IETF Logo Mail Archive

Re: Mirja Kühlewind's Discuss on draft-ietf-bfd-seamless-base-09: (with DISCUSS)

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Tue, 03 May 2016 09:46 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0527D12D6B2; Tue, 3 May 2016 02:46:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.516
X-Spam-Level:
X-Spam-Status: No, score=-15.516 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IdD9OWk6lNZy; Tue, 3 May 2016 02:46:16 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27B8F12D688; Tue, 3 May 2016 02:46:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4992; q=dns/txt; s=iport; t=1462268776; x=1463478376; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Dqh2Ax3LvRooB8yQCKvF3hRJ1onKTJvogZYhCmzkGPM=; b=gfOt0TyR1TuCblhPxaC2vwPdtV9BvdVWF/d0CXxYbQNEDiXRdokW4Luh 9SFvn4ByYvZwWkx7VZST3g/jISJSU1WCBn+8lbfypL5wtJfWd1rIZgjnH YrvOH3EXN3+qZCvq9dKs1G0/qFByhKqfcgnd05lOsxD0ehLD87q+veeCf k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ANBQAZcyhX/4sNJK1dgziBULUdgmSCHYF2hhACgT86EgEBAQEBAQFlJ4RCAQEEeRACAQgEOwcyFBECBA4FiCq6eAEBAQEBAQEBAQEBAQEBAQEBAQEBARWGIYF2gleHaoIuBYd4hhiKBgGOF48SiUCFcQEnDC+Da2yIPAEBAQ
X-IronPort-AV: E=Sophos;i="5.24,572,1454976000"; d="scan'208,217";a="268819607"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 03 May 2016 09:45:53 +0000
Received: from XCH-RTP-005.cisco.com (xch-rtp-005.cisco.com [64.101.220.145]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id u439jrYP003334 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 3 May 2016 09:45:53 GMT
Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-005.cisco.com (64.101.220.145) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 3 May 2016 05:45:52 -0400
Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1104.009; Tue, 3 May 2016 05:45:52 -0400
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Manav Bhatia <manav@ionosnetworks.com>
Subject: Re: Mirja Kühlewind's Discuss on draft-ietf-bfd-seamless-base-09: (with DISCUSS)
Thread-Topic: Mirja Kühlewind's Discuss on draft-ietf-bfd-seamless-base-09: (with DISCUSS)
Thread-Index: AQHRpR8YB75iFhnPVECZQ0i//enE0Z+nOU8A//+9nJI=
Date: Tue, 03 May 2016 09:45:52 +0000
Message-ID: <C21163D1-D537-429A-A5DB-7289DC65413F@cisco.com>
References: <20160503093512.7446.68991.idtracker@ietfa.amsl.com>, <CAGS6MpACcbv=9i0-8MhETAm4tZO_vf8Vc1+8GEs0K7taYYEkJA@mail.gmail.com>
In-Reply-To: <CAGS6MpACcbv=9i0-8MhETAm4tZO_vf8Vc1+8GEs0K7taYYEkJA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_C21163D1D537429AA5DB7289DC65413Fciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtg-bfd/t3KNM_D-bw5EiM_-dYxqI6ZV0v4>
Cc: Mirja Kuehlewind <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>, "draft-ietf-bfd-seamless-base@ietf.org" <draft-ietf-bfd-seamless-base@ietf.org>, "bfd-chairs@ietf.org" <bfd-chairs@ietf.org>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2016 09:46:18 -0000

Manav,

A router not configured for S-BFD can be more likely to receive S-BFD packets. We can call that out.

Thumb typed by Carlos Pignataro.
Excuze typofraphicak errows

On May 3, 2016, at 05:43, Manav Bhatia <manav@ionosnetworks.com<mailto:manav@ionosnetworks.com>> wrote:

Hi Mirja,


----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

As S-BFD has no initiation process anymore it is not guarenteed that the
receiver/responder actually exists. That means that packets could float
(uncontrolled) in the network or even outside of the adminstrative domain
(e.g. due to configuration mistakes). From my point of view this document
should recommend/require two things:

1) A maximum number of S-BFD packet that is allow to be send without
getting a response (maybe leading to a local error report).

2) Egress filtering at the adminstrative border of the domain that uses
S-BFD to make sure that no S-BFD packets leave the domain.



How different is this from having a regular BFD/OSPF/ISIS speaker misconfigured to to peer with a router that it is not supposed to peer with. In such cases OSPF/ISIS, etc will continue sending HELLOs. So why do anything different for S-BFD.

Moreover, the whole idea of rate-limiting S-BFD packets is fundamentally incorrect. Its possible that the SBFD peer that router is trying to send S-BFD packets to may be down for some reason. In such cases you will NOT receive a response. Its only when it comes up that you will get a response.

Am i missing something here?

Cheers, Manav

v2.23.0 | Report a Bug | By Email