Re: Protecting Multihop BFD during RLFA/TI-LFA Local Repair

muthu.arul · ‎01-21-2019

Hi All,

I've a question on Multihop BFD protection on XR platforms.

Multihop BFD (RFC 5883) packets are sent over UDP/IP. The encapsulation used is identical to single hop BFD (RFC 5881) except that the UDP destination port is set to 4784.

Now, suppose on the ingress node there is no IP/LFA backup path for the destination address tracked by multihop BFD, but there exists an RLFA or TI-LFA (1-segment or 2-segment) backup path to that destination. In this case, does IPOS XR platforms support protecting multihop BFD packets over the RLFA or TI-LFA (1-segment or 2-segment) backup paths i.e do they keep the multihop BFD session up if the outgoing link or nexthop neighbor for the primary path goes down?

Regards,

Muthu

Aleksandar Vidakovic · ‎01-23-2019

On asr9k multi-hop BFD sessions are hosted on any line card. The async packets are generated and received by the LC CPU (we don't support echo on MH BFD sessions). It doesn't matter on which NP/interface are packets received. As long as valid path exists to the MH BFD peer, the BFD session will be up. The MH BFD session will flap only if the line card that hosts the MH BD session is reloaded. In that case another LC has to take ownership of that session and initialise it.

See the "Implementing BFD" chapter of latest ASR9000 Routing Configuration Guides at http://www.cisco.com/en/US/products/ps9853/products_installation_and_configuration_guides_list.html and the https://wiki.cisco.com/display/CSGCHENNAI/BFD+IOS-XR+Information document for more info on MH BFD sessions.

On NCS5500 the implementation is slightly different because the MH BFD session is offloaded to the NP0 of the host line card. Everything else I wrote applies to NCS5500 as well.

Hope this helps.

muthu.arul · ‎01-23-2019

Thanks for the inputs. A follow up question for me to understand better:

Suppose there is a primary IP path and an LSP path to the remote PE loopback (i.e BGP nexthop tracked using MH-BFD). In this case, are the MH-BFD packets generated by the LC CPU on ASR9K sent over the IP path or LSP path?

Regards,

Muthu

Aleksandar Vidakovic · ‎01-24-2019

BFD will rely on FIB to provide the forwarding information. Based on that the appropriate next hop and encapsulation will be applied.

aariaei · ‎12-03-2023

Are BFD packets always encapsulated using SID-Label to leverage the forwarding plane FRR mechanism? Some vendors opt not to encapsulate multi-hop BFD using MPLS Label directly. They have a few tricks, like configuring a static route to the NH and using an indirect next-hop resolution to an MPLS LSP path.

Aleksandar Vidakovic · ‎12-04-2023

hi @aariaei ,

I suppose you are referring to multi-hop BFD session. BFD is not SR aware, it doesn't know what is a SID label. On IOS XR routers BFD has a shortcut into forwarding plane, to ensure that packets are sent out as quickly as possible. As a consequence they are sent out as clear IP packets.
When BFD protects an MPLS-TE tunnel , the MPLS interface is the output interface. In that case BFD will send out a packet with MPLS encapsulation, but the label comes from the tunnel-te interface, not from the resolution of the forwarding chain.

I hope this helps. It's possible that I have misunderstood the question; if that is the case please restate your question with more details of the actual scenario that you need to resolve.

/Aleksandar

aariaei · ‎02-04-2024

Hi,

If we have SR (with FRR and TI-LFA enabled) and anticipate micro-loops during ISIS convergence, based on the explanation provided, we expect BFD packets to be dropped while ISIS is converging if link failure happens in several places and a micro loop happens. However, if SR-LSP is used, a Loop-Free Path to the destination is always available for MH-BFD (in most cases ), even during the convergence of the underlying IGP. I am curious about how BFD sessions will remain up if the convergence time extends, potentially leading to BFD session drops. appreciate it if you provide me a design or cisco valid document.

thanks

Aleksandar Vidakovic · ‎02-05-2024

hi @aariaei ,

if you are protecting the SRTE policy with BFD, in that case BFD packets will be encapsulated into MPLS (or SRv6). E.g.:

segment-routing
 traffic-eng
  policy foo
   bfd
    minimum-interval 500
    multiplier 3
    invalidation-action down
    logging
     session-state-change

BFD sessions configured under IGP or BGP configuration are sent out as clear IP.

best,
/Aleksandar