Minutes for BFD working group session, IETF 78, July 2010, Maastrict: Co-Chairs: David Ward Jeffrey Haas Agenda: Document status Charter Discussion BFD for Multipoint Networks draft-katz-ward-bfd-multipoint-02.txt (expired) BFD Generic Cryptographic Authentication draft-bhatia-bfd-crypto-auth-02 BFD for MPLS-TP (one-way bfd) George Swallow Presentations are posted on the IETF 78 meeting materials site: https://datatracker.ietf.org/meeting/78/materials.html --- Document Status (Chairs): Original working group charter largely accomplished with the exception of the MIB. The MIB is mostly done but may receive updates based on possible new WG charter items. We would like input from people interested in a BFD-MPLS MIB to please contact the mailing list. The goal is to not re-write the BFD MIB once published to update for MPLS if necessary. --- Charter Discussion (Chairs): WG should take on a stewardship role on the BFD protocol and not shutdown. This includes reserving changes to the core BFD protocol to the working group. Stewardship would involve providing guidance and review of BFD application documents in other group. This is similar to role that IDR has for BGP protocol. Possible new WG tasks: Point to Multi-Point BFD Generic Cryptographic Authentication DHCP extensions to configure BFD (not presented) [Addendum after last presentation, BFD for MPLS-TP. Need to decide if this a profile of existing BFD or a new version.] ---------- BFD for Multipoint Networks (Dave Ward) Dave covered p2mp draft no questions. See presentation. ---------- BFD Generic Cryptographic Authentication (Jeff Haas for Manav and Vishwas) Jeff presented auth draft for Manav and Vishwas. See presentation. Discussion: Gregory: Anyone implemented authentication in BFD? No Anyone ever heard of anyone ever ask for stronger authentication? Lou Berger: We want all of our control protocols to have security features. Ruediger Volk (DT): Priorities have not caused an analysis for a need for auth/crypto on BFD. Nabil Bitar: Always have had requirement for authentication in BFD. Doesn't appear to be interoperable Kireeti Kompella: "To operators ... do the IGPs run with auto?" Yes! "Now given BFD can take down IGP ... do you trust your BFD implementation?" RV: Priorities and timing and availability of product across product lines JH: The primary point of the doc is key roll over. Concern with requiring the MUST for SHA-2 in the draft is that it will make people wanting to implement rollover but not SHA-2 non-compliant. Causes problems with Requests for Proposals (RFPs). Shane Amante: The "good enough" to get things going. There is low order security techniques, ACLs, TTL check, etc.. These are good enough that it can be deployed in the network. SHA-2 is overkill for what is largely needed. Key roll over is not strictly a requirement but, a Nice To Have. Nabil: This is also a Chicken and egg problem ... BFD solves lack of failure notification at lower layer so BFD is only mechanism. Therefore use what you have. From a security point of view, people want him to run everything over IPsec. P2P or P2MP isn't the issue. It is Multi-hop BFD that probably needs crypto first. Room poll to adopt this draft as a WG item: Adopt? 6 Any objections? 1 Question to the room from Jeff: Current draft has SHA-2 as a MUST, change to SHOULD? 3 Leave as MUST? 1 Final comment from Gregory: Security ADs probably won't approve the draft without a MUST. ---------- BFD for MPLS-TP (George Swallow): Presented Simplified BFD procedures for bi-dir LSPs for MPLS OAM. See presentation. Early question: In BFD WG or MPLS? Dave Ward: TP OAM requirements state auth must be possible. Rob Reneson: Why change the slow start refresh mechanism from what it is in the draft? Why not leave it? George Swallow: So, base spec is changing even if minor Jeff Haas: If a profile requires changes to the state machine and other behaviors with BFD v1, will you address how to make it interoperable? Dave Ward: Adrian, has this gone through the MPLS change process? Adrian: We've lost track if one of those requirements has actually followed the MPLS change process. Push for technical change. Dave Ward/Jeff Haas: Can we make this backward compatible? Jeff Haas: To solve Poll/Final (P/F) issue send diag if see P/F George Swallow: P/F has issues of not timing out during init state, which is a change from BFD v1. Dave Allan: In current version, we had means of identifying independent mode (via tx rate of 0) DW: See P2MP for overloading semantics of certain values Adrian: How about adding source? Room poll to adopt work on BFD for MPLS-TP as a WG item: Adopt? 8 Objections? 2