Re: BFD stability follow-up from IETF-91

[Marc Binderberger <marc@sniff.de>]

Hello Manav,

> One way to solve this problem is by attaching a debug trailer that
> only carries the seq numbers at the *end* of the BFD packet. This
> would not be covered in the Length field carried in the BFD header but
> would be accounted for in the length carried in the IP header.

BFD itself is not related to IP, i.e. there is not always an IP header.
Sure, the encapsulating "frame" may provide a length but actually, why not 
covering the debug trailer with the BFD length?

If this is solely for debug purpose than this may work. For simple 
copying-out into e.g. a packet trace buffer it would be even simpler to have 
the BFD length covering the trailer.
If hardware is supposed to process the trailer information (other than 
copying out) then it's getting ugly - having fixed position, fixed length 
extension headers would be preferable for simple access.


Another idea is to use the 0x80 bit of the auth type to distinguish between a 
"normal" authentication header and a "sequence + authentication".


Regards, Marc

 



On Thu, 27 Nov 2014 21:12:00 +0530, Manav Bhatia wrote:
> Hi Santosh,
> 
> You could use the crypto sequence numbers carried in the meticulous
> cryptographic auth for detecting packet losses. However, this breaks
> when you use non-meticulous crypto authentication since the sequence
> number is only incremented occasionally there. This i believe is a
> deal breaker since i really envision non meticulous mode to be the one
> being widely deployed. In fact we were supposed to write a draft on
> that and i guess it just fell through the cracks (lemme ping my
> co-author on that !)
> 
> One way to solve this problem is by attaching a debug trailer that
> only carries the seq numbers at the *end* of the BFD packet. This
> would not be covered in the Length field carried in the BFD header but
> would be accounted for in the length carried in the IP header. The
> concept of attaching a trailer is documented well and is used in the
> IGPs. RFC 6506 describes one such trailer for OSPFv3. The catch
> however is that this debug trailer will NOT be covered by the BFD
> authentication. Is this acceptable to the WG?
> 
> I think the problem of diagnosing a BFD flap becomes all the more
> important with BFD authentication turned on since then we have more
> points where a delay can be inserted.
> 
> Cheers, Manav
> 
> 
> On Thu, Nov 27, 2014 at 8:32 PM, Santosh P K <santoshpk@juniper.net> wrote:
>> Manav,
>>     This is good question.
>> 
>>> Can the authors add some text on how this debugging mechanism would
>>> work if somebody employs BFD authentication?
>> 
>> Right now we have considered without authentication (we are setting A 
>> bit). We should add some text on how we can use both Auth and de bug TLV. 
>> Is there any suggestion you have? I will get back to you on this.
>> 
>> 
>> Thanks
>> Santosh P K
>> 
>>>> -----Original Message-----
>>>> From: Rtg-bfd [mailto:rtg-bfd-bounces@ietf.org] On Behalf Of Mach Chen
>>>> Sent: Thursday, November 27, 2014 2:13 PM
>>>> To: Marc Binderberger
>>>> Cc: rtg-bfd@ietf.org
>>>> Subject: RE: BFD stability follow-up from IETF-91
>>>> 
>>>> Hi Marc,
>>>> 
>>>>> -----Original Message-----
>>>>> From: Marc Binderberger [mailto:marc@sniff.de]
>>>>> Sent: Thursday, November 27, 2014 1:43 AM
>>>>> To: Mach Chen
>>>>> Cc: Manav Bhatia; rtg-bfd@ietf.org
>>>>> Subject: RE: BFD stability follow-up from IETF-91
>>>>> 
>>>>> Hello Mach,
>>>>> 
>>>>>> This triggers me think out there should be another solution for
>>>>>> getting the Tx and Rx timestamps without encoding the timestamps in
>>>>>> the BFD
>>>>> packets.
>>>>>> For example, the Tx and Rx systems could just save timestamps
>>>>>> locally or send them to a centralized entity and then use the
>>>>>> sequence numbers to correlate them for further analyzing.
>>>>> 
>>>>> I remember some discussion on NVO3 about how many bits it takes ;-) -
>>>>> could you send the links/draft names you are working on to this list?
>>>>> May be useful for further discussions.
>>>> 
>>>> Sure, here is the 
>>>> link(http://tools.ietf.org/html/draft-chen-ippm-coloring-
>>> based-ipfpm-framework-02) for the reference.
>>>> 
>>>> But here I want to say is that since we have sequence number, we may not
>>> need the marking based solution. Suppose that someone want to monitor
>>> the delay of a BFD packet , just record and save the timestamp at the Tx 
>>> side,
>>> which indexed by the sequence number. Similarly, do the same at the Rx
>>> side. Then based on the timestamps from both Tx and Rx, and using the
>>> sequence number to correlate the timestamps, it can also provide a way to
>>> monitor the delay of the BFD packet.
>>>> 
>>>> That means, only if there is sequence number, even if without carrying 
>>>> the
>>> timestamp in the BFD packet, BFD packet delay can be measured.
>>>> 
>>>> Best regards,
>>>> Mach
>>>> 
>>>>> 
>>>>> 
>>>>> Thanks & Regards,
>>>>> Marc
>>>>> 
>>>>> 
>>>>> 
>>>>> On Wed, 26 Nov 2014 09:17:32 +0000, Mach Chen wrote:
>>>>>> Hi Marc and Manav,
>>>>>> 
>>>>>>> -----Original Message-----
>>>>>>> From: Rtg-bfd [mailto:rtg-bfd-bounces@ietf.org] On Behalf Of Marc
>>>>>>> Binderberger
>>>>>>> Sent: Wednesday, November 26, 2014 4:50 PM
>>>>>>> To: Manav Bhatia
>>>>>>> Cc: rtg-bfd@ietf.org
>>>>>>> Subject: Re: BFD stability follow-up from IETF-91
>>>>>>> 
>>>>>>> Hello Manav,
>>>>>>> 
>>>>>>>> I believe the work is important and addresses something thats
>>>>>>>> really required (spent too much time debugging why BFD flapped!).
>>>>>>> 
>>>>>>> agree :-) we should keep the discussion alive.
>>>>>>> 
>>>>>>> 
>>>>>>>> side Time stamping would have helped in debugging whether the
>>> BFD
>>>>>>>> packet was sent late, or whether the packet was sent on time and
>>>>>>>> also arrived on time but was delayed when passing it up the BFD
>>>>>>>> stack/processor (lay in the RX buffer for tad too long)
>>>>>>> 
>>>>>>> well, I can see a point in having the Tx timestamps in the packet
>>>>>>> mainly for the purpose of knowing "this" packet was okay/not okay
>>>>>>> on the Tx side and to correlate it with your local Rx measurement.
>>>>>> 
>>>>>> Yes, this is one solution if people think BFD delay is needed. If
>>>>>> allow to have Tx timestamps to be carried in the packets, seems it
>>>>>> should be no problem to leave a seat for the Rx timestamps as well
>>>>>> :-). After all, with both Tx and Rx timestamp, it may simplify the
>>>>> implementation.
>>>>>> 
>>>>>>> 
>>>>>>> And even this point is less relevant with sequence numbers as this
>>>>>>> number allows the identification of packets and thus the
>>>>>>> correlation of information from the Tx and Rx system.
>>>>>> 
>>>>>> Indeed, the sequence number helps a lot for the correlation between
>>>>>> the Tx and Rx system.
>>>>>> 
>>>>>> This triggers me think out there should be another solution for
>>>>>> getting the Tx and Rx timestamps without encoding the timestamps in
>>>>>> the BFD
>>>>> packets.
>>>>>> For example, the Tx and Rx systems could just save timestamps
>>>>>> locally or send them to a centralized entity and then use the
>>>>>> sequence numbers to correlate them for further analyzing.
>>>>>> 
>>>>>> Best regards,
>>>>>> Mach
>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> Regards, Marc
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> On Wed, 26 Nov 2014 12:26:41 +0530, Manav Bhatia wrote:
>>>>>>>> Hi Jeff,
>>>>>>>> 
>>>>>>>> I vividly remember the original intent of the stability draft was
>>>>>>>> to help debug BFD failures -- to isolate the issue at the RX or
>>>>>>>> the TX side Time stamping would have helped in debugging whether
>>>>>>>> the BFD packet was sent late, or whether the packet was sent on
>>>>>>>> time and also arrived on time but was delayed when passing it up
>>>>>>>> the BFD stack/processor (lay in the RX buffer for tad too long),
>>>>>>>> etc. But then time stamping came with its own set of issues, and
>>>>>>>> was hence dropped from the original draft.
>>>>>>>> 
>>>>>>>> Can the authors send a summary on the list on why time stamping
>>>>>>>> was dropped so that we're all clear on that one.
>>>>>>>> 
>>>>>>>> The current proposal does help but is not complete.
>>>>>>>> 
>>>>>>>> Assume that the RX end loses a BFD session and learns later that
>>>>>>>> it did eventually receive the missing BFD packets (based on the seq
>>> #).
>>>>>>>> How would it know which end was misbehaving? Was it a delay at
>>>>>>>> the TX side, or was it the RX that delayed passing the packets to
>>>>>>>> the BFD process(or). This is usually what we want to debug and i
>>>>>>>> want to understand how this draft with sequence numbers can
>>>>>>>> unequivocally tell me that.
>>>>>>>> 
>>>>>>>> I believe the work is important and addresses something thats
>>>>>>>> really required (spent too much time debugging why BFD flapped!).
>>>>>>>> Clearly what would help is putting a small section that describes
>>>>>>>> how we can use the sequence numbers to debug what and where
>>> things went wrong.
>>>>>>>> 
>>>>>>>> Cheers, Manav
>>>>>>>> 
>>>>>>>> 
>>>>>>>> On Wed, Nov 26, 2014 at 5:49 AM, Jeffrey Haas <jhaas@pfrc.org>
>>> wrote:
>>>>>>>>> draft-ashesh-bfd-stability-01 was presented again during IETF-91
>>>>>>>>> in Honolulu.  The slides can be viewed here:
>>>>>>>>> 
>>>>>>>>> http://www.ietf.org/proceedings/91/slides/slides-91-bfd-4.pptx
>>>>>>>>> 
>>>>>>>>> To attempt to simplify the presentation, the contentious portion
>>>>>>>>> of the timers were removed from the proposal, leaving only the
>>>>>>>>> sequence numbering for detecting loss of BFD async packets.
>>>>>>>>> 
>>>>>>>>> When the room was polled to see whether the draft should be
>>>>>>>>> adopted as a WG item, the sense of the room was very quiet.  As
>>>>>>>>> promised, this is to inquire for support for this draft on the
>>>>>>>>> WG mailing list to make sure the whole group has a voice.
>>>>>>>>> 
>>>>>>>>> It should be noted that post-meeting discussion on the fate of
>>>>>>>>> this draft noted that BFD authentication code points are
>>>>>>>>> plentiful and are available with expert review.  Should the
>>>>>>>>> draft authors wish to continue this work as Experimental, that is an
>>> option.
>>>>>>>>> 
>>>>>>>>> -- Jeff
>>>>>>>>> 
>>>>>>>> 
>>>>>> 
>>>> 
>> 
>