On Fri, 24 Jun 2022, 22:34 Mikhail Grishin, <[email protected]> wrote: > > > Arnold Nipper пишет 24.06.2022 12:32: > > On 23.06.2022 23:41, Douglas Fischer wrote: > >> Sincerely, what caught my attention was the "Auth: none" part. > >> On a room with more than thousand persons, confirm if the voice you > >> rear is really from the person you think it is makes sense to me. > >> > > > > Well, on an IX LAN, you should know how is talking to you ;-) Requring > > auth doesn't add any security IMO. >
Not to mention it only affects BFD, not the BGP session it supports. You aren't affecting anything of value by targeting unauthenticated BFD. It also up for customers wishes. We provide selective BFD timers. > Some of IXP members local , some 1000+ kilometers away. Some "requires" > sub-second failure detection (you need to think about your > infrastructure to support this). > Those people are silly. Sub-second failure detection is fine when you're talking about an MPLS tunnel with precomputed secondary paths or fast reroute, but this is BGP. Your network is very unlikely to reconverge in under a second after a BGP session goes down if there are more than a handful of prefixes, as everything has to recalculate best routes etc. But hey, it probably fixes *someone's* use case... M >
