Suboptimal OSPF convergence with SVIs

Rolf Fischer · ‎01-30-2012

Today we interconnected new datacenter-switches via SVIs and OSPF as routing protocol. After finishing the configuration we made some failover/redundancy tests and were surprised by the fact that convergence took more than 40 seconds. The reason is that -even it the physical port is shutdown- the SVI (“vlan-interface”) is still up so that OSPF is only able to detect the failure by waiting until DeadInterval expires.

As a first workaround we tuned the hello and dead timers to 1sec/4sec which gives a much better result in terms of convergence, but compared with LinkDown on a routed port it’s still slow.

The “switchport autostate exclude” option doesn’t really seem to be an alternative, and “switchport trunk allowed vlan ...” I don’t consider either a good solution.

Does anybody know a better way to overcome this?

Thanks in advance.

Joseph W. Doherty · ‎01-30-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I believe, the vlan should go down if there are no up ports on that vlan. So, can insure vlan being used for routing is the only active port?

Otherwise, you might want to consider, if possible, moving to dedicated p2p routed links.

Lastly, if your stuck with your physical topology, if your platform supports it, you could also try subsecond OSPF or OSPF using BFD.

Rolf Fischer · ‎01-30-2012

Some additional information:

We're connecting EtherChannels from our Coreswitches to virtual PortChannels (vPCs) of the Nexus datacenter-switches.

At the coreswitches we have many Uplink-Trunks, so the SVI keeps UP as long there is at least one (trunk-)port up and STP Fwd for that VLAN.

We have to use a multiaccess network type (broadcast) because using vPCs means having 2 OSPF neighbors per segment.

Joseph W. Doherty · ‎01-30-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

In that case, (and if supported) OSPF using BFD might be your best possible option.

glen.grant · ‎01-30-2012

You also have to remember you are dealing with spanning tree using SVI"s , that's probably where a big chunk of your time is coming from waiting for spanning tree to converge . Is this on a trunk for some reason ? I think if you used a /30 connecting vlan SVI and just put it in as an access port it would drop the SVI a lot faster . Using portfast on the links might help seeing you will only have 2 ports assigned to that vlan and the risk would be very low seeing only 2 ports will be in that vlan as a routed crosslink. Not knowing how you are setup we are really just guessing. The SVI should go down almost immediately if thats the only link that vlan is allowed . If you have any other trunk links and you are not in the habit of manually pruning off unneeded vlans (best practice) then yes the SVI will not go down because if that vlan is allowed in any other trunk the SVI stays up .

Mohamed Sobair · ‎01-30-2012

Hello,

This is a vPC peer link between two nexus, and it requires layer-2 ehterchannel ports (Trunk ports).

As Denoted by other poster, OSPF BFD is designed for rapid convergence since it will detect any phisical layer failure fastert than the routing protocol running on top, because it has periodic hello and keepalive mechanism. once a physical layer failure is detected, the UPPER layer Protocol is immidiately informed, hence the convergence is quite faster with BFD.

Regards,

Mohamed