BFP flapping with IP verify source reachable-via ANY - Page 2

sebastien3 · ‎04-16-2023

Hello,

If I enable ip verify unicast source reachable-via any on the interface which is connected to another router, BFD is unstable !

interface TenGigabitEthernet0/3/0.10
description *** To R2 ***
encapsulation dot1Q 10
ip address 10.0.1.1 255.255.0.0
no ip redirects
no ip proxy-arp
ip verify unicast source reachable-via any
bfd interval 750 min_rx 750 multiplier 3

Apr 17 07:59:52: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:2065 handle:8,is going Down Reason: ECHO FAILURE
Apr 17 07:59:52: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:2065 handle:8 is going UP

Apr 17 07:59:57: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:2065 handle:8,is going Down Reason: ECHO FAILURE
Apr 17 07:59:57: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:2065 handle:8 is going UP

Apr 17 08:00:03: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:2065 handle:8,is going Down Reason: ECHO FAILURE
Apr 17 08:00:03: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:2065 handle:8 is going UP

Now if I use ip verify unicast source reachable-via any allow-self-ping BFD is stable ans UP but the counter increments a lot :

IP verify source reachable-via ANY, allow self-ping
22817 verification drops
2138947 suppressed verification drops
0 verification drop-rate

An idea of the problem ?

MHM Cisco World · ‎04-17-2023

My Discr.: 4449 - Your Discr.: 2067 <<- you meaning this count ? I will check

sebastien3 · ‎04-17-2023

No, the output of sh ip interface tenGigabitEthernet 0/3/0.10 :

TenGigabitEthernet0/3/0.10 is up, line protocol is up
*
IP verify source reachable-via ANY
30416 verification drops
2372055 suppressed verification drops
0 verification drop-rate

sebastien3 · ‎04-17-2023

I hadn't seen @MHM Cisco World remark about BFD+uRPF. This also ties in with @paul driver remark

I don't really know if I'm using it properly...
Here is a diagram on the use case. What is your opinion ?

BFD echo mode and Unicast Reverse Path Forwarding (URPF) are mutually exclusive and cannot both
be enabled on a BFD interface. If you want to configure an interface for BFD, you must disable either
BFD echo mode or URPF.

MHM Cisco World · ‎04-17-2023

I dont say you can't config bfd with urpf but I meaning you can't use bfd echo mode with urpf.

So keep you config as it except disable echo mode of bfd.

Note:- bfd can work fine without echo mode enable.

Hope this answer your Q.

sebastien3 · ‎04-18-2023

OK @MHM Cisco World ! I keep ip verify unicast source reachable-via any.

I can't find the command to clean the uRPF drops in the interface, do you know this one ?

I also have trouble finding and logging the uRPF drops... debug ip cef drops and debug ip verify mib don't help me !

MHM Cisco World · ‎04-18-2023

two way
1- using log with ACL you use with uRPF
Unicast Reverse Path Forwarding (uRPF) – integrating IT (wordpress.com)

2- using show ip traffic
in drop unicast RPF