Interesting BFD discussion on reddit

Rob Seastrom rs at seastrom.com
Tue Feb 17 02:50:02 UTC 2015


Many moons ago, Mike O'Dell had a pithy observation about "can"
vs. "should" that is escaping me at this moment, which is a pity since
it almost certainly applies here.

-r

Dave Waters <davewaters1970 at gmail.com> writes:

> Because BFD packets can get routed across multiple hops. Unlike EBGP where you connect to a
> peer in a different AS and you have a direct connection, BFD packets can traverse multiple
> hops to reach the endpoint.
>
>
>
> In case of multihop BFD the BFD packets also get re-routed when the topology changes so you
> can almost never bet on the TTL value to secure the protocol.
>
>
>
> Dave
>
>
>
> On Tue, Feb 17, 2015 at 7:03 AM, Rob Seastrom <[[rs at seastrom.com]]> wrote:
>
>                          Dave Waters <[[davewaters1970 at gmail.com]]> writes:
>      
>      >
>      [[http://www.reddit.com/r/networking/comments/2vxj9u/very_elegant_and_a_simple_way_to_secure_bfd/]]
>      >
>      > Authentication mechanisms defined for IGPs cannot be used to protect BFD
>      > since the rate at which packets are processed in BFD is very high.
>      >
>      > Dave
>      
>      
>
>
>      One might profitably ask why BFD wasn't designed to take advantage of
>      high-TTL-shadowing, a la draft-gill-btsh.
>      
>      -r
>      
>      
>      



More information about the NANOG mailing list