IETF Logo Mail Archive

ttl and authentication [Re: I-D ACTION:draft-ietf-bfd-multihop-01.txt]

Pekka Savola <pekkas@netcore.fi> Thu, 24 February 2005 02:54 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA15314; Wed, 23 Feb 2005 21:54:22 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D49Vn-0002Fn-0g; Wed, 23 Feb 2005 22:17:59 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D41zB-0005u6-Ed; Wed, 23 Feb 2005 14:15:49 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D41zA-0005tk-Nu for rtg-bfd@megatron.ietf.org; Wed, 23 Feb 2005 14:15:48 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA01864 for <rtg-bfd@ietf.org>; Wed, 23 Feb 2005 14:15:41 -0500 (EST)
Received: from netcore.fi ([193.94.160.1]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D42Lo-0006QJ-Eu for rtg-bfd@ietf.org; Wed, 23 Feb 2005 14:39:14 -0500
Received: from localhost (pekkas@localhost) by netcore.fi (8.11.6/8.11.6) with ESMTP id j1NJFWn06567 for <rtg-bfd@ietf.org>; Wed, 23 Feb 2005 21:15:32 +0200
Date: Wed, 23 Feb 2005 21:15:32 +0200
From: Pekka Savola <pekkas@netcore.fi>
To: rtg-bfd@ietf.org
In-Reply-To: <200502222036.PAA16786@ietf.org>
Message-ID: <Pine.LNX.4.61.0502232111590.6499@netcore.fi>
References: <200502222036.PAA16786@ietf.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b
Subject: ttl and authentication [Re: I-D ACTION:draft-ietf-bfd-multihop-01.txt]
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
Sender: rtg-bfd-bounces@ietf.org
Errors-To: rtg-bfd-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb

Hi,

On Tue, 22 Feb 2005 Internet-Drafts@ietf.org wrote:
> 	Title		: BFD for Multihop Paths
> 	Author(s)	: D. Katz, D. Ward
> 	Filename	: draft-ietf-bfd-multihop-01.txt
> 	Pages		: 6
> 	Date		: 2005-2-22

There was one particularly unnerving change in -01:

5. TTL/Hop Count Issues

    If BFD authentication is not in use, all BFD Control packets for
    sessions operating according to this specification MUST be sent with
    a TTL or Hop Count value of 255.  All received BFD Control packets
    that are demultiplexed to sessions operating according to this
    specification MUST be discarded if the received TTL or Hop Count is
    not equal to 255.  A discussion of this mechanism can be found in
    [GTSM].

    If BFD authentication is in use, any value of TTL/Hop Count MAY be
    used in transmitted packets, and received packets MUST NOT be
    discarded based on the received TTL/Hop Count.

.. this is _not good_, depending on the definition of "BFD 
authentication is in use".

If I interpret this correctly, the routers can not simply drop BFD 
session which are sent to the router with a bogus TTL and bogus 
authentication (e.g., wrong password) based on the TTL check?

For single hop scenarios, I don't see the reason to omit checking for 
TTL or to send any other TTL than 255.  Please elaborate or put it 
back in ASAP :).

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

v2.31.3 | Report a Bug | By Email | System Status