilovich@ecitele.com>, BFD WG <rtg-bfd@ietf.org>
Subject: Re: Resetting the sequence number in an authenticated BFD session
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
Errors-To: rtg-bfd-bounces@ietf.org

Nitin -


On Jan 10, 2008, at 4:19 PM, David Ward wrote:

>
> Nitin -
>
> inline
>
> On Jan 10, 2008, at 4:10 PM, Nitin Bahadur wrote:
>
>> That’s not sufficient from a practical point of view. Here’s why.
>>
>> Ø      run BFD on bundled interfaces (any flavor) centrally
>> Can’t support very low detection times. Only line cards can  
>> support tens of ms.
>>
>> Ø      run BFD on all component links independently
>> This solution does not work for multi-hop bfd sessions. If the  
>> outgoing link for a mhop session is a link-bundle, then you would  
>> need to create a 1 session per component link just to monitor the  
>> health of a single bfd peer. Also, for a mhop session, if there  
>> are link bundles on both the peers, I’m not sure how it would work.
>>
>
>
> DW: The picture would be that the component links in an L2 bundle  
> are directly adjacent.  In an L2 bundle situation where you want to  
> test each link  independently with bidir comms between two routers  
> why would it be mhop? MHop session are for those w/o being directly  
> adjacent.
>
>


DW: Perhaps you meant that two routers running a mhop BFD session  
that traversed a link bundle somewhere inbetween. In this case there  
is nothing you can do as there is nothing you can to to guarantee you  
are going to traverse the same component links of the bundle  
inbetween two other routers. The forwarding choice of how to balance  
those flows over the component links is a local decision that the  
mhop BFD'ing routers cannot bias.


I wasn't sure if you were thinking of that case.


-DWard




>
>> Ø      run BFD on a master component link
>> What if the master goes down? The link is still UP. If you now  
>> assign the master to a different line card, you end up with  
>> problem of sequence number out of sync.
>>
>> I would be interested in knowing the other variants that might  
>> help solve the above issues.
>
>
> DW: Many of them do not require modifications to the protocol to be  
> interoperable and would be outside the scope of the BFD specification.
>
> -DWard
>
>>
>> Thanks
>> Nitin
>>
>> From: David Ward [mailto:dward@cisco.com]
>> Sent: Thursday, January 10, 2008 1:51 PM
>> To: Nitin Bahadur
>> Cc: David Ward; Alexander Vainshtein; Dave Katz; Ronen Sommer; BFD  
>> WG; Igor Danilovich
>> Subject: Re: Resetting the sequence number in an authenticated BFD  
>> session
>>
>> Solutions include (and are alluded to in the drafts):
>>
>> run BFD on bundled interfaces (any flavor) centrally
>> run BFD on all component links independently
>> run BFD on a master component link
>>
>> There are other variants as well.
>>
>> -DWard
>>
>> On Jan 10, 2008, at 3:41 PM, Nitin Bahadur wrote:
>>
>>
>> Alexander,
>>
>>    I agree that keeping the sequence number consistent between  
>> line cards is not practical. We need a way for a system to  
>> indicate that it wants to restart the sequence.
>>
>> Nitin
>>
>> From: Alexander Vainshtein [mailto:Alexander.Vainshtein@ecitele.com]
>> Sent: Thursday, January 10, 2008 12:42 PM
>> To: David Ward; Dave Katz
>> Cc: Ronen Sommer; BFD WG; Igor Danilovich
>> Subject: Resetting the sequence number in an authenticated BFD  
>> session
>> Importance: High
>>
>> Hi all,
>> I have a question related to the expected behavior of sequence  
>> numbers in an aythenticated (MD5 or SHA1) BFD session.
>>
>> The corresdponding sections of draft-ietf-bfd-base-06 state that,  
>> once the packet has been authenticated by the receiver, its  
>> sequence number MUST be checked; if its value is out of range  
>> defined by the last received sequence number and the Detect  
>> Multiplexor, the packet MUST be discarded.
>>
>> This may result in the a BFD session going down in the situation  
>> when the transceiver "loses" the information about its last  
>> transmitted sequence number. A suitable use case is a multilink  
>> interface (LAG, ML-PPP, etc.) with the links residing in different  
>> line cards, and e BFD implemented in one of these cards: if this  
>> card fails, the BFD would could be re-started in one of the  
>> remaining cards. Such a restart would not affect the local session  
>> because the BFD machine would be restarted with bfd.AuthSeqKnown =  
>> 0, but keeping bfd.XmitAuthSeq consistent between different line  
>> cards seems problematic. (Implemeting BFD in some common card  
>> would resolve the situation with the multilink interfaces but  
>> would raise similar issues when the common card fails).
>>
>> Note that this problem would not occur for a non-authenticated BFD  
>> session.
>>
>> IMHO this problem is real, and I do not see a simple solution for it.
>> I would highly appreciate any feedback from the draft authors and/ 
>> or from the WG.
>>
>> Regards,
>>                   Sasha
>>
>>
>

v2.23.0 | Report a Bug | By Email