Interesting BFD discussion on reddit

• Previous message (by thread): Interesting BFD discussion on reddit
• Next message (by thread): Interesting BFD discussion on reddit
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.ietf.org/proceedings/90/agenda.html -> MPLS WG was heldin
Sovereign on 4th March @ 1300-1400

http://www.ietf.org/audio/ietf89/ will you the audio recording for this
talk.

>From the MOM http://www.ietf.org/proceedings/89/minutes/minutes-89-mpls its
clear that there is no disagreement about NOT doing BFD authentication in
hardware -- similar to what is claimed by the presenter.

I think the hardware used was Broadcom. They have a few chipsets which do
MD5 and (possibly) SHA in hardware for BFD -- which i have been told is
pretty much useless when you start scaling.

Glen

On Mon, Feb 16, 2015 at 8:20 PM, Eygene Ryabinkin <rea at grid.kiae.ru> wrote:

> Mon, Feb 16, 2015 at 08:55:17AM +0530, Glen Kent wrote:
> > > I wonder if Trio, EZChip and friends could do SHA in NPU, my guess
> > > is yes they could, but perhaps there is even more appropriate hash
> > > for this use-case.  I'm not entirely convinced doing hash for each
> > > BFD packet is impractical.
> > >
> > > [0] http://www.ietf.org/id/draft-mahesh-bfd-authentication-00.txt
> >
> >
> > You might want to take a look at:
> > http://www.ietf.org/proceedings/89/slides/slides-89-mpls-9.pdf
> >
> > Look at the slides 11 onwards.
>
> Were these people doing some real implementation in-hardware or were
> just theoretizing?  I see "prediction" label for the number of
> authenticated sessions -- do you have an idea what that means?
>
> And on slide 14 you have smaller session limit numbers for BFD fully
> implemented in hardware than for hw-assisted case (slide 12).
>
> It makes me think that this presentation should either be supplemented
> with talking people or there are some errors in it.  Or I am completely
> missing some fine point here.
>
> > Doing HMAC calculation for each packet adversely affects the number
> > of concurrent sessions that can be supported.
>
> Without mentioning the scope (which hardware and software) this
> assertion is either trivial or useless, sorry.  TSO, frame checksums
> and other stuff hadn't been implemented in-hardware for ages, but
> now it is here and there all the time.
>
> And /me is interested why can't BFD be done on the interface chip
> level: it is point-to-point on L2 for the majority of cases.
> --
> Eygene Ryabinkin, National Research Centre "Kurchatov Institute"
>
> Always code as if the guy who ends up maintaining your code will be
> a violent psychopath who knows where you live.
>

• Previous message (by thread): Interesting BFD discussion on reddit
• Next message (by thread): Interesting BFD discussion on reddit
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]