Solved: BFD Question

Pedro Morais · ‎08-27-2012

Hello All,

When trying to configure a BFD session bettween an ASR9K (Bundle-Ether) and a CRS-1 (TenGigE), I'm seeing a strange output. Althought I configure the sessions with an interval of 15ms and a multiplier of 3 (and the session cames UP), when I check the session details I see that the timeout is set to 750ms (250ms*3):

RP/0/RSP0/CPU0:EC-LAB1#sh bfd session

Mon Aug 27 17:46:14.572 WEST

Interface Dest Addr Local det time(int*mult) State

Echo Async

-------------------- --------------- ---------------- ---------------- ---------

BE160.2 10.1.6.1 0s(0s*0) 750ms(250ms*3) UP

BE160.3 10.1.8.41 0s(0s*0) 750ms(250ms*3) UP

BE160.4 10.1.8.2 0s(0s*0) 750ms(250ms*3) UP

BE161.4 10.1.8.6 0s(0s*0) 750ms(250ms*3) UP

BE161.5 10.1.8.10 0s(0s*0) 750ms(250ms*3) UP

BE161.2 10.1.8.33 0s(0s*0) 750ms(250ms*3) UP

BE161.3 10.1.6.9 0s(0s*0) 750ms(250ms*3) UP

RP/0/RSP0/CPU0:EC-LAB1#

RP/0/RSP0/CPU0:EC-LAB1#sh run router isis IGP inter bundle-ether 160.2

Mon Aug 27 17:46:35.583 WEST

router isis IGP

interface Bundle-Ether160.2

circuit-type level-2-only

bfd minimum-interval 15

bfd multiplier 3

bfd fast-detect ipv4

point-to-point

hello-password keychain ISIS

address-family ipv4 unicast

metric 500 level 2

mpls ldp sync level 2

!

RP/0/RSP0/CPU0:EC-LAB1#

When I check the detail in ASR9K side I noticed that the transmitted desired tx interval is 250 ms (???):

RP/0/RSP0/CPU0:EC-LAB1#sh bfd session detail interface bundle-ether 160.2

Mon Aug 27 18:04:25.573 WEST

I/f: Bundle-Ether160.2, Location: 0/1/CPU0, dest: 10.1.6.1, src: 10.1.6.2

State: UP for 0d:11h:57m:0s, number of times UP: 1

Session type: BFD_SESSION_TYPE_IP_SINGLEHOP

Received parameters:

Version: 1, desired tx interval: 15 ms, required rx interval: 15 ms

Required echo rx interval: 1 ms, multiplier: 3, diag: None

My discr: 2148597873, your discr: 2147811335, state UP, D/F/P/C/A: 0/0/0/1/0

Transmitted parameters:

Version: 1, desired tx interval: 250 ms, required rx interval: 250 ms

Required echo rx interval: 0 us, multiplier: 3, diag: None

My discr: 2147811335, your discr: 2148597873, state UP, D/F/P/C/A: 0/0/0/1/0

Timer Values:

Local negotiated async tx interval: 250 ms

Remote negotiated async tx interval: 250 ms

Desired echo tx interval: 0 s, local negotiated echo tx interval: 0 s

Echo detection time: 0 s(0 s*3), async detection time: 750 ms(250 ms*3)

Local Stats:

Intervals between async packets:

Tx: Number of intervals=100, min=211 ms, max=252 ms, avg=235 ms

Last packet transmitted 125 ms ago

Rx: Number of intervals=100, min=211 ms, max=252 ms, avg=231 ms

Last packet received 2 ms ago

Intervals between echo packets:

Tx: Number of intervals=0, min=0 s, max=0 s, avg=0 s

Last packet transmitted 0 s ago

Rx: Number of intervals=0, min=0 s, max=0 s, avg=0 s

Last packet received 0 s ago

Latency of echo packets (time between tx and rx):

Number of packets: 0, min=0 us, max=0 us, avg=0 us

Session owner information:

Client Desired interval Multiplier

-------------------- -------------------- --------------

isis-IGP 15 ms 3

RP/0/RSP0/CPU0:EC-LAB1#

Could someone help me understand if this outputs and the configuration are correct? If yes, why?

Thanks!

Cheers,

PM

Alexei Kiritchenko · ‎08-27-2012

Hello PM,

That is expected. Bundle VLAN sessions are restricted to an interval of 250 milliseconds and a multiplier of 3. More aggressive parameters are not allowed.

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.0/interfaces/configuration/guide/hc40bifw.html

Regards,

/A

View solution in original post

Alexei Kiritchenko · ‎08-27-2012

Hello PM,

That is expected. Bundle VLAN sessions are restricted to an interval of 250 milliseconds and a multiplier of 3. More aggressive parameters are not allowed.

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.0/interfaces/configuration/guide/hc40bifw.html

Regards,

/A

Pedro Morais · ‎08-28-2012

Thanks Alexei,

But why am I able to configure it with a more aggressive parameters if they are not allowed?

Cheers,

PM

Alexei Kiritchenko · ‎08-28-2012

The meaning here is that you can configure it, but the configuration won’t be applied and the min allowed would be used instead.

Regards,

/A

shiras k a · ‎02-18-2013

Hi,

As a part of this discussion I would like to share my doubt. I know bi-directional key-chain is using in XR for security. May I know Is there uni directionnal key-chain(having send and receive options) available in XR ? I am expecting your precious response.

xthuijs · ‎02-18-2013

You mean BFD authentication? That we don't support. The amount of overhead associated with it and the lack of true security that it gives made us decide not to implement that.

Now with multihop BFD this serves more purpose, but then still there is a TTL check on it already.

xander

shiras k a · ‎02-19-2013

Hi Xander,

I meant the ip sec key-chain. Is there any uni diractional(eg:send direction, receive direction) key exchange mechanism available in ASR 9k ? I know there is bi directinal key exchange is availble.

xthuijs · ‎02-19-2013

Shiras,

no authentication or encryption for BFD.

xander

shiras k a · ‎02-22-2013

Hi Xander,

Thanks for your replay. I am clarifying my question. I am asking about these commands (key chain key-chain-name), ( "accept-lifetime start-time [duration duration value| infinite| end-time]"). Is thete

any uni directional key exchange available in ipsec ??