08-27-2012 10:14 AM
Hello All,
When trying to configure a BFD session bettween an ASR9K (Bundle-Ether) and a CRS-1 (TenGigE), I'm seeing a strange output. Althought I configure the sessions with an interval of 15ms and a multiplier of 3 (and the session cames UP), when I check the session details I see that the timeout is set to 750ms (250ms*3):
RP/0/RSP0/CPU0:EC-LAB1#sh bfd session
Mon Aug 27 17:46:14.572 WEST
Interface Dest Addr Local det time(int*mult) State
Echo Async
-------------------- --------------- ---------------- ---------------- ---------
BE160.2 10.1.6.1 0s(0s*0) 750ms(250ms*3) UP
BE160.3 10.1.8.41 0s(0s*0) 750ms(250ms*3) UP
BE160.4 10.1.8.2 0s(0s*0) 750ms(250ms*3) UP
BE161.4 10.1.8.6 0s(0s*0) 750ms(250ms*3) UP
BE161.5 10.1.8.10 0s(0s*0) 750ms(250ms*3) UP
BE161.2 10.1.8.33 0s(0s*0) 750ms(250ms*3) UP
BE161.3 10.1.6.9 0s(0s*0) 750ms(250ms*3) UP
RP/0/RSP0/CPU0:EC-LAB1#
RP/0/RSP0/CPU0:EC-LAB1#sh run router isis IGP inter bundle-ether 160.2
Mon Aug 27 17:46:35.583 WEST
router isis IGP
interface Bundle-Ether160.2
circuit-type level-2-only
bfd minimum-interval 15
bfd multiplier 3
bfd fast-detect ipv4
point-to-point
hello-password keychain ISIS
address-family ipv4 unicast
metric 500 level 2
mpls ldp sync level 2
!
!
!
RP/0/RSP0/CPU0:EC-LAB1#
When I check the detail in ASR9K side I noticed that the transmitted desired tx interval is 250 ms (???):
RP/0/RSP0/CPU0:EC-LAB1#sh bfd session detail interface bundle-ether 160.2
Mon Aug 27 18:04:25.573 WEST
I/f: Bundle-Ether160.2, Location: 0/1/CPU0, dest: 10.1.6.1, src: 10.1.6.2
State: UP for 0d:11h:57m:0s, number of times UP: 1
Session type: BFD_SESSION_TYPE_IP_SINGLEHOP
Received parameters:
Version: 1, desired tx interval: 15 ms, required rx interval: 15 ms
Required echo rx interval: 1 ms, multiplier: 3, diag: None
My discr: 2148597873, your discr: 2147811335, state UP, D/F/P/C/A: 0/0/0/1/0
Transmitted parameters:
Version: 1, desired tx interval: 250 ms, required rx interval: 250 ms
Required echo rx interval: 0 us, multiplier: 3, diag: None
My discr: 2147811335, your discr: 2148597873, state UP, D/F/P/C/A: 0/0/0/1/0
Timer Values:
Local negotiated async tx interval: 250 ms
Remote negotiated async tx interval: 250 ms
Desired echo tx interval: 0 s, local negotiated echo tx interval: 0 s
Echo detection time: 0 s(0 s*3), async detection time: 750 ms(250 ms*3)
Local Stats:
Intervals between async packets:
Tx: Number of intervals=100, min=211 ms, max=252 ms, avg=235 ms
Last packet transmitted 125 ms ago
Rx: Number of intervals=100, min=211 ms, max=252 ms, avg=231 ms
Last packet received 2 ms ago
Intervals between echo packets:
Tx: Number of intervals=0, min=0 s, max=0 s, avg=0 s
Last packet transmitted 0 s ago
Rx: Number of intervals=0, min=0 s, max=0 s, avg=0 s
Last packet received 0 s ago
Latency of echo packets (time between tx and rx):
Number of packets: 0, min=0 us, max=0 us, avg=0 us
Session owner information:
Client Desired interval Multiplier
-------------------- -------------------- --------------
isis-IGP 15 ms 3
RP/0/RSP0/CPU0:EC-LAB1#
Could someone help me understand if this outputs and the configuration are correct? If yes, why?
Thanks!
Cheers,
PM
Solved! Go to Solution.
08-27-2012 12:18 PM
Hello PM,
That is expected. Bundle VLAN sessions are restricted to an interval of 250 milliseconds and a multiplier of 3. More aggressive parameters are not allowed.
Regards,
/A
08-27-2012 12:18 PM
Hello PM,
That is expected. Bundle VLAN sessions are restricted to an interval of 250 milliseconds and a multiplier of 3. More aggressive parameters are not allowed.
Regards,
/A
08-28-2012 02:38 AM
Thanks Alexei,
But why am I able to configure it with a more aggressive parameters if they are not allowed?
Cheers,
PM
08-28-2012 02:43 AM
The meaning here is that you can configure it, but the configuration won’t be applied and the min allowed would be used instead.
Regards,
/A
02-18-2013 08:36 AM
Hi,
As a part of this discussion I would like to share my doubt. I know bi-directional key-chain is using in XR for security. May I know Is there uni directionnal key-chain(having send and receive options) available in XR ? I am expecting your precious response.
02-18-2013 09:13 AM
You mean BFD authentication? That we don't support. The amount of overhead associated with it and the lack of true security that it gives made us decide not to implement that.
Now with multihop BFD this serves more purpose, but then still there is a TTL check on it already.
xander
02-19-2013 09:56 AM
Hi Xander,
I meant the ip sec key-chain. Is there any uni diractional(eg:send direction, receive direction) key exchange mechanism available in ASR 9k ? I know there is bi directinal key exchange is availble.
02-19-2013 02:42 PM
Shiras,
no authentication or encryption for BFD.
xander
02-22-2013 09:43 AM
Hi Xander,
Thanks for your replay. I am clarifying my question. I am asking about these commands (key chain key-chain-name), ( "accept-lifetime start-time [duration duration value| infinite| end-time]"). Is thete
any uni directional key exchange available in ipsec ??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide