03-27-2012 01:56 PM - edited 03-04-2019 03:49 PM
I would like to use BFD for Tunnel Endpoint Liveness detection (as mentioned in BFD white papers)
Router A:
interface GigabitEthernet0/0
ip vrf forwarding INNER
ip address 1.1.1.1 255.255.255.252
bfd interval 50 min_rx 50 multiplier 3
interface Loopback1
ip vrf forwarding INNER
ip address 2.2.2.1 255.255.255.255
interface Tunnel1
ip vrf forwarding OUTER
ip address 3.3.3.1 255.255.255.2
tunnel source 2.2.2.1
tunnel destination 2.2.2.2
tunnel mode ipsec ipv4
tunnel protection ipsec profile WHATEVER
tunnel vrf INNER
router eigrp 1
address-family ipv4 vrf INNER autonomous-system 2
bfd all-interfaces
network 1.1.1.0 0.0.0.3
network 2.2.2.0 0.0.0.255
address-family ipv4 vrf OUTER autonomous-system 3
network 3.3.3.0 0.0.0.3
Router B:
interface GigabitEthernet0/0
ip vrf forwarding INNER
ip address 1.1.1.2 255.255.255.252
bfd interval 50 min_rx 50 multiplier 3
interface Loopback1
ip vrf forwarding INNER
ip address 2.2.2.2 255.255.255.255
interface Tunnel1
ip vrf forwarding OUTER
ip address 3.3.3.2 255.255.255.2
tunnel source 2.2.2.2
tunnel destination 2.2.2.1
tunnel mode ipsec ipv4
tunnel protection ipsec profile WHATEVER
tunnel vrf INNER
router eigrp 1
address-family ipv4 vrf INNER autonomous-system 2
bfd all-interfaces
network 1.1.1.0 0.0.0.3
network 2.2.2.0 0.0.0.255
address-family ipv4 vrf OUTER autonomous-system 3
network 3.3.3.0 0.0.0.3
Routers A and B are connected via their respective interfaces Gi0/0. Network 1.1.1.0/30 comes up, EIGRP neighborship between 1.1.1.1 and 1.1.1.2 in VRF INNER is established and both sides learn about 2.2.2.1 and 2.2.2.2 respectively. This means the tunnel endpoints can be reached and Tunnel1 comes up, hence EIGRP neighborship between 3.3.3.1 and 3.3.3.2 in VRF OUTER ist established.
Now when I disconnect Gi0/0, BFD kicks in and tears down the EIGRP neighborship in VRF INNER almost instantly. This makes 2.2.2.2 unreachable from Router A, so I would expect Tunnel1 to go down the same moment because the tunnel endpoint can no longer be reached. Instead, the tunnel goes down not before 15 or 20 seconds have elapsed and likewise the EIGRP neighborship in VRF OUTER times out.
What I would like to see: connection loss between Router A and B tears down EIGRP neighborship in VRF OUTER in the sub second range. Can this be done?
Regards,
Robert
03-27-2012 02:57 PM
Robert,
This symptoms can be resolved with (Tunnel Keepalive). You just need to add a Keepalive to the Tunnel interface and you should see faster notification.
In the Tunnel Interface add the following:
Interface Tunnel1
Keepalive 1 3
HTH
Mohamed
03-28-2012 06:54 AM
Mohamed,
Keepalive can't be used with VRFs:
http://www.cisco.com/en/US/docs/ios/12_4/interface/configuration/guide/inb_tun.html#wp1093703
Regards,
Robert
03-28-2012 09:00 AM
Robert,
Ok, So the Keepalive is not supported with VRF.
Now, your Only option for a rapid convergence would be to use IP SLA. you can track the tunnel Destination from both ends which would achieve what you are looking for.
http://www.cisco.com/en/US/docs/ios/ipsla/command/reference/sla_05.html
Regards,
Mohamed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide