nanog mailing list archives
Re: Interesting BFD discussion on reddit
From: Glen Kent <glen.kent () gmail com>
Date: Tue, 17 Feb 2015 06:11:59 +0530
http://www.ietf.org/proceedings/90/agenda.html -> MPLS WG was heldin Sovereign on 4th March @ 1300-1400 http://www.ietf.org/audio/ietf89/ will you the audio recording for this talk.
From the MOM http://www.ietf.org/proceedings/89/minutes/minutes-89-mpls its
clear that there is no disagreement about NOT doing BFD authentication in hardware -- similar to what is claimed by the presenter. I think the hardware used was Broadcom. They have a few chipsets which do MD5 and (possibly) SHA in hardware for BFD -- which i have been told is pretty much useless when you start scaling. Glen On Mon, Feb 16, 2015 at 8:20 PM, Eygene Ryabinkin <rea () grid kiae ru> wrote:
Mon, Feb 16, 2015 at 08:55:17AM +0530, Glen Kent wrote:I wonder if Trio, EZChip and friends could do SHA in NPU, my guess is yes they could, but perhaps there is even more appropriate hash for this use-case. I'm not entirely convinced doing hash for each BFD packet is impractical. [0] http://www.ietf.org/id/draft-mahesh-bfd-authentication-00.txtYou might want to take a look at: http://www.ietf.org/proceedings/89/slides/slides-89-mpls-9.pdf Look at the slides 11 onwards.Were these people doing some real implementation in-hardware or were just theoretizing? I see "prediction" label for the number of authenticated sessions -- do you have an idea what that means? And on slide 14 you have smaller session limit numbers for BFD fully implemented in hardware than for hw-assisted case (slide 12). It makes me think that this presentation should either be supplemented with talking people or there are some errors in it. Or I am completely missing some fine point here.Doing HMAC calculation for each packet adversely affects the number of concurrent sessions that can be supported.Without mentioning the scope (which hardware and software) this assertion is either trivial or useless, sorry. TSO, frame checksums and other stuff hadn't been implemented in-hardware for ages, but now it is here and there all the time. And /me is interested why can't BFD be done on the interface chip level: it is point-to-point on L2 for the majority of cases. -- Eygene Ryabinkin, National Research Centre "Kurchatov Institute" Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.
Current thread:
- Interesting BFD discussion on reddit Dave Waters (Feb 15)
- Re: Interesting BFD discussion on reddit Saku Ytti (Feb 15)
- Re: Interesting BFD discussion on reddit Glen Kent (Feb 15)
- Re: Interesting BFD discussion on reddit Saku Ytti (Feb 16)
- Re: Interesting BFD discussion on reddit Eygene Ryabinkin (Feb 16)
- Re: Interesting BFD discussion on reddit Glen Kent (Feb 16)
- Re: Interesting BFD discussion on reddit Saku Ytti (Feb 16)
- Re: Interesting BFD discussion on reddit Sudeep Khuraijam (Feb 20)
- Re: Interesting BFD discussion on reddit Glen Kent (Feb 15)
- Re: Interesting BFD discussion on reddit Saku Ytti (Feb 15)
- Re: Interesting BFD discussion on reddit Saku Ytti (Feb 16)
- Re: Interesting BFD discussion on reddit Dave Waters (Feb 17)
- Re: Interesting BFD discussion on reddit Rob Seastrom (Feb 16)
- Re: Interesting BFD discussion on reddit Hugo Slabbert (Feb 17)