Many moons ago, Mike O'Dell had a pithy observation about "can" vs. "should" that is escaping me at this moment, which is a pity since it almost certainly applies here. -r Dave Waters <davewaters1970@gmail.com> writes:
Because BFD packets can get routed across multiple hops. Unlike EBGP where you connect to a peer in a different AS and you have a direct connection, BFD packets can traverse multiple hops to reach the endpoint.
In case of multihop BFD the BFD packets also get re-routed when the topology changes so you can almost never bet on the TTL value to secure the protocol.
Dave
On Tue, Feb 17, 2015 at 7:03 AM, Rob Seastrom <[[rs@seastrom.com]]> wrote:
Dave Waters <[[davewaters1970@gmail.com]]> writes:
> [[http://www.reddit.com/r/networking/comments/2vxj9u/very_elegant_and_a_simple...]] > > Authentication mechanisms defined for IGPs cannot be used to protect BFD > since the rate at which packets are processed in BFD is very high. > > Dave
One might profitably ask why BFD wasn't designed to take advantage of high-TTL-shadowing, a la draft-gill-btsh.
-r