RE: Resetting the sequence number in an authenticated BFD session
Alexander Vainshtein <Alexander.Vainshtein@ecitele.com> Sun, 13 January 2008 17:17 UTC
Return-path: <rtg-bfd-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JE6SP-0002hR-JN; Sun, 13 Jan 2008 12:17:13 -0500
Received: from rtg-bfd by megatron.ietf.org with local (Exim 4.43) id 1JE6SO-0002hJ-Dj for rtg-bfd-confirm+ok@megatron.ietf.org; Sun, 13 Jan 2008 12:17:12 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JE6SN-0002hB-Vc for rtg-bfd@ietf.org; Sun, 13 Jan 2008 12:17:12 -0500
Received: from eci-iron1.ecitele.com ([147.234.242.117]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JE6SL-00032h-Ca for rtg-bfd@ietf.org; Sun, 13 Jan 2008 12:17:11 -0500
Received: from unknown (HELO ILPTAM01.ecitele.com) ([147.234.244.44]) by eci-iron1.ecitele.com with ESMTP; 13 Jan 2008 19:35:26 +0200
Received: from ilptexch01.ecitele.com ([172.31.244.40]) by ILPTAM01.ecitele.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 13 Jan 2008 19:17:08 +0200
Received: from ILPTMAIL01.ecitele.com (147.234.245.211) by ilptexch01.ecitele.com (172.31.244.40) with Microsoft SMTP Server id 8.1.240.5; Sun, 13 Jan 2008 19:17:07 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C85608.1FF0EE3E"
Date: Sun, 13 Jan 2008 19:17:06 +0200
Message-ID: <64122293A6365B4A9794DC5636F9ACFD02672A85@ILPTEX02.ecitele.com>
In-Reply-To: <37AA0457-0AC7-4C00-975F-96416C050870@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Resetting the sequence number in an authenticated BFD session
Thread-Index: AchV/+GFD8u7CUsBTgCt4Y8Ruk6D+gABkLOg
References: <64122293A6365B4A9794DC5636F9ACFD0252D70A@ILPTEX02.ecitele.com> <7FA0C743C38E5340BFC2873488FA1E8E8B22F9@emailcorp3.jnpr.net> <A1C094AD-3891-4660-AE2C-DADE1FF7DD96@cisco.com> <64122293A6365B4A9794DC5636F9ACFD0252D70B@ILPTEX02.ecitele.com> <A050B43B-2ABA-4FCC-811E-2017003A1B50@cisco.com> <64122293A6365B4A9794DC5636F9ACFD0252D70D@ILPTEX02.ecitele.com> <37AA0457-0AC7-4C00-975F-96416C050870@cisco.com>
From: Alexander Vainshtein <Alexander.Vainshtein@ecitele.com>
To: David Ward <dward@cisco.com>
X-OriginalArrivalTime: 13 Jan 2008 17:17:08.0248 (UTC) FILETIME=[2058D980:01C85608]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a8403cbbf1773e27474a13192645c46f
Cc: BFD WG <rtg-bfd@ietf.org>, Ronen Sommer <Ronen.Sommer@ecitele.com>, Dave Katz <dkatz@juniper.net>
Subject: RE: Resetting the sequence number in an authenticated BFD session
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
Errors-To: rtg-bfd-bounces@ietf.org
David and all, Lots of thanks for a prompt and detailed response. My gut feeling is that replicated state (or something like that) is part of all the approaches you've outlined, but I must carefully re-check this feeling. Regards, Sasha ________________________________ From: David Ward [mailto:dward@cisco.com] Sent: Sunday, January 13, 2008 6:18 PM To: Alexander Vainshtein Cc: David Ward; Nitin Bahadur; Dave Katz; Ronen Sommer; BFD WG; Igor Danilovich Subject: Re: Resetting the sequence number in an authenticated BFD session Sasha - What you need to realize is that you have a layering problem to solve and one could solve it multiple ways today. One solution: Run LACP or UDLD between the router and the switch that has the bundled interface, monitor component links and the state of the bundle. Independently run a BFD session between the two routers. Second solution: Run BFD between the two routers and on the router with the bundled interface, have a distributed state machine on all cards that home component links (this is an implementation specific design). Third solution: Run BFD between the router and the switch with the bundled interface via IP and monitor all component links. Run a second BFD between the two routers and use either a centralized BFD, a master link (that can receive all BFD packets through internal forwarding) or replicate state via #2. All three of the above solve the problem (there are obvious variants) and are deployed today. -DWard On Jan 12, 2008, at 11:24 PM, Alexander Vainshtein wrote: David, I have probably poorly presented the case of an intermediate L2 device. What I have in mind is the following combination: 1. A single L3 adjacency monitored by BFD that has been established across an intermediate L2 device 2. Different number of L2-bundled links between each of the L3 peers and the intermediate L2 device. I do not see how your proposed solutions would help to resolve the problem: 1. Not sure why UDLR is relevant to this scenario, will look-up the appropriate RFC first 2. LACP operates per L2-bundled link. It would help to detect a failure of such a link, but, IMHO, no more than that 3. L3 BFD between a L3 and L2 device would not affect the state of the L3 BFD session between the L3 peers. Regards, Sasha ________________________________ From: David Ward [mailto:dward@cisco.com] Sent: Fri 1/11/2008 4:18 PM To: Alexander Vainshtein Cc: David Ward; Nitin Bahadur; Dave Katz; Ronen Sommer; BFD WG; Igor Danilovich Subject: Re: Resetting the sequence number in an authenticated BFD session Sasha - I think I already covered your points on centralization and master component link. WRT the issue that a L3 device is connected to an L2 device via a bundled interface and the far L3 device is single attached ... BFD is currently an L3 solution. You'd have to run LACP, UDLR or BFD at L3 to the L2 device to cover this scenario. -DWard On Jan 11, 2008, at 4:11 AM, Alexander Vainshtein wrote: David, Nitin and all, Please see inline below (blue italics)..Unfortunately it seems that none of the options explicitly proposed by David resolve the issue. Regards, Sasha ________________________________ From: David Ward [mailto:dward@cisco.com] Sent: Thu 1/10/2008 11:51 PM To: Nitin Bahadur Cc: David Ward; Alexander Vainshtein; Dave Katz; Ronen Sommer; BFD WG; Igor Danilovich Subject: Re: Resetting the sequence number in an authenticated BFD session Solutions include (and are alluded to in the drafts): run BFD on bundled interfaces (any flavor) centrally [Sasha] This rasies the issue of the central component failover (as mentioned in my oriinal message). run BFD on all component links independently [Sasha] IMHO this is not a viable option. E.g., consider a L3 1-hop situation where the bundled interfaces run between one of the routers and a L2 switch, while the L3 adjacency is unaware of bundling. This is easily achieved with LAG. run BFD on a master component link [Sasha] The failure of the LC that carries the "master componet link" is the original scenario described in my original email, and the issue remains unsloved IMO. There are other variants as well. -DWard On Jan 10, 2008, at 3:41 PM, Nitin Bahadur wrote: Alexander, I agree that keeping the sequence number consistent between line cards is not practical. We need a way for a system to indicate that it wants to restart the sequence. Nitin ________________________________ From: Alexander Vainshtein [mailto:Alexander.Vainshtein@ecitele.com] Sent: Thursday, January 10, 2008 12:42 PM To: David Ward; Dave Katz Cc: Ronen Sommer; BFD WG; Igor Danilovich Subject: Resetting the sequence number in an authenticated BFD session Importance: High Hi all, I have a question related to the expected behavior of sequence numbers in an aythenticated (MD5 or SHA1) BFD session. The corresdponding sections of draft-ietf-bfd-base-06 state that, once the packet has been authenticated by the receiver, its sequence number MUST be checked; if its value is out of range defined by the last received sequence number and the Detect Multiplexor, the packet MUST be discarded. This may result in the a BFD session going down in the situation when the transceiver "loses" the information about its last transmitted sequence number. A suitable use case is a multilink interface (LAG, ML-PPP, etc.) with the links residing in different line cards, and e BFD implemented in one of these cards: if this card fails, the BFD would could be re-started in one of the remaining cards. Such a restart would not affect the local session because the BFD machine would be restarted with bfd.AuthSeqKnown = 0, but keeping bfd.XmitAuthSeq consistent between different line cards seems problematic. (Implemeting BFD in some common card would resolve the situation with the multilink interfaces but would raise similar issues when the common card fails). Note that this problem would not occur for a non-authenticated BFD session. IMHO this problem is real, and I do not see a simple solution for it. I would highly appreciate any feedback from the draft authors and/or from the WG. Regards, Sasha
- Resetting the sequence number in an authenticated… Alexander Vainshtein
- RE: Resetting the sequence number in an authentic… Nitin Bahadur
- RE: Resetting the sequence number in an authentic… Nitin Bahadur
- Re: Resetting the sequence number in an authentic… David Ward
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Nitin Bahadur
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- Re: Resetting the sequence number in an authentic… David Ward
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Peter Arberg
- Re: Resetting the sequence number in an authentic… Dave Katz
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein