Re: Resetting the sequence number in an authenticated BFD session
David Ward <dward@cisco.com> Sun, 13 January 2008 16:18 UTC
Return-path: <rtg-bfd-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JE5X8-0007D0-OY; Sun, 13 Jan 2008 11:18:02 -0500
Received: from rtg-bfd by megatron.ietf.org with local (Exim 4.43) id 1JE5X7-0007Cr-Jb for rtg-bfd-confirm+ok@megatron.ietf.org; Sun, 13 Jan 2008 11:18:01 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JE5X7-0007Cj-6K for rtg-bfd@ietf.org; Sun, 13 Jan 2008 11:18:01 -0500
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JE5X5-00022U-7Y for rtg-bfd@ietf.org; Sun, 13 Jan 2008 11:18:01 -0500
Received: from rtp-dkim-1.cisco.com ([64.102.121.158]) by sj-iport-6.cisco.com with ESMTP; 13 Jan 2008 08:17:57 -0800
Received: from rtp-core-2.cisco.com (rtp-core-2.cisco.com [64.102.124.13]) by rtp-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m0DGHuqY015641; Sun, 13 Jan 2008 11:17:56 -0500
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by rtp-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id m0DGHuN6022448; Sun, 13 Jan 2008 16:17:56 GMT
Received: from xmb-rtp-202.amer.cisco.com ([64.102.31.52]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 13 Jan 2008 11:17:56 -0500
Received: from [127.0.0.1] ([171.68.225.134]) by xmb-rtp-202.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 13 Jan 2008 11:17:54 -0500
In-Reply-To: <64122293A6365B4A9794DC5636F9ACFD0252D70D@ILPTEX02.ecitele.com>
References: <64122293A6365B4A9794DC5636F9ACFD0252D70A@ILPTEX02.ecitele.com> <7FA0C743C38E5340BFC2873488FA1E8E8B22F9@emailcorp3.jnpr.net> <A1C094AD-3891-4660-AE2C-DADE1FF7DD96@cisco.com> <64122293A6365B4A9794DC5636F9ACFD0252D70B@ILPTEX02.ecitele.com> <A050B43B-2ABA-4FCC-811E-2017003A1B50@cisco.com> <64122293A6365B4A9794DC5636F9ACFD0252D70D@ILPTEX02.ecitele.com>
Mime-Version: 1.0 (Apple Message framework v753)
Content-Type: multipart/alternative; boundary="Apple-Mail-2-743049712"
Message-Id: <37AA0457-0AC7-4C00-975F-96416C050870@cisco.com>
From: David Ward <dward@cisco.com>
Date: Sun, 13 Jan 2008 10:17:45 -0600
To: Alexander Vainshtein <Alexander.Vainshtein@ecitele.com>
X-Mailer: Apple Mail (2.753)
X-OriginalArrivalTime: 13 Jan 2008 16:17:54.0462 (UTC) FILETIME=[DA2023E0:01C855FF]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=24369; t=1200241076; x=1201105076; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dward@cisco.com; z=From:=20David=20Ward=20<dward@cisco.com> |Subject:=20Re=3A=20Resetting=20the=20sequence=20number=20i n=20an=20authenticated=20BFD=20session |Sender:=20 |To:=20Alexander=20Vainshtein=20<Alexander.Vainshtein@ecite le.com>; bh=HNsF/XrxfhM5XciKw4PofRb23hK5ELSkgwIobW6B6IE=; b=BzFrSJG6Lf1DfvotHf0VDSQTtYkxBBAzWE8FVTi/08wQOf/evcX8mXVo/3 8NKu6IOpK4yNL8OlOjY9RlMrmDmO3DBEgKguk/Kuwg7SQ3JrBf4wdiksDXa/ 916dNR8MWR;
Authentication-Results: rtp-dkim-1; header.From=dward@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ba9cd4f9acda58dbe142afff7265daff
Cc: Ronen Sommer <Ronen.Sommer@ecitele.com>, Dave Katz <dkatz@juniper.net>, Igor Danilovich <Igor.Danilovich@ecitele.com>, David Ward <dward@cisco.com>, BFD WG <rtg-bfd@ietf.org>
Subject: Re: Resetting the sequence number in an authenticated BFD session
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
Errors-To: rtg-bfd-bounces@ietf.org
Sasha - What you need to realize is that you have a layering problem to solve and one could solve it multiple ways today. One solution: Run LACP or UDLD between the router and the switch that has the bundled interface, monitor component links and the state of the bundle. Independently run a BFD session between the two routers. Second solution: Run BFD between the two routers and on the router with the bundled interface, have a distributed state machine on all cards that home component links (this is an implementation specific design). Third solution: Run BFD between the router and the switch with the bundled interface via IP and monitor all component links. Run a second BFD between the two routers and use either a centralized BFD, a master link (that can receive all BFD packets through internal forwarding) or replicate state via #2. All three of the above solve the problem (there are obvious variants) and are deployed today. -DWard On Jan 12, 2008, at 11:24 PM, Alexander Vainshtein wrote: > David, > I have probably poorly presented the case of an intermediate L2 > device. > What I have in mind is the following combination: > A single L3 adjacency monitored by BFD that has been established > across an intermediate L2 device > Different number of L2-bundled links between each of the L3 peers > and the intermediate L2 device. > I do not see how your proposed solutions would help to resolve the > problem: > > Not sure why UDLR is relevant to this scenario, will look-up the > appropriate RFC first > LACP operates per L2-bundled link. It would help to detect a > failure of such a link, but, IMHO, no more than that > L3 BFD between a L3 and L2 device would not affect the state of the > L3 BFD session between the L3 peers. > > Regards, > > Sasha > > > From: David Ward [mailto:dward@cisco.com] > Sent: Fri 1/11/2008 4:18 PM > To: Alexander Vainshtein > Cc: David Ward; Nitin Bahadur; Dave Katz; Ronen Sommer; BFD WG; > Igor Danilovich > Subject: Re: Resetting the sequence number in an authenticated BFD > session > > Sasha - > > > I think I already covered your points on centralization and master > component link. WRT the issue that a L3 device is connected to an > L2 device via a bundled interface and the far L3 device is single > attached ... BFD is currently an L3 solution. You'd have to run > LACP, UDLR or BFD at L3 to the L2 device to cover this scenario. > > -DWard > > > On Jan 11, 2008, at 4:11 AM, Alexander Vainshtein wrote: > >> David, Nitin and all, >> Please see inline below (blue italics)..Unfortunately it seems >> that none of the options explicitly proposed by David resolve the >> issue. >> >> Regards, >> Sasha >> >> From: David Ward [mailto:dward@cisco.com] >> Sent: Thu 1/10/2008 11:51 PM >> To: Nitin Bahadur >> Cc: David Ward; Alexander Vainshtein; Dave Katz; Ronen Sommer; BFD >> WG; Igor Danilovich >> Subject: Re: Resetting the sequence number in an authenticated BFD >> session >> >> Solutions include (and are alluded to in the drafts): >> >> run BFD on bundled interfaces (any flavor) centrally [Sasha] This >> rasies the issue of the central component failover (as mentioned >> in my oriinal message). >> >> run BFD on all component links independently [Sasha] IMHO this is >> not a viable option. E.g., consider a L3 1-hop situation where the >> bundled interfaces run between one of the routers and a L2 switch, >> while the L3 adjacency is unaware of bundling. This is easily >> achieved with LAG. >> >> run BFD on a master component link [Sasha] The failure of the LC >> that carries the "master componet link" is the original scenario >> described in my original email, and the issue remains unsloved IMO. >> >> There are other variants as well. >> >> -DWard >> >> On Jan 10, 2008, at 3:41 PM, Nitin Bahadur wrote: >> >>> Alexander, >>> >>> I agree that keeping the sequence number consistent between >>> line cards is not practical. We need a way for a system to >>> indicate that it wants to restart the sequence. >>> >>> Nitin >>> >>> From: Alexander Vainshtein [mailto:Alexander.Vainshtein@ecitele.com] >>> Sent: Thursday, January 10, 2008 12:42 PM >>> To: David Ward; Dave Katz >>> Cc: Ronen Sommer; BFD WG; Igor Danilovich >>> Subject: Resetting the sequence number in an authenticated BFD >>> session >>> Importance: High >>> >>> Hi all, >>> I have a question related to the expected behavior of sequence >>> numbers in an aythenticated (MD5 or SHA1) BFD session. >>> >>> The corresdponding sections of draft-ietf-bfd-base-06 state that, >>> once the packet has been authenticated by the receiver, its >>> sequence number MUST be checked; if its value is out of range >>> defined by the last received sequence number and the Detect >>> Multiplexor, the packet MUST be discarded. >>> >>> This may result in the a BFD session going down in the situation >>> when the transceiver "loses" the information about its last >>> transmitted sequence number. A suitable use case is a multilink >>> interface (LAG, ML-PPP, etc.) with the links residing in >>> different line cards, and e BFD implemented in one of these >>> cards: if this card fails, the BFD would could be re-started in >>> one of the remaining cards. Such a restart would not affect the >>> local session because the BFD machine would be restarted with >>> bfd.AuthSeqKnown = 0, but keeping bfd.XmitAuthSeq consistent >>> between different line cards seems problematic. (Implemeting BFD >>> in some common card would resolve the situation with the >>> multilink interfaces but would raise similar issues when the >>> common card fails). >>> >>> Note that this problem would not occur for a non-authenticated >>> BFD session. >>> >>> IMHO this problem is real, and I do not see a simple solution for >>> it. >>> I would highly appreciate any feedback from the draft authors and/ >>> or from the WG. >>> >>> Regards, >>> Sasha >>> >> >
- Resetting the sequence number in an authenticated… Alexander Vainshtein
- RE: Resetting the sequence number in an authentic… Nitin Bahadur
- RE: Resetting the sequence number in an authentic… Nitin Bahadur
- Re: Resetting the sequence number in an authentic… David Ward
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Nitin Bahadur
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- Re: Resetting the sequence number in an authentic… David Ward
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Peter Arberg
- Re: Resetting the sequence number in an authentic… Dave Katz
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein