Re: BFP flapping with IP verify source reachable-via ANY

sebastien3 · ‎04-16-2023

Hello,

If I enable ip verify unicast source reachable-via any on the interface which is connected to another router, BFD is unstable !

interface TenGigabitEthernet0/3/0.10
description *** To R2 ***
encapsulation dot1Q 10
ip address 10.0.1.1 255.255.0.0
no ip redirects
no ip proxy-arp
ip verify unicast source reachable-via any
bfd interval 750 min_rx 750 multiplier 3

Apr 17 07:59:52: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:2065 handle:8,is going Down Reason: ECHO FAILURE
Apr 17 07:59:52: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:2065 handle:8 is going UP

Apr 17 07:59:57: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:2065 handle:8,is going Down Reason: ECHO FAILURE
Apr 17 07:59:57: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:2065 handle:8 is going UP

Apr 17 08:00:03: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:2065 handle:8,is going Down Reason: ECHO FAILURE
Apr 17 08:00:03: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:2065 handle:8 is going UP

Now if I use ip verify unicast source reachable-via any allow-self-ping BFD is stable ans UP but the counter increments a lot :

IP verify source reachable-via ANY, allow self-ping
22817 verification drops
2138947 suppressed verification drops
0 verification drop-rate

An idea of the problem ?

marce1000 · ‎04-16-2023

- On which platform (device model) are you experiencing this issue ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

sebastien3 · ‎04-16-2023

ASR 1002/1004 with IOS adventerprisek9.03.16.10.S.155-3.S10-ext

Flavio Miranda · ‎04-16-2023

Hi

Take a look on this very good article

https://nsrc.org/workshops/2019/mnnog1/riso/networking/routing-security/en/labs/uRPF.html

In short, by using the command you are enabling uRPF and the logs confirm

"Reason: ECHO FAILURE"

By using the commamd allow-self-ping you fix it.

About the drops, make sure it is incrementing or it is previuos drops.

sebastien3 · ‎04-16-2023

Hi @Flavio Miranda

The drops still increment with allow-self-ping... Both routers use EIGRP through this interface.

paul driver · ‎04-16-2023

Hello
Why are you using uRPF with a BFD in this case anyway, using BFD suggest you wish to speed up convergence of some dynamic routing process so appending uRPF doesn't seem applicable

As for uRPF using the "any" keyword doesn't like the use default routes, meaning it will allow return traffic on "any" interface as long as there is a route from that destination in the route table, otherwise you need to append the "allow default"

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

sebastien3 · ‎04-17-2023

Hi @paul driver

Why would uFPF be incompatible with BFD (EIGRP/BGP) ?

MHM Cisco World · ‎04-17-2023

What you meaning unstable? Can you more elaborate?

sebastien3 · ‎04-17-2023

BFD UP/DOWN, see log :

Apr 17 07:59:52: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:2065 handle:8,is going Down Reason: ECHO FAILURE
Apr 17 07:59:52: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:2065 handle:8 is going UP

Apr 17 07:59:57: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:2065 handle:8,is going Down Reason: ECHO FAILURE
Apr 17 07:59:57: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:2065 handle:8 is going UP

Apr 17 08:00:03: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:2065 handle:8,is going Down Reason: ECHO FAILURE
Apr 17 08:00:03: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:2065 handle:8 is going UP

MHM Cisco World · ‎04-17-2023

What timer you use ?

sebastien3 · ‎04-17-2023

bfd interval 750 min_rx 750 multiplier 3

MHM Cisco World · ‎04-17-2023

timer is good it not low and little bit high,
can you disable bfd echo in both interface in both sides.
interface x/x
no bfd echo

Cisco Doc. for any one see the post later
• BFD echo mode and Unicast Reverse Path Forwarding (URPF) are mutually exclusive and cannot both
be enabled on a BFD interface. If you want to configure an interface for BFD, you must disable either
BFD echo mode or URPF.

NOTE:- update us when this issue is solve.

Thanks
MHM

sebastien3 · ‎04-17-2023

I used no bfd echo with ip verify unicast source reachable-via any and no more instability.

I admit I don't understand why knowing that BFD does not use echo ?

Drops still increment even with no bfd echo...

show bfd neighbors details => Session state is UP and not using echo function.

MHM Cisco World · ‎04-17-2023

Drops still increment even with no bfd echo... <<- what meaning of this ?
can I see
show bfd nei details

sebastien3 · ‎04-17-2023

NeighAddr LD/RD RH/RS State Int
10.0.1.2 2067/4449 Up Up Te0/3/0.10
Session state is UP and not using echo function.
Session Host: Software
OurAddr: 10.0.1.1
Handle: 8
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 750000, MinRxInt: 750000, Multiplier: 3
Received MinRxInt: 750000, Received Multiplier: 3
Holddown (hits): 1682(0), Hello (hits): 750(22227)
Rx Count: 4374, Rx Interval (ms) min/max/avg: 3/755/658 last: 568 ms ago
Tx Count: 4376, Tx Interval (ms) min/max/avg: 3/751/658 last: 503 ms ago
Elapsed time watermarks: 0 0 (last: 0)
Registered protocols: EIGRP CEF
Uptime: 00:48:00
Last packet: Version: 1 - Diagnostic: 0
State bit: Up - Demand bit: 0
Poll bit: 0 - Final bit: 0
C bit: 0
Multiplier: 3 - Length: 24
My Discr.: 4449 - Your Discr.: 2067
Min tx interval: 750000 - Min rx interval: 750000
Min Echo interval: 0