Can i request the authors to post a revised ID fixing the Authentication details in the OSPF header. At present, i am confused as i dont see the Key ID, Sequence Numbers anywhere in the packets.
I agree that some discussion on overloading of the Hellos must happen. However, i would also like to see some discussion on whether the proposed mechanism of Nonces and Session IDs would work. I think that is the key element in this work. If that is verified then everything else can be built around that. Glen On Thu, Jan 20, 2011 at 12:07 AM, Michael Barnes <[email protected]> wrote: > Hi Sam, > > On 01/19/2011 10:13 AM, Sam Hartman wrote: >>>>>>> >>>>>>> "Michael" == Michael Barnes<[email protected]> writes: >> >> Michael> Hi Sam, >> Michael> On 01/14/2011 04:34 AM, Sam Hartman wrote: >> >> We could have separate authentication challenge packets. >> >> However, the advantage of the current approach is that I think we >> >> can get to a point where we have one or two extra packets total >> >> for a cold-start situation, rather than an extra packet or two >> >> per neighbor. I don't know that the current rules for receiving >> >> and sending packets actually achieve this, but I believe we can >> >> get there with some minor changes. >> >> Michael> I've been giving this some thought, and I think exchanging >> Michael> a couple of additional packets in the cold start situation >> Michael> is more desirable than overloading the Hello packet with an >> Michael> additional security role. The Hello packet already services >> Michael> two very important purposes - discovery and keep alive. It >> Michael> is highly desirable not to add to the processing overhead >> Michael> for these packets. >> >> I'd like to understand your concerns here. Are you concerned about CPU >> for processing the hello packet? Bandwidth of the hello packets? I'd >> like to actually get educated about the tradeoffs enough that I can have >> an intelligent discussion. > > I don't think the bandwidth is really an issue, but CPU is. It is important > that processing of these packets can be completed as quickly as possible. We > are constantly being asked to scale to ever larger number of neighbors and > adding overhead to Hello packets could make this security mechanism > undesirable in those settings. > > Regards, > Michael > _______________________________________________ > karp mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/karp > _______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
