Re: Resetting the sequence number in an authenticated BFD session

[David Ward <dward@cisco.com>]

Sasha -


I think I already covered your points on centralization and master  
component link. WRT the issue that a L3 device is connected to an L2  
device via a bundled interface and the far L3 device is single  
attached ... BFD is currently an L3 solution. You'd have to run LACP,  
UDLR or BFD at L3 to the L2 device to cover this scenario.

-DWard


On Jan 11, 2008, at 4:11 AM, Alexander Vainshtein wrote:

> David, Nitin and all,
> Please see inline below (blue italics)..Unfortunately it seems that  
> none of the options explicitly proposed by David resolve the issue.
>
> Regards,
>                  Sasha
>
> From: David Ward [mailto:dward@cisco.com]
> Sent: Thu 1/10/2008 11:51 PM
> To: Nitin Bahadur
> Cc: David Ward; Alexander Vainshtein; Dave Katz; Ronen Sommer; BFD  
> WG; Igor Danilovich
> Subject: Re: Resetting the sequence number in an authenticated BFD  
> session
>
> Solutions include (and are alluded to in the drafts):
>
> run BFD on bundled interfaces (any flavor) centrally [Sasha] This  
> rasies the issue of the central component failover (as mentioned in  
> my oriinal message).
>
> run BFD on all component links independently [Sasha] IMHO this is  
> not a viable option. E.g., consider a L3 1-hop situation where the  
> bundled interfaces run between one of the routers and a L2 switch,  
> while the L3 adjacency is unaware of bundling. This is easily  
> achieved with LAG.
>
> run BFD on a master component link [Sasha] The failure of the LC  
> that carries the "master componet link" is the original scenario  
> described in my original email, and the issue remains unsloved IMO.
>
> There are other variants as well.
>
> -DWard
>
> On Jan 10, 2008, at 3:41 PM, Nitin Bahadur wrote:
>
>> Alexander,
>>
>>    I agree that keeping the sequence number consistent between  
>> line cards is not practical. We need a way for a system to  
>> indicate that it wants to restart the sequence.
>>
>> Nitin
>>
>> From: Alexander Vainshtein [mailto:Alexander.Vainshtein@ecitele.com]
>> Sent: Thursday, January 10, 2008 12:42 PM
>> To: David Ward; Dave Katz
>> Cc: Ronen Sommer; BFD WG; Igor Danilovich
>> Subject: Resetting the sequence number in an authenticated BFD  
>> session
>> Importance: High
>>
>> Hi all,
>> I have a question related to the expected behavior of sequence  
>> numbers in an aythenticated (MD5 or SHA1) BFD session.
>>
>> The corresdponding sections of draft-ietf-bfd-base-06 state that,  
>> once the packet has been authenticated by the receiver, its  
>> sequence number MUST be checked; if its value is out of range  
>> defined by the last received sequence number and the Detect  
>> Multiplexor, the packet MUST be discarded.
>>
>> This may result in the a BFD session going down in the situation  
>> when the transceiver "loses" the information about its last  
>> transmitted sequence number. A suitable use case is a multilink  
>> interface (LAG, ML-PPP, etc.) with the links residing in different  
>> line cards, and e BFD implemented in one of these cards: if this  
>> card fails, the BFD would could be re-started in one of the  
>> remaining cards. Such a restart would not affect the local session  
>> because the BFD machine would be restarted with bfd.AuthSeqKnown =  
>> 0, but keeping bfd.XmitAuthSeq consistent between different line  
>> cards seems problematic. (Implemeting BFD in some common card  
>> would resolve the situation with the multilink interfaces but  
>> would raise similar issues when the common card fails).
>>
>> Note that this problem would not occur for a non-authenticated BFD  
>> session.
>>
>> IMHO this problem is real, and I do not see a simple solution for it.
>> I would highly appreciate any feedback from the draft authors and/ 
>> or from the WG.
>>
>> Regards,
>>                   Sasha
>>
>