Secdir last call review of draft-ietf-bfd-yang-09

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewer: Christian Huitema
Review result: Has Nits

BFD, defined in RFC5880, is a protocol intended to detect faults in the
bidirectional path between two forwarding engines, including interfaces, data
link(s), and to the extent possible the forwarding engines themselves, with
potentially very low latency. The Yang module defined in this draft enables
management of this protocol, such as toggling parameters or receiving
notifications.

As stated in the security section, the module is "to be accessed via the
NETCONF protocol [RFC6241]", and as such its security is pretty much tied to
that of NETCONF.

My only nit comes from reading section 6.8.16 of RFC 5880, about
"Administrative Control". This points to an obvious issue when the
administrator of a router disables BFD on a particular link, either by mistake
or by malice. This will make future failures harder to notify, and can affect
operation of the network. Nothing much can be done about that on the node
itself, but I would expect that disabling BFD would raise some kind of alarm at
the other end of the link. I did not understand how that alarm is described in
the Yang module, but that may be because I am not all that familiar with Yang.




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]