http://www.ietf.org/proceedings/90/agenda.html -> MPLS WG was heldin Sovereign on 4th March @ 1300-1400
http://www.ietf.org/audio/ietf89/ will you the audio recording for this talk. >From the MOM http://www.ietf.org/proceedings/89/minutes/minutes-89-mpls its clear that there is no disagreement about NOT doing BFD authentication in hardware -- similar to what is claimed by the presenter. I think the hardware used was Broadcom. They have a few chipsets which do MD5 and (possibly) SHA in hardware for BFD -- which i have been told is pretty much useless when you start scaling. Glen On Mon, Feb 16, 2015 at 8:20 PM, Eygene Ryabinkin <r...@grid.kiae.ru> wrote: > Mon, Feb 16, 2015 at 08:55:17AM +0530, Glen Kent wrote: > > > I wonder if Trio, EZChip and friends could do SHA in NPU, my guess > > > is yes they could, but perhaps there is even more appropriate hash > > > for this use-case. I'm not entirely convinced doing hash for each > > > BFD packet is impractical. > > > > > > [0] http://www.ietf.org/id/draft-mahesh-bfd-authentication-00.txt > > > > > > You might want to take a look at: > > http://www.ietf.org/proceedings/89/slides/slides-89-mpls-9.pdf > > > > Look at the slides 11 onwards. > > Were these people doing some real implementation in-hardware or were > just theoretizing? I see "prediction" label for the number of > authenticated sessions -- do you have an idea what that means? > > And on slide 14 you have smaller session limit numbers for BFD fully > implemented in hardware than for hw-assisted case (slide 12). > > It makes me think that this presentation should either be supplemented > with talking people or there are some errors in it. Or I am completely > missing some fine point here. > > > Doing HMAC calculation for each packet adversely affects the number > > of concurrent sessions that can be supported. > > Without mentioning the scope (which hardware and software) this > assertion is either trivial or useless, sorry. TSO, frame checksums > and other stuff hadn't been implemented in-hardware for ages, but > now it is here and there all the time. > > And /me is interested why can't BFD be done on the interface chip > level: it is point-to-point on L2 for the majority of cases. > -- > Eygene Ryabinkin, National Research Centre "Kurchatov Institute" > > Always code as if the guy who ends up maintaining your code will be > a violent psychopath who knows where you live. >
