Interesting BFD discussion on reddit

Eygene Ryabinkin rea+nanog at grid.kiae.ru
Mon Feb 16 14:50:58 UTC 2015


Mon, Feb 16, 2015 at 08:55:17AM +0530, Glen Kent wrote:
> > I wonder if Trio, EZChip and friends could do SHA in NPU, my guess
> > is yes they could, but perhaps there is even more appropriate hash
> > for this use-case.  I'm not entirely convinced doing hash for each
> > BFD packet is impractical.
> >
> > [0] http://www.ietf.org/id/draft-mahesh-bfd-authentication-00.txt
> 
> 
> You might want to take a look at:
> http://www.ietf.org/proceedings/89/slides/slides-89-mpls-9.pdf
> 
> Look at the slides 11 onwards.

Were these people doing some real implementation in-hardware or were
just theoretizing?  I see "prediction" label for the number of
authenticated sessions -- do you have an idea what that means?

And on slide 14 you have smaller session limit numbers for BFD fully
implemented in hardware than for hw-assisted case (slide 12).

It makes me think that this presentation should either be supplemented
with talking people or there are some errors in it.  Or I am completely
missing some fine point here.

> Doing HMAC calculation for each packet adversely affects the number
> of concurrent sessions that can be supported.

Without mentioning the scope (which hardware and software) this
assertion is either trivial or useless, sorry.  TSO, frame checksums
and other stuff hadn't been implemented in-hardware for ages, but
now it is here and there all the time.

And /me is interested why can't BFD be done on the interface chip
level: it is point-to-point on L2 for the majority of cases.
-- 
Eygene Ryabinkin, National Research Centre "Kurchatov Institute"

Always code as if the guy who ends up maintaining your code will be
a violent psychopath who knows where you live.



More information about the NANOG mailing list