Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1817
Views
0
Helpful
3
Replies

BFD - EIGRP - Tunnel Endpoint Liveness detection

Robert.Dahlem_2
Level 1
Level 1

‎03-27-2012 01:56 PM - edited ‎03-04-2019 03:49 PM

I would like to use BFD for Tunnel Endpoint Liveness detection (as mentioned in BFD white papers)

Router A:

interface GigabitEthernet0/0

  ip vrf forwarding INNER

  ip address 1.1.1.1 255.255.255.252

  bfd interval 50 min_rx 50 multiplier 3

interface Loopback1

  ip vrf forwarding INNER

  ip address 2.2.2.1 255.255.255.255

interface Tunnel1

  ip vrf forwarding OUTER

  ip address 3.3.3.1 255.255.255.2

  tunnel source 2.2.2.1

  tunnel destination 2.2.2.2

  tunnel mode ipsec ipv4

  tunnel protection ipsec profile WHATEVER

  tunnel vrf INNER

router eigrp 1

  address-family ipv4 vrf INNER autonomous-system 2

    bfd all-interfaces

    network 1.1.1.0 0.0.0.3

    network 2.2.2.0 0.0.0.255

  address-family ipv4 vrf OUTER autonomous-system 3

    network 3.3.3.0 0.0.0.3

Router B:

interface GigabitEthernet0/0

  ip vrf forwarding INNER

  ip address 1.1.1.2 255.255.255.252

  bfd interval 50 min_rx 50 multiplier 3

interface Loopback1

  ip vrf forwarding INNER

  ip address 2.2.2.2 255.255.255.255

interface Tunnel1

  ip vrf forwarding OUTER

  ip address 3.3.3.2 255.255.255.2

  tunnel source 2.2.2.2

  tunnel destination 2.2.2.1

  tunnel mode ipsec ipv4

  tunnel protection ipsec profile WHATEVER

  tunnel vrf INNER

router eigrp 1

  address-family ipv4 vrf INNER autonomous-system 2

    bfd all-interfaces

    network 1.1.1.0 0.0.0.3

    network 2.2.2.0 0.0.0.255

  address-family ipv4 vrf OUTER autonomous-system 3

    network 3.3.3.0 0.0.0.3

Routers A and B are connected via their respective interfaces Gi0/0. Network 1.1.1.0/30 comes up, EIGRP neighborship between 1.1.1.1 and 1.1.1.2 in VRF INNER is established and both sides learn about 2.2.2.1 and 2.2.2.2 respectively. This means the tunnel endpoints can be reached and Tunnel1 comes up, hence EIGRP neighborship between 3.3.3.1 and 3.3.3.2 in VRF OUTER ist established.

Now when I disconnect Gi0/0, BFD kicks in and tears down the EIGRP neighborship in VRF INNER almost instantly. This makes 2.2.2.2 unreachable from Router A, so I would expect Tunnel1 to go down the same moment because the tunnel endpoint can no longer be reached. Instead, the tunnel goes down not before 15 or 20 seconds have elapsed and likewise the EIGRP neighborship in VRF OUTER times out.

What I would like to see: connection loss between Router A and B tears down EIGRP neighborship in VRF OUTER in the sub second range. Can this be done?

Regards,

Robert

Labels:
0 Helpful
3 Replies 3

Mohamed Sobair
Level 7
Level 7

‎03-27-2012 02:57 PM

Robert,

This symptoms can be resolved with (Tunnel Keepalive). You just need to add a Keepalive to the Tunnel interface and you should see faster notification.

In the Tunnel Interface add the following:

Interface Tunnel1

Keepalive 1 3

HTH

Mohamed

0 Helpful

Robert.Dahlem_2
Level 1
Level 1
In response to Mohamed Sobair

‎03-28-2012 06:54 AM

Mohamed,

Keepalive can't be used with VRFs:

http://www.cisco.com/en/US/docs/ios/12_4/interface/configuration/guide/inb_tun.html#wp1093703

Regards,

Robert

0 Helpful

Mohamed Sobair
Level 7
Level 7
In response to Robert.Dahlem_2

‎03-28-2012 09:00 AM

Robert,

Ok, So the Keepalive is not supported with VRF.

Now, your Only option for a rapid convergence would be to use IP SLA. you can track the tunnel Destination from both ends which would achieve what you are looking for.

http://www.cisco.com/en/US/docs/ios/ipsla/command/reference/sla_05.html

Regards,

Mohamed

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card