Mahesh,
> On Jun 6, 2025, at 4:07 PM, Mahesh Jethanandani <[email protected]> > wrote: >> >> 239 Implementations MAY provide mechanisms wherein all expected packets >> 240 received across an expected interval but delivered out of order are >> 241 not considered lost packets. >> >> <major> Why is this not a MUST? How is it ok to do incorrect and inaccurate >> reporting of BFD packet loss? Please see my previous comment. > > Good question. I am going to let other BFD experts pitch in. A quick look at > RFC 5880 tells me it is silent on out of order packets, and keeping track of > out of order packets will require a modification to the protocol. RFC 5880 discusses it all that it needs to discuss it: Without authentication, a packet received in any order will trigger an appropriate state change in the FSM. Making the FSM resilient to transitioning from Down to Up in the face of misordered packets was one of the early considerations. When things are Up, staying Up is easy. Misordering isn't relevant when there's no authentication. A misordered Up then Down pair of packets received as Down then Up will still have transitioned the session to Down with no authentication. When authentication is in use (consider ยง6.7.3 for MD5): If bfd.AuthSeqKnown is 1, examine the Sequence Number field. For Keyed MD5, if the sequence number lies outside of the range of bfd.RcvAuthSeq to bfd.RcvAuthSeq+(3*Detect Mult) inclusive (when treated as an unsigned 32-bit circular number space), the received packet MUST be discarded. For Meticulous Keyed MD5, if the sequence number lies outside of the range of bfd.RcvAuthSeq+1 to bfd.RcvAuthSeq+(3*Detect Mult) inclusive (when treated as an unsigned 32-bit circular number space) the received packet MUST be discarded. I.e., when it's not meticulous, misordering is partially tolerated. When it's meticulous, a misordered earlier packet is dropped because the later sequence number advanced the window. The meticulous procedures thus already track that something is received "late". Tracking multiple misordered packets is a few steps more complicated than just tracking "late" and would involve additional code to track ordering and window them within the detection interval. > > The NULL authentication mechanism uses the Meticulous Keyed ISAAC for > generating and inserting a sequence number in the packet. On the wire, the > sequence number is not meticulous and therefore it is very hard for anybody > other than the sender and the receiver to guess what that sequence number > should be on the wire. Sorry, that's not the current procedure for the NULL auth type. It's literally just a sequence number. The direction we went is that if you want protection, use the ISAAC mode. You can get the meticulous sequence numbers from that. -- Jeff
