Because BFD packets can get routed across multiple hops. Unlike EBGP where you connect to a peer in a different AS and you have a direct connection, BFD packets can traverse multiple hops to reach the endpoint.
Then what's this "multihop" knob I have available in my BGP config? Again, as Rob pointed out, "can" vs. "should" is a good consideration here, but unless I'm missing something both EBGP and BFD "can" do multihop...so...? -- Hugo On Tue 2015-Feb-17 07:42:20 +0530, Dave Waters <davewaters1970@gmail.com> wrote:
Because BFD packets can get routed across multiple hops. Unlike EBGP where you connect to a peer in a different AS and you have a direct connection, BFD packets can traverse multiple hops to reach the endpoint.
In case of multihop BFD the BFD packets also get re-routed when the topology changes so you can almost never bet on the TTL value to secure the protocol.
Dave
On Tue, Feb 17, 2015 at 7:03 AM, Rob Seastrom <rs@seastrom.com> wrote:
Dave Waters <davewaters1970@gmail.com> writes:
http://www.reddit.com/r/networking/comments/2vxj9u/very_elegant_and_a_simple...
Authentication mechanisms defined for IGPs cannot be used to protect BFD since the rate at which packets are processed in BFD is very high.
Dave
One might profitably ask why BFD wasn't designed to take advantage of high-TTL-shadowing, a la draft-gill-btsh.
-r