Re: Failover route

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

On 3/16/19 18:29, Grant Taylor wrote:

On 3/16/19 10:33 AM, Erik Auerswald wrote:

BFD echo mode does not require support from the other side.


Full Stop!  What‽

…reading hiatus…

Very interesting.
It works by sending an IP packet destined to the sending interface out an interface.  The upstream side is supposed to send this packet back through the same interface (this is IP, not Ethernet).
I guess BFD Echo Mode is really just an IP packet that exercises the remote forwarding engine.
It should work on any type of link where you can send a packet addressed to yourself (that happens to be from yourself) and sent out a link to a device that that should forward traffic destined to your local IP address.
I wonder if µRPF would interfere with this at all.  I doubt it, because 
              ^
              u

This is called uRPF for "unicast RPF" as opposed to the multicast RPF
check this is based on.
the source IP would be coming in an interface that is an outgoing route to said IP as a destination. 

Indeed uRPF should allow that packet, as the source address is found
off the receiving interface (usually via a directly attached network).
I can see how some additional checking above and beyond µRPF might take objection to traffic coming in an interface and immediately going back out the same interface.  As in why is that traffic coming in said interface in the first place.  But that's not µRPF as I understand it. 

That could be done via ACLs, but would be unusual AFAIK. The uRPF
functionality itself should not interfere.
I have not yet tried this on Linux, but BFD echo modes is used for short failure detection times in larger networks, because often the line card (or port ASIC) can generate and check the packets without CPU processing. A BFD control session is still usually used between adjacent devices, but it is not strictly necessary.
I'm very intrigued by the idea of using (what I'm going to call) BFD-EM /without/ BFD control sessions.  I think this means that BFD-EM will work against any device that will forward packets back to you. 

Very interesting.

Thank you for sharing Erik.


You're welcome. :)

Thanks,
Erik
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux