On Apr 27, 2022, at 7:58 PM, Greg Mirsky <gregimir...@gmail.com> wrote: > you've suggested > It would be good to say that packets which fail authentication MUST NOT > affect the BFD state. > I think that a BFD Control message that failed validation, and I consider > authentication is a part of the validation process, MUST be discarded. If the > number of consecutively discarded packets causes the associated with the BFD > session Detection Timer expiration, then the state of this BFD session MUST > be changed to Down. Thus, I think that packets that failed authentication > affect the BFD state in the same manner as packets that failed any other step > of the validation process.
I would phrase this carefully/ Packets which fail authentication are treated as if they do not exist. Since no valid packets are received, the BFD state may change due to timers. But those timers are entirely unrelated to the bad packets, or the contents of those packets. The act of receiving a bad packet MUST NOT result in a change in BFD state. The contents of a bad packet MUST NOT cause a change in BFD state. Alan DeKok.
