Solved: Re: Running BFD between 2 direct Nexus 9k switches

Rajeeradan · ‎12-14-2022

Gentlemen,

I see the reason to run BFD between 2 N9k switches which are connected by a Layer 2 switch. But do you see a reason to run BFD between couple of Nexus 9k switches that are directly connected?(We are running BGP in between them)

MHM Cisco World · ‎12-14-2022

simple lab,

now direct connect Peer R1 & R2
config BGP
I shut down the interface between two peer,
this interface direct connect and it down but
BGP need 2-3 min to detect this failed

same lab but with BFD, it take Sec's to detect the failed

why ?
because not like static route, where when the interface down the router or SW directly remove the route from RIB
the routing protocol OSPF EIGRP and BGP using keepalive message (hello) if it not receive then the Peer declare that the neighbor is dead.
this time is fast in OSPF but slow in BGP so we need BFD even if connect peer directly.
this my Opinion.
thanks

View solution in original post

MHM Cisco World · ‎12-14-2022

Yes BGP is so slow, the NSK will not detect down peer in shot time and forward traffic which will drop in blackhole.
L2 meaning you use SVI to connect both NSK,
if yes then you must check this doc.

An ASIC reset causes traffic disruption for other ports and it can cause the SVI sessions on the other ports to flap. For example, if the carrier interface is a virtual port channel (vPC), BFD is not supported over the SVI interface and it could cause a trigger for an ASIC reset. When a BFD session is over SVI using virtual port channel (vPC) Peer-Link, the BFD echo function is not supported. You must disable the BFD echo function for all sessions over SVI between vPC peer nodes.

Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 6.x - Configuring Bidirectional Forwarding Detection [Cisco Nexus 9000 Series Switches] - Cisco

Rajeeradan · ‎12-14-2022

@MHM Cisco World Thank you for the comment. I should have worded properly.

Do you see a reason to run BFD between these Nexus switches. These are the Nexus 9ks EDGE switches in the data center. We are doing BGP in between them. I'm thinking we don't need to run BFD between them since there is a direct connection between the switches. If the link fails, the BGP will go down immediately(Because of Interface down). Am I missing something? Just trying to get your thoughts.

MHM Cisco World · ‎12-14-2022

simple lab,

now direct connect Peer R1 & R2
config BGP
I shut down the interface between two peer,
this interface direct connect and it down but
BGP need 2-3 min to detect this failed

same lab but with BFD, it take Sec's to detect the failed

why ?
because not like static route, where when the interface down the router or SW directly remove the route from RIB
the routing protocol OSPF EIGRP and BGP using keepalive message (hello) if it not receive then the Peer declare that the neighbor is dead.
this time is fast in OSPF but slow in BGP so we need BFD even if connect peer directly.
this my Opinion.
thanks

Rajeeradan · ‎12-15-2022

Hi @MHM Cisco World , Thanks for the detailed explanation. This clearly answers my question. Instead of Testing on the Nexus switches, I was playing on Cisco IOS switches which were doing EBGP. I noticed when I shut down the interface, the BGP instantly went down without waiting for the BGP hold-down timer. That's when I thought of creating a post to ask about the necessity of having BFD when they are directly connected. Turned out to be there is a

default

command on the Cisco IOS called

ebgp fast-external-failover

causing that behavior. We are doing IBGP in the data center. So that command won't work in the data center. Like you said, the Nexus switches have to wait for the BGP hold-down timer to expire. Thanks again for your input. I appreciate it.

MHM Cisco World · ‎12-16-2022

You are so so welcom