Re: Secdir last call review of draft-ietf-bfd-yang-09

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Christian, thank you for the review.

Regarding the concern expressed below, the alarm is issued at the other end via the Notifications (section 2.3).

Regards,
Reshad.


On 2018-02-01, 5:39 PM, "Christian Huitema" <huitema@xxxxxxxxxxx> wrote:

    Reviewer: Christian Huitema
    Review result: Has Nits
    
    BFD, defined in RFC5880, is a protocol intended to detect faults in the
    bidirectional path between two forwarding engines, including interfaces, data
    link(s), and to the extent possible the forwarding engines themselves, with
    potentially very low latency. The Yang module defined in this draft enables
    management of this protocol, such as toggling parameters or receiving
    notifications.
    
    As stated in the security section, the module is "to be accessed via the
    NETCONF protocol [RFC6241]", and as such its security is pretty much tied to
    that of NETCONF.
    
    My only nit comes from reading section 6.8.16 of RFC 5880, about
    "Administrative Control". This points to an obvious issue when the
    administrator of a router disables BFD on a particular link, either by mistake
    or by malice. This will make future failures harder to notify, and can affect
    operation of the network. Nothing much can be done about that on the node
    itself, but I would expect that disabling BFD would raise some kind of alarm at
    the other end of the link. I did not understand how that alarm is described in
    the Yang module, but that may be because I am not all that familiar with Yang.
    
    





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]