Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

BFD Question

Hello All,

When trying to configure a BFD session bettween an ASR9K (Bundle-Ether) and a CRS-1 (TenGigE), I'm seeing a strange output. Althought I configure the sessions with an interval of 15ms and a multiplier of 3 (and the session cames UP), when I check the session details I see that the timeout is set to 750ms (250ms*3):

RP/0/RSP0/CPU0:EC-LAB1#sh bfd session       

Mon Aug 27 17:46:14.572 WEST

Interface            Dest Addr           Local det time(int*mult)      State   

                                           Echo            Async

-------------------- --------------- ---------------- ---------------- ---------

BE160.2              10.1.6.1        0s(0s*0)         750ms(250ms*3)   UP      

BE160.3              10.1.8.41       0s(0s*0)         750ms(250ms*3)   UP      

BE160.4              10.1.8.2        0s(0s*0)         750ms(250ms*3)   UP      

BE161.4              10.1.8.6        0s(0s*0)         750ms(250ms*3)   UP      

BE161.5              10.1.8.10       0s(0s*0)         750ms(250ms*3)   UP      

BE161.2              10.1.8.33       0s(0s*0)         750ms(250ms*3)   UP      

BE161.3              10.1.6.9        0s(0s*0)         750ms(250ms*3)   UP      

RP/0/RSP0/CPU0:EC-LAB1#

RP/0/RSP0/CPU0:EC-LAB1#sh run router isis IGP inter bundle-ether 160.2

Mon Aug 27 17:46:35.583 WEST

router isis IGP

interface Bundle-Ether160.2

  circuit-type level-2-only

  bfd minimum-interval 15

  bfd multiplier 3

  bfd fast-detect ipv4

  point-to-point

  hello-password keychain ISIS

  address-family ipv4 unicast

   metric 500 level 2

   mpls ldp sync level 2

  !

!

!

RP/0/RSP0/CPU0:EC-LAB1#

When I check the detail in ASR9K side I noticed that the transmitted desired tx interval is 250 ms (???):

RP/0/RSP0/CPU0:EC-LAB1#sh bfd session detail interface bundle-ether 160.2

Mon Aug 27 18:04:25.573 WEST

I/f: Bundle-Ether160.2, Location: 0/1/CPU0, dest: 10.1.6.1, src: 10.1.6.2

State: UP for 0d:11h:57m:0s, number of times UP: 1

Session type: BFD_SESSION_TYPE_IP_SINGLEHOP

Received parameters:

Version: 1, desired tx interval: 15 ms, required rx interval: 15 ms

Required echo rx interval: 1 ms, multiplier: 3, diag: None

My discr: 2148597873, your discr: 2147811335, state UP, D/F/P/C/A: 0/0/0/1/0

Transmitted parameters:

Version: 1, desired tx interval: 250 ms, required rx interval: 250 ms

Required echo rx interval: 0 us, multiplier: 3, diag: None

My discr: 2147811335, your discr: 2148597873, state UP, D/F/P/C/A: 0/0/0/1/0

Timer Values:

Local negotiated async tx interval: 250 ms

Remote negotiated async tx interval: 250 ms

Desired echo tx interval: 0 s, local negotiated echo tx interval: 0 s

Echo detection time: 0 s(0 s*3), async detection time: 750 ms(250 ms*3)

Local Stats:

Intervals between async packets:

   Tx: Number of intervals=100, min=211 ms, max=252 ms, avg=235 ms

       Last packet transmitted 125 ms ago

   Rx: Number of intervals=100, min=211 ms, max=252 ms, avg=231 ms

       Last packet received 2 ms ago

Intervals between echo packets:

   Tx: Number of intervals=0, min=0 s, max=0 s, avg=0 s

       Last packet transmitted 0 s ago

   Rx: Number of intervals=0, min=0 s, max=0 s, avg=0 s

       Last packet received 0 s ago

Latency of echo packets (time between tx and rx):

   Number of packets: 0, min=0 us, max=0 us, avg=0 us

Session owner information:

  Client               Desired interval     Multiplier   

  -------------------- -------------------- --------------

  isis-IGP             15 ms                3            

RP/0/RSP0/CPU0:EC-LAB1#

Could someone help me understand if this outputs and the configuration are correct? If yes, why?

Thanks!

Cheers,

PM

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

BFD Question

Hello PM,

That is expected. Bundle VLAN sessions are restricted to an interval of 250 milliseconds and a multiplier of 3. More aggressive parameters are not allowed.

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.0/interfaces/configuration/guide/hc40bifw.html

Regards,

/A

8 REPLIES
Cisco Employee

BFD Question

Hello PM,

That is expected. Bundle VLAN sessions are restricted to an interval of 250 milliseconds and a multiplier of 3. More aggressive parameters are not allowed.

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.0/interfaces/configuration/guide/hc40bifw.html

Regards,

/A

New Member

BFD Question

Thanks Alexei,

But why am I able to configure it with a more aggressive parameters if they are not allowed?

Cheers,

PM

Cisco Employee

BFD Question

The meaning here is that you can configure it, but the configuration won’t be applied and the min allowed would be used instead.

Regards,

/A

New Member

BFD Question

Hi,

              As a part of this discussion I would like to share my doubt. I know bi-directional key-chain is using in XR for security. May I know Is there uni directionnal key-chain(having send and receive options) available in XR ? I am expecting your precious response.

Cisco Employee

BFD Question

You mean BFD authentication? That we don't support. The amount of overhead associated with it and the lack of true security that it gives made us decide not to implement that.

Now with multihop BFD this serves more purpose, but then still there is a TTL check on it already.

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

BFD Question

Hi Xander,

                   I meant the ip sec key-chain. Is there any uni diractional(eg:send direction, receive direction) key exchange mechanism available in ASR 9k ? I know there is bi directinal key exchange is availble.

Cisco Employee

BFD Question

Shiras,

no authentication or encryption for BFD.

xander

Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR
New Member

BFD Question

Hi Xander,

                    Thanks for your replay. I am clarifying my question. I am asking about these commands (key chain key-chain-name), ( "accept-lifetime start-time [duration duration value| infinite| end-time]"). Is thete

any uni directional  key exchange available in ipsec ??

996
Views
7
Helpful
8
Replies
CreatePlease to create content