On Mar 22, 2023, at 5:35 PM, Abhinav Srivastava <[email protected]> wrote: > I needed clarification around whether source port can be changed for a BFD > session in case of multi hop BFD. The ability to change BFD source port > when BFD session goes down helps BFD session to recover if its stuck on a > network path where there is some intermittent but significant packet loss.
RFC 5883 is silent on the subject of source ports, and defers instead to RFC 5881. > In such cases, normally without BFD, end to end application traffic would > eventually settle down on a good path as applications typically change source > port after experiencing disconnection or failures. But if BFD is being used > to monitor some part of a path which is experiencing significant but not 100% > packet loss, it will start causing next hop list of associated static route > or the associated BGP sessions to start flapping forever, as BFD packets > would be stuck to that partial lossy path forever (until BFD session is > deleted and recreated by admin action). This may also hinder the typical > application recovery strategy of changing source port on failure. Sure, that makes sense. > Ability to dynamically change BFD source port can help BFD recover in such > cases. Is this something that is allowed as per RFC? The RFC5881, section 4 > (for single hop) case states that – > > “The source port MUST be in the range 49152 through 65535. The same UDP > source port number MUST be used for all BFD Control packets associated with a > particular session” That seems clear: changing source ports is not allowed. From a practical point of view, I'm not sure what the issue is. If the packets are authenticated, then it doesn't really matter what the source port is. e.g. there may be a NAT between the two peers. Due to various NAT magic, packets coming from the NAT may change source port. This can happen when the NAT reboots (quickly), while the peers are still up. You are free to ignore the requirements of the RFCs at any time. However, doing so may result in interoperability issues, security issues, etc. If there seems to be a strong need for allowing changing the source port associated with a particular session, you can also submit an Internet-Draft to the WG which proposes that change. Alan DeKok.
