Scaling BFD support
Matthew Walster
matthew at walster.org
Fri Jun 24 15:59:54 CEST 2022
On Fri, 24 Jun 2022, 22:34 Mikhail Grishin, <magr at ripn.net> wrote:
>
>
> Arnold Nipper пишет 24.06.2022 12:32:
> > On 23.06.2022 23:41, Douglas Fischer wrote:
> >> Sincerely, what caught my attention was the "Auth: none" part.
> >> On a room with more than thousand persons, confirm if the voice you
> >> rear is really from the person you think it is makes sense to me.
> >>
> >
> > Well, on an IX LAN, you should know how is talking to you ;-) Requring
> > auth doesn't add any security IMO.
>
Not to mention it only affects BFD, not the BGP session it supports. You
aren't affecting anything of value by targeting unauthenticated BFD.
It also up for customers wishes. We provide selective BFD timers.
> Some of IXP members local , some 1000+ kilometers away. Some "requires"
> sub-second failure detection (you need to think about your
> infrastructure to support this).
>
Those people are silly. Sub-second failure detection is fine when you're
talking about an MPLS tunnel with precomputed secondary paths or fast
reroute, but this is BGP. Your network is very unlikely to reconverge in
under a second after a BGP session goes down if there are more than a
handful of prefixes, as everything has to recalculate best routes etc.
But hey, it probably fixes *someone's* use case...
M
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20220624/ed52af7d/attachment.htm>
More information about the Bird-users
mailing list