PPT Version

Report
BFD protocol update
IETF 62
David Ward
mailto:[email protected]
What has changed in the base?
• We have a new, incompatible change in
the state machine (more later)
• We added SHA-1 authentication
• Explained how to enable|disable
authentication w/o resetting the session
• Added Diags for concatenated links
What has changed in single hop?
• We specified what to do during
Graceland Restart
– In particular what the IGPs are to do
• Stated that don’t have to use TTL 255
when using auth
YAND
• On the list we discussed hacking single
hop vs a new draft
• WG chairs would like a draft describing
how to ‘generically’ bootstrap a BFD
session vs explicitly stating more
protocols in single hop draft.
• Will become WG item
Concatenated Paths and BFD
• Two diagnostic codes are defined for this purpose:
– Concatenated Path Down (toward the interworking system)
– Reverse Concatenated Path Down (away from the
interworking system).
• Note that the BFD session is not taken down.
• Note that if the BFD session subsequently fails, the
diagnostic code will be overwritten with a code
detailing the cause of the failure, so it is up to the
interworking agent to perform this procedure again
Security Stuff
• We were forced^H^H^H^H^H^H asked to add SHA-1
• We were told to make sure that we can enable|disable
auth w/o dropping the session
– We removed the requirement that both sides have to have
strict drops
– Although outside the scope of the spec we give some hints
on how to develop it.
– If it is confusing or really not wanted (it is rather easy to code
and interoperate) - we are willing to revert though it seems
unnecessary
BFD V1
• Why? What is the problem w/ V0?
• Daves send many thanks to Richard Spencer!
• BFD as spec'ed has the following problems:
The fundamental problem is that BFD has two
separate wait states (Init and Failing) and is thus
bi-stable, and there is not enough information
available (the IHU bit) to detect this case.
BFD V1 Problem slide 2
• Worse, if the two ends use different timers during
session establishment (say, 1 sec on one end and 5
sec on the other) the deadlock scenario is guaranteed
to happen repeatedly (unrecoverably.)
• If there is a unidirectional failure, the deadlock
scenario is guaranteed to happen 50% of the time
(depending on who gets their packet across first) with
the timer expiring to get the one guy out of Init state;
then the dice roll again.
BFD V1 Solution
• The good news is that by adding a bit in the
protocol, we get rid of a state.
– makes sense from a global information theory
perspective.
• This is much better, simpler, and is
demonstrably correct by inspection.
– It also comes up in less packets, and handles the
unidirectional failure well (it actually takes one less
packet to come up in that scenario.)
BFD V1 Solution slide 2
• It's the same as every protocol you've seen,
with the addition of the loop in the DOWN state
as long as the neighbor is in UP state
– Thus forcing the neighbor to acknowledge the
failure before advancing.
– This is sufficient to ensure both sides see the
session failure.
– ISIS and OSPF have more or less the same state
machine, except that they will advance directly from
DOWN to UP without having ever sent a packet,
thus depriving the neighbor of the knowledge of the
flap - we can’t do that
V1 slide 2.1
• The Mandatory Section of a BFD Control packet has
the following format:
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Vers | Diag
|Sta|P|F|C|A|D|R| Detect Mult |
Length
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
My Discriminator
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Your Discriminator
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Desired Min TX Interval
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Required Min RX Interval
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Required Min Echo RX Interval
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
V1 slide 2.2
• As said before … no more IHU, no more Failing state
State (Sta) Values are:
0 -- AdminDown
1 -- Down
2 -- Init
3 -- Up
• Each system communicates its state in the State
(Sta) field in the BFD Control packet
– No more ambiguity
V1 State Machine slide 2.3
• Down state means that the session is down (or
has just been created.)
– A session remains in Down state until the remote
system indicates that it agrees that the session is
down by sending a BFD Control packet with the
State field set to anything other than Up.
– If that packet signals Down state, the session
advances to Init state; if that packet signals Init
state, the session advances to Up state.
V1 State Machine slide 2.4
• Init state means that the remote system is
communicating, and the local system desires to
bring the session up, but the remote system
does not yet realize it.
– A session will remain in Init state until either a BFD
Control Packet is received that is signalling Init or
Up state
– or until the detection time expires, meaning that
communication with the remote system has been
lost
V1 State Machine slide 2.5
•
Up state means that the BFD session has
successfully been established, and implies that
connectivity between the systems is working.
– The session will remain in the Up state until either
connectivity fails, or the session is taken down
administratively.
– If either the remote system signals Down state, or
the detection timeexpires, the session advances to
Down state
V1 State Machine slide 2.6
• AdminDown state means that the session is
being held administratively down.
– This causes the remote system to enter Down state,
and remain there until the local system exits
AdminDown state.
BFD V1 Solution slide 3
• There will not be any fancy versioning
machinery added to the protocol
• V1 will become the default
• V1 assumed unless hear V0 (another version)
and revert
– V1 will not specify that you have to be BW
compatible
– The protocol is not widely deployed for a versioning
requirement
BFD-ISIS interaction (see ISIS WG)
What is the Problem?
•
The control plane (ISIS) can run even though
there is a forwarding plane failure.
– The BFD session will dutifully fail in these
conditions, but ISIS will come back up anyhow
(because it can't differentiate this scenario from
having a neighbor that doesn't run BFD.)
BFD-ISIS interaction.2 (ISIS WG)
What is the Solution?
• The ISIS router will advertise that BFD is running on an
interface in a TLV in the IIH.
• If no advertisement, don’t attempt a BFD session w/
that neighbor.
• When receiving an IIH from a neighbor on an interface
with BFD enabled, and if the IIH contains the BFD
enabled TLV:
– Then the establishment of a BFD session with that neighbor
will be required before allowing the adjacency to the neighbor
to reach the UP state.
– Will require 3-way on p2p
Doc status
• New Base spec when embargo lifted
– Yes, it is actually written already
– We plan to have a review period and the LC before next
meeting
• New single hop draft w/ more nits picked
– We will last call after a review period
• New generic bootstrap draft - agree to take on as WG
doc
– We will LC after a review period
• MIB will be updated to reflect changes
– We will LC after a review period but before Paris
• BFD - LSPping will be LC’ed
• Review periods will be 3 wks and LC will be 3 wks

similar documents