[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Interesting BFD discussion on reddit

Subject: Interesting BFD discussion on reddit
From: glen.kent at gmail.com (Glen Kent)
Date: Tue, 17 Feb 2015 06:11:59 +0530
In-reply-to: <gTTkGEozg+jupDWQ/pa4kavBXbQ@1d+aJAniZP50FCDdGj54nd51+ks>
References: <CAARSoVzjf9n_2sYmuOMVRzx=Q7kAWXjgyGRC2PmkgwU-Nt_B=w@mail.gmail.com> <[email protected]> <CAPLq3UMq2z0oFAj7pqDUmLXmxSaz-FXnH+7Tjgie+k0Q0hO-iw@mail.gmail.com> <gTTkGEozg+jupDWQ/pa4kavBXbQ@1d+aJAniZP50FCDdGj54nd51+ks>

http://www.ietf.org/proceedings/90/agenda.html -> MPLS WG was heldin
Sovereign on 4th March @ 1300-1400

http://www.ietf.org/audio/ietf89/ will you the audio recording for this
talk.

>From the MOM http://www.ietf.org/proceedings/89/minutes/minutes-89-mpls its
clear that there is no disagreement about NOT doing BFD authentication in
hardware -- similar to what is claimed by the presenter.

I think the hardware used was Broadcom. They have a few chipsets which do
MD5 and (possibly) SHA in hardware for BFD -- which i have been told is
pretty much useless when you start scaling.

Glen

On Mon, Feb 16, 2015 at 8:20 PM, Eygene Ryabinkin <rea at grid.kiae.ru> wrote:

> Mon, Feb 16, 2015 at 08:55:17AM +0530, Glen Kent wrote:
> > > I wonder if Trio, EZChip and friends could do SHA in NPU, my guess
> > > is yes they could, but perhaps there is even more appropriate hash
> > > for this use-case.  I'm not entirely convinced doing hash for each
> > > BFD packet is impractical.
> > >
> > > [0] http://www.ietf.org/id/draft-mahesh-bfd-authentication-00.txt
> >
> >
> > You might want to take a look at:
> > http://www.ietf.org/proceedings/89/slides/slides-89-mpls-9.pdf
> >
> > Look at the slides 11 onwards.
>
> Were these people doing some real implementation in-hardware or were
> just theoretizing?  I see "prediction" label for the number of
> authenticated sessions -- do you have an idea what that means?
>
> And on slide 14 you have smaller session limit numbers for BFD fully
> implemented in hardware than for hw-assisted case (slide 12).
>
> It makes me think that this presentation should either be supplemented
> with talking people or there are some errors in it.  Or I am completely
> missing some fine point here.
>
> > Doing HMAC calculation for each packet adversely affects the number
> > of concurrent sessions that can be supported.
>
> Without mentioning the scope (which hardware and software) this
> assertion is either trivial or useless, sorry.  TSO, frame checksums
> and other stuff hadn't been implemented in-hardware for ages, but
> now it is here and there all the time.
>
> And /me is interested why can't BFD be done on the interface chip
> level: it is point-to-point on L2 for the majority of cases.
> --
> Eygene Ryabinkin, National Research Centre "Kurchatov Institute"
>
> Always code as if the guy who ends up maintaining your code will be
> a violent psychopath who knows where you live.
>

Follow-Ups:
- Interesting BFD discussion on reddit
  - From: saku at ytti.fi (Saku Ytti)

References:
- Interesting BFD discussion on reddit
  - From: davewaters1970 at gmail.com (Dave Waters)
- Interesting BFD discussion on reddit
  - From: saku at ytti.fi (Saku Ytti)
- Interesting BFD discussion on reddit
  - From: glen.kent at gmail.com (Glen Kent)
- Interesting BFD discussion on reddit
  - From: rea+nanog at grid.kiae.ru (Eygene Ryabinkin)

Prev by Date: Century Link contact
Next by Date: Interesting BFD discussion on reddit
Previous by thread: Interesting BFD discussion on reddit
Next by thread: Interesting BFD discussion on reddit
Index(es):
- Date
- Thread