Interesting BFD discussion on reddit

Dave Waters davewaters1970 at gmail.com
Tue Feb 17 02:12:20 UTC 2015


Because BFD packets can get routed across multiple hops. Unlike EBGP where
you connect to a peer in a different AS and you have a direct connection,
BFD packets can traverse multiple hops to reach the endpoint.

In case of multihop BFD the BFD packets also get re-routed when the
topology changes so you can almost never bet on the TTL value to secure the
protocol.

Dave

On Tue, Feb 17, 2015 at 7:03 AM, Rob Seastrom <rs at seastrom.com> wrote:

>
> Dave Waters <davewaters1970 at gmail.com> writes:
>
> >
> http://www.reddit.com/r/networking/comments/2vxj9u/very_elegant_and_a_simple_way_to_secure_bfd/
> >
> > Authentication mechanisms defined for IGPs cannot be used to protect BFD
> > since the rate at which packets are processed in BFD is very high.
> >
> > Dave
>
> One might profitably ask why BFD wasn't designed to take advantage of
> high-TTL-shadowing, a la draft-gill-btsh.
>
> -r
>
>
>



More information about the NANOG mailing list