Re: ospf timer vs keep alive

anton gold · ‎02-12-2025

What is better to configure on tunnel
keepalive 1 3 or ospf hello interval 1 dead interval 3?
and if both are configure which one trigger first?

paul driver · ‎02-12-2025

Hello
The two are different,

-ospf timers relate to the ospf adjacency
- tunnel keep-alive are used to monitor either end of tunnel for by default they are stateless so are not aware of each others line state

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul driver · ‎02-13-2025

Hello
Just like to add following M02@rt37 comments,
IF ospf is running over the tunnel with/without keepalives , the OSPF adjacency can be torn down and the tunnel can still be up However if the tunnel goes down first so will the ospf adjacency

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

M02@rt37 · ‎02-13-2025

Hello @anton gold

If both keepalive and OSPF timers are configured, the tunnel keepalive mechanism will trigger first. Since the keepalive feature directly affects the tunnel interface status, it can bring the interface down before OSPF even detects that its neighbor is unreachable. Once the tunnel interface goes down due to failed keepalives, OSPF will immediately recognize this change and remove the affected routes, leading to faster convergence. In contrast, if only OSPF timers are used, the tunnel interface remains up even if the OSPF adjacency is lost, and failover depends solely on OSPF’s ability to detect the missing neighbor.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World · ‎02-13-2025

Keepalive is better'

When keepalive detect loss of remote peer' tunnel is down and also ospf will be down.

For ospf keep defualt timer it better dont modify these settings.

MHM

Joseph W. Doherty · ‎02-13-2025

Which is better? It depends on your goals and how the two work. If your only goal is to limit a routing black hole to about 3 seconds, more or less, they're about equal. If that's the case, and since OSPF hellos are required, while tunnel keepalives are an option, and both are control plane consumers, it would seem using additional tunnel keepalives is stupid. Ah, but is it?

The biggest "feature" of using tunnel keepalives, they take the interface down, which often can trigger an SNMP based alarm, while triggering a similar management alarm, due to an OSPF change, is often more complicated to obtain.

You also ask, which will trigger first. That's unpredictable assuming the OSPF hello packets and the tunnel keep alive packet are not using the one and same packet for both. If they are not, depending on exactly when a failure occurs, either protocol could have up to a 1 second (assuming 1 second intervals) jump on detecting the outage. Of course, if the tunnel keep alive wins the race it will notify OSPF interface is down, but if OSPF wins the race, tunnel will be up, but not routed across, for up to a second (a non issue).

To recap, if you want any easy way to trigger a management interface down, you can additionally use tunnel keep alives. Unfortunately, I recall not all tunnel kinds support them.

Also if you want faster outage detection, it may require OSPF, as I don't recall tunnel keep alives supporting subsecond timers and/or BFD.