Mahesh, On Mon, Oct 15, 2018 at 09:24:59PM -0700, Greg Mirsky wrote: > thank you for your quick response. The comment regarding the state change, > as I understand from the minutes, came from Jeff. > Yes, the question was about the periodic authentication in Up state. I > believe that at the meeting WG arrived at a very good solution and we've > agreed to make the appropriate changes in the document. I don't think that > the current version reflects the WG decision that in Up state authenticated > BFD control packets are transmitted periodically in sets of not less than > Detect Multiplier.
I think the text is very close to what we'd likely want. Here's the text in the current draft: : Most frames transmitted on a BFD session are BFD CC UP frames. : Authenticating a small subset of these frames, for example, a detect : multiplier number of packets per configured period, significantly : reduces the computational demand for the system while maintaining : security of the session across the configured authentication periods. Given BFD procedures, I believe we'd normally want to transmit at *least* Detect Multiplier number of packets to ensure that the remote site has seen it. How about the following text? Most frames transmitted on a BFD session are BFD CC UP frames. Authenticating a small subset of these frames, significantly reduces the computational demand for the system while maintaining security of the session across the configured authentication periods. A minimum of Detect Multiplier packets MUST be transmitted per configured periodic authentication interval. This ensures that the BFD session should see at least one authenticated packet during that interval. -- Jeff
