Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1253
Views
2
Helpful
20
Replies

BFP flapping with IP verify source reachable-via ANY

sebastien3
Level 4
Level 4

‎04-16-2023 11:10 PM

Hello,

If I enable ip verify unicast source reachable-via any on the interface which is connected to another router, BFD is unstable !

interface TenGigabitEthernet0/3/0.10
description *** To R2 ***
encapsulation dot1Q 10
ip address 10.0.1.1 255.255.0.0
no ip redirects
no ip proxy-arp
ip verify unicast source reachable-via any
bfd interval 750 min_rx 750 multiplier 3

Apr 17 07:59:52: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:2065 handle:8,is going Down Reason: ECHO FAILURE
Apr 17 07:59:52: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:2065 handle:8 is going UP

Apr 17 07:59:57: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:2065 handle:8,is going Down Reason: ECHO FAILURE
Apr 17 07:59:57: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:2065 handle:8 is going UP

Apr 17 08:00:03: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:2065 handle:8,is going Down Reason: ECHO FAILURE
Apr 17 08:00:03: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:2065 handle:8 is going UP

Now if I use ip verify unicast source reachable-via any allow-self-ping BFD is stable ans UP but the counter increments a lot :

IP verify source reachable-via ANY, allow self-ping
22817 verification drops
2138947 suppressed verification drops
0 verification drop-rate

An idea of ​​the problem ?

Labels:
0 Helpful
20 Replies 20

MHM Cisco World
VIP
VIP
In response to sebastien3

‎04-17-2023 04:40 AM

My Discr.: 4449 - Your Discr.: 2067 <<- you meaning this count ? I will check 

0 Helpful

sebastien3
Level 4
Level 4
In response to MHM Cisco World

‎04-17-2023 04:43 AM

No, the output of sh ip interface tenGigabitEthernet 0/3/0.10 :

TenGigabitEthernet0/3/0.10 is up, line protocol is up
*
IP verify source reachable-via ANY
30416 verification drops
2372055 suppressed verification drops
0 verification drop-rate

0 Helpful

sebastien3
Level 4
Level 4
In response to sebastien3

‎04-17-2023 09:49 AM

I hadn't seen @MHM Cisco World remark about BFD+uRPF. This also ties in with @paul driver remark

I don't really know if I'm using it properly...
Here is a diagram on the use case. What is your opinion ?

uRPF.jpg

BFD echo mode and Unicast Reverse Path Forwarding (URPF) are mutually exclusive and cannot both
be enabled on a BFD interface. If you want to configure an interface for BFD, you must disable either
BFD echo mode or URPF.

0 Helpful

MHM Cisco World
VIP
VIP
In response to sebastien3

‎04-17-2023 10:13 AM

I dont say you can't config bfd with urpf but I meaning you can't use bfd echo mode with urpf.

So keep you config as it except disable echo mode of bfd.

Note:- bfd can work fine without echo mode enable.

Hope this answer your Q.

0 Helpful

sebastien3
Level 4
Level 4
In response to MHM Cisco World

‎04-18-2023 05:46 AM

OK @MHM Cisco World ! I keep ip verify unicast source reachable-via any.

I can't find the command to clean the uRPF drops in the interface, do you know this one ?

I also have trouble finding and logging the uRPF drops... debug ip cef drops and debug ip verify mib don't help me !

0 Helpful

MHM Cisco World
VIP
VIP
In response to sebastien3

‎04-18-2023 07:23 AM

two way 
1- using log with ACL you use with uRPF
Unicast Reverse Path Forwarding (uRPF) – integrating IT (wordpress.com)

2- using show ip traffic 
in drop unicast RPF 

urpf-show1.png

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card