nanog mailing list archives
Re: Interesting BFD discussion on reddit
From: Dave Waters <davewaters1970 () gmail com>
Date: Tue, 17 Feb 2015 07:42:20 +0530
Because BFD packets can get routed across multiple hops. Unlike EBGP where you connect to a peer in a different AS and you have a direct connection, BFD packets can traverse multiple hops to reach the endpoint. In case of multihop BFD the BFD packets also get re-routed when the topology changes so you can almost never bet on the TTL value to secure the protocol. Dave On Tue, Feb 17, 2015 at 7:03 AM, Rob Seastrom <rs () seastrom com> wrote:
Dave Waters <davewaters1970 () gmail com> writes:http://www.reddit.com/r/networking/comments/2vxj9u/very_elegant_and_a_simple_way_to_secure_bfd/Authentication mechanisms defined for IGPs cannot be used to protect BFD since the rate at which packets are processed in BFD is very high. DaveOne might profitably ask why BFD wasn't designed to take advantage of high-TTL-shadowing, a la draft-gill-btsh. -r
Current thread:
- Interesting BFD discussion on reddit Dave Waters (Feb 15)
- Re: Interesting BFD discussion on reddit Saku Ytti (Feb 15)
- Re: Interesting BFD discussion on reddit Glen Kent (Feb 15)
- Re: Interesting BFD discussion on reddit Saku Ytti (Feb 16)
- Re: Interesting BFD discussion on reddit Eygene Ryabinkin (Feb 16)
- Re: Interesting BFD discussion on reddit Glen Kent (Feb 16)
- Re: Interesting BFD discussion on reddit Saku Ytti (Feb 16)
- Re: Interesting BFD discussion on reddit Sudeep Khuraijam (Feb 20)
- Re: Interesting BFD discussion on reddit Glen Kent (Feb 15)
- Re: Interesting BFD discussion on reddit Saku Ytti (Feb 15)
- Re: Interesting BFD discussion on reddit Saku Ytti (Feb 16)
- Re: Interesting BFD discussion on reddit Dave Waters (Feb 17)
- Re: Interesting BFD discussion on reddit Rob Seastrom (Feb 16)
- Re: Interesting BFD discussion on reddit Hugo Slabbert (Feb 17)