Interesting BFD discussion on reddit

Hugo Slabbert hugo at slabnet.com
Tue Feb 17 16:37:34 UTC 2015


>Because BFD packets can get routed across multiple hops. Unlike EBGP where
>you connect to a peer in a different AS and you have a direct connection,
>BFD packets can traverse multiple hops to reach the endpoint.

Then what's this "multihop" knob I have available in my BGP config?  Again, 
as Rob pointed out, "can" vs. "should" is a good consideration here, but 
unless I'm missing something both EBGP and BFD "can" do multihop...so...?

--
Hugo

On Tue 2015-Feb-17 07:42:20 +0530, Dave Waters <davewaters1970 at gmail.com> wrote:

>Because BFD packets can get routed across multiple hops. Unlike EBGP where
>you connect to a peer in a different AS and you have a direct connection,
>BFD packets can traverse multiple hops to reach the endpoint.
>
>In case of multihop BFD the BFD packets also get re-routed when the
>topology changes so you can almost never bet on the TTL value to secure the
>protocol.
>
>Dave
>
>On Tue, Feb 17, 2015 at 7:03 AM, Rob Seastrom <rs at seastrom.com> wrote:
>
>>
>> Dave Waters <davewaters1970 at gmail.com> writes:
>>
>> >
>> http://www.reddit.com/r/networking/comments/2vxj9u/very_elegant_and_a_simple_way_to_secure_bfd/
>> >
>> > Authentication mechanisms defined for IGPs cannot be used to protect BFD
>> > since the rate at which packets are processed in BFD is very high.
>> >
>> > Dave
>>
>> One might profitably ask why BFD wasn't designed to take advantage of
>> high-TTL-shadowing, a la draft-gill-btsh.
>>
>> -r
>>
>>
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20150217/49a46405/attachment.sig>


More information about the NANOG mailing list