Mahesh, Thanks for quick reply. Please see some points from old mail. I think we need to make document more clear bout some ambiguity with authentication enabled.
<snip> I think we need to do this randomly for few times to get rid of any attack when BFD session is UP. Consider a case where BFD can run at interval of 3.3 ms only if no authentication is enabled. So with initial slow packets (>1 sec when not UP) I will be authenticating the packets and when session goes to UP state with aggressive interval BFD will go without AUTH. If I want to send BFD packet with AUTH then I might need to change the interval first? Secondly I think we will terminate Auth once the BFD session goes to UP state locally and I assume some configuration will decide how randomly to send BFD UP packets with AUTH set. Now assume that BFD on one end is stuck in INIT state due to packet loss (2 packet loss if multiple is 3), so for 2 seconds one side which has already reach UP state might have terminated AUTH and other side in INIT might have not. This could lead to time mismatch on when to randomly send UP packets with Auth set. I think we need to have proper guidelines on when to terminate the AUTH and when to start again may be with P/F negotiation? <snip> Thanks Santosh P K From: Mahesh Jethanandani [mailto:[email protected]] Sent: Wednesday, November 25, 2015 11:06 PM To: Santosh P K <[email protected]> Cc: Reshad Rahman (rrahman) <[email protected]>; [email protected]; [email protected] Subject: Re: Request for WG adoption of On Nov 25, 2015, at 3:48 AM, Santosh P K <[email protected]<mailto:[email protected]>> wrote: But I think there are few things to consider in this document. It needs to clearly highlight how to handle interval change from non-aggressive interval to aggressive interval. A interval change requires a P/F sequence, which are authenticated packets. Mahesh Jethanandani [email protected]<mailto:[email protected]>
