01-10-2017 10:59 AM - edited 03-08-2019 08:51 AM
Hi everybody,
Please consider the following example:
R2--24.24.24.2---LDP--24.24.24.4- f1/0-R4
R2 and R4 has LDP neighbor relationship established, they also have TCP session established.
Next, I apply ACL under f1/0 denying all TCP incoming on R4:
R4#show access-lists 101
Extended IP access list 101
10 deny tcp any any (120 matches)
20 permit ip any any (201 matches)
R4(config)#int f1/0
R4(config-if)#ip access-group 101 in
Jan 10 11:39:31.823: %LDP-5-NBRCHG: LDP Neighbor 24.24.24.2:0 (1) is DOWN (Session KeepAlive Timer expired)
Above we can see LDP neighbor is down because Session KeepAlive Timer expired.
Next we modify ACL 101 , allowing TCP but denying UDP.
R4#show access-lists 101
Extended IP access list 101
10 permit tcp any any (6 matches)
20 deny udp any any (6 matches)
30 permit ip any any (1 match)
Jan 10 11:50:51.115: %LDP-5-NBRCHG: LDP Neighbor 24.24.24.2:0 (1) is DOWN (Discovery Hello Hold Timer expired
Above we see LDP neighbor is down because Discovery Hello Hold Timer expired.
Question:
Both Hold time and session keep alive timer above achieve the same result to determine if LDP neighbor is down or not. ( you may argue session keep alive timer is to declare TCP session being down but effectively it means LDP neighbor is also down as shown above), so why cant' we use one timer to determine if LDP neighbor is down for e.g hello hold time?
Thanks and have a nice day!!
03-02-2017 12:34 PM
I guess the main reason is that TCP session between two LDP neighbors does not necessarily need to be established on the same link that Hello messages are send on.
Refer to the topology on the picture I attached. Let's say we are establishing LDP between R1 and R3's e 0/0, but loopback interfaces are advertised via OSPF not on e 0/0 interfaces, but rather via R1's e 0/1 and R3's e 0/2. So Hello packets are send via one interfaces and TCP keepalives via another. (Can't really think of case where you would need configuration like this, but anyway)
If only Hello packets are used for checking if our neighbor is down, we won't be able to determine if there's problem with TCP session (for example, if R2 goes down), so that's why you need both type of messages.
.
03-02-2017 12:37 PM
Thanks, Let me digest this:) Long day , not much brain power left.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide