Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1360
Views
5
Helpful
5
Replies

BFD support for DMVPN in ISR 4K?

Go to solution
n.bokhar1
Level 1
Level 1

‎04-04-2019 06:52 AM

hello all

does anyone know if BFD for DMVPN is supported on ISR4K and if yes which version of software we should use

and if no what can I do to achieve fast convergence on multiple DMVPN clouds?

 

thank in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to n.bokhar1

‎05-29-2019 03:38 AM

Hello n.bokhar1,

here in the forums we see many issues arising for ISR 4300 platforms caused by licensing.

So the question asked by Georg is not out of context.

 

Can you post show license all of your device?

 

About the feature BFD for DMVPN:

the document describing the feature shows clearly that the feature has limited  capabilities

see the restriction section

>>NHRP currently acts only on BFD down events and not on up events.

 

The feauture has been introduced for those DMVPN not using IPSec encryption

>> In non-crypto deployments, spoke can detect hub failure only after NHRP registration timeout but hub cannot detect a spoke failure until cache on hub expires (even though routing can re-converge much earlier). BFD allows for a very fast detection for such a failure. 

 

Are you using IPSec protection on your DMVPN, can you enable DPD dead peer detection ?

What routing protocol are you using over the MGRE tunnel ?

 

Also BFD has been introduced for point to point networks. DMVPN are multipoint in nature.

In other terms in a DMVPN you will have on the hub one BFD session for each spoke router.

This limits scalability of the DMVPN.

>> A single DMVPN hub with BFD can be scaled to a maximum of 4095 sessions on a Cisco Aggegation Service Router 1000 Series since the number of BFD sessions on these platforms is limited to 4095 currently. Regular methods of scaling DMVPN like clustering, Server Load Balancing (SLB), hierarchical designs, etc still apply. This does not impact DMVPN scale without BFD. 

 

Final note: it is not clear what happens for Spoke to Spoke dynamic tunnels. They are mentioned

>> BFD intervals configured on the peers should be the same in the BFD echo mode for spoke to spoke refresh to work as expected. 

 

The question is the following: would be the Spoke to Spoke tunnel be turned down when no needed as expected or the BFD session between the Spokes will keep it up for ever?

 

Hope to help

Giuseppe

 

View solution in original post

5 Replies 5

Go to solution
Georg Pauwen
VIP
VIP

‎04-04-2019 07:25 AM

Hello,

 

BFD for DMVPN was introduced in Cisco IOS Release 16.3, according to the document linked below:

 

BFD Support on DMVPN

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-16/sec-conn-dmvpn-xe-16-book/sec-conn-dmvpn-bfd-support.html

0 Helpful

Go to solution
n.bokhar1
Level 1
Level 1
In response to Georg Pauwen

‎04-05-2019 11:31 PM

yes I have read that document but that document is for ASR1000 series also i didn't saw the ISR4000 series in a supported platform for "BFD support for DMVP" list in Cisco feature navigator
but I can use BFD command on my DMVPN tunnels and when I use "show dmvpn" command I get the result that they are working with BFD but when a link goes down I still get the same time to converge
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to n.bokhar1

‎04-06-2019 12:09 AM

Hello,

 

check Table 5 of the attached document. BFD is supportted on the ISR4K, you need AX (Application Experience):

 

Application Experience (AX)

IP Base + Security + advanced networking protocols: L2TPv3, BFD, MPLS, VRF, VXLAN[10] (Bandwidth <100Mbps)

 

https://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/data_sheet-c78-732542.html

0 Helpful

Go to solution
n.bokhar1
Level 1
Level 1
In response to Georg Pauwen

‎05-29-2019 02:11 AM

thank you very much but the issue is not whether or not ISR 4K supports BFD, it is if it has support for "BFD for DMVPN" it is a different feature and if anybody has ever had any experience using this on ISR 4k?

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to n.bokhar1

‎05-29-2019 03:38 AM

Hello n.bokhar1,

here in the forums we see many issues arising for ISR 4300 platforms caused by licensing.

So the question asked by Georg is not out of context.

 

Can you post show license all of your device?

 

About the feature BFD for DMVPN:

the document describing the feature shows clearly that the feature has limited  capabilities

see the restriction section

>>NHRP currently acts only on BFD down events and not on up events.

 

The feauture has been introduced for those DMVPN not using IPSec encryption

>> In non-crypto deployments, spoke can detect hub failure only after NHRP registration timeout but hub cannot detect a spoke failure until cache on hub expires (even though routing can re-converge much earlier). BFD allows for a very fast detection for such a failure. 

 

Are you using IPSec protection on your DMVPN, can you enable DPD dead peer detection ?

What routing protocol are you using over the MGRE tunnel ?

 

Also BFD has been introduced for point to point networks. DMVPN are multipoint in nature.

In other terms in a DMVPN you will have on the hub one BFD session for each spoke router.

This limits scalability of the DMVPN.

>> A single DMVPN hub with BFD can be scaled to a maximum of 4095 sessions on a Cisco Aggegation Service Router 1000 Series since the number of BFD sessions on these platforms is limited to 4095 currently. Regular methods of scaling DMVPN like clustering, Server Load Balancing (SLB), hierarchical designs, etc still apply. This does not impact DMVPN scale without BFD. 

 

Final note: it is not clear what happens for Spoke to Spoke dynamic tunnels. They are mentioned

>> BFD intervals configured on the peers should be the same in the BFD echo mode for spoke to spoke refresh to work as expected. 

 

The question is the following: would be the Spoke to Spoke tunnel be turned down when no needed as expected or the BFD session between the Spokes will keep it up for ever?

 

Hope to help

Giuseppe

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card