- New and Changed Information for the Interfaces NX-OS Configuration Guide
- Preface
- Overview
- Configuring Basic Interface Parameters
- Configuring Layer 2 Interfaces
- Configuring Layer 3 Interfaces
- Configuring Bidirectional Forwarding Detection
- Configuring Port Channels
- Configuring vPCs
- Configuring IP Tunnels
- Configuring Q-in-Q VLAN Tunnels
- IETF RFCs Supported by Cisco NX-OS Interfaces
- Configuration Limits for Cisco NX-OS Interfaces
- Information About BFD
- Licensing Requirements for BFD
- Prerequisites for BFD
- Guidelines and Limitations
- Default Settings
- Configuring BFD
Configuring Bidirectional Forwarding Detection
This chapter describes how to configure Bidirectional Forwarding Detection (BFD) on Cisco NX-OS devices.
Information About BFD
BFD is a detection protocol designed to provide fast forwarding-path failure detection times for media types, encapsulations, topologies, and routing protocols. You can use BFD to detect forwarding path failures at a uniform rate, rather than the variable rates for different protocol hello mechanisms. BFD makes network profiling and planning easier and reconvergence time consistent and predictable.
BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load can be distributed onto the data plane on supported modules.
This section includes the following topics:
- Asynchronous Mode
- BFD Detection of Failures
- Distributed Operation
- BFD Echo Function
- Security
- High Availability
- Virtualization Support
Asynchronous Mode
Cisco NX-OS supports the BFD asynchronous mode, which sends BFD control packets between two adjacent devices to activate and maintain BFD neighbor sessions between the devices. You configure BFD on both devices (or BFD neighbors). Once BFD has been enabled on the interfaces and on the appropriate protocols, Cisco NX-OS creates a BFD session, negotiates BFD session parameters, and begins to send BFD control packets to each BFD neighbor at the negotiated interval. The BFD session parameters include the following:
- Desired minimum transmit interval—The interval at which this device wants to send BFD hello messages.
- Required minimum receive interval—The minimum interval at which this device can accept BFD hello messages from another BFD device.
- Detect multiplier—The number of missing BFD hello messages from another BFD device before this local device detects a fault in the forwarding path.
Figure 5-1 shows how a BFD session is established. The figure shows a simple network with two routers running OSPF and BFD. When OSPF discovers a neighbor (1), it sends a request to the local BFD process to initiate a BFD neighbor session with the OSPF neighbor router (2). The BFD neighbor session with the OSPF neighbor router is now established (3).
Figure 5-1 Establishing a BFD Neighbor Relationship
BFD Detection of Failures
Once a BFD session has been established and timer negotiations are complete, BFD neighbors send BFD control packets that act in the same manner as an IGP hello protocol to detect liveliness, except at a more accelerated rate. BFD detects a failure, but the protocol must take action to bypass a failed peer.
BFD sends a failure detection notice to the BFD-enabled protocols when it detects a failure in the forwarding path. The local device can then initiate the protocol recalculation process and reduce the overall network convergence time.
Figure 5-2 shows what happens when a failure occurs in the network (1). The BFD neighbor session with the OSPF neighbor router is torn down (2). BFD notifies the local OSPF process that the BFD neighbor is no longer reachable (3). The local OSPF process tears down the OSPF neighbor relationship (4). If an alternative path is available, the routers immediately start converging on it.
Note The BFD failure detection occurs in less than a second, which is much faster than OSPF Hello messages could detect the same failure.
Figure 5-2 Tearing Down an OSPF Neighbor Relationship
Distributed Operation
Cisco NX-OS can distribute the BFD operation to compatible modules that support BFD. This process offloads the CPU load for BFD packet processing to the individual modules that connect to the BFD neighbors. All BFD session traffic occurs on the module CPU. The module informs the supervisor when a BFD failure is detected.
BFD Echo Function
The BFD echo function sends echo packets from the forwarding engine to the remote BFD neighbor. The BFD neighbor forwards the echo packet back along the same path in order to perform detection; the BFD neighbor does not participate in the actual forwarding of the echo packets. The echo function and the forwarding engine are responsible for the detection process. BFD can use the slow timer to slow down the asycnhronous session when the echo function is enabled and reduce the number of BFD control packets that are sent between two BFD neighbors. Also, the forwarding engine tests the forwarding path on the remote (neighbor) system without involving the remote system, so there is less interpacket delay variability and faster failure detection times.
The echo function is without asymmetry when both BFD neighbors are running echo function.
Note Unicast Reverse Path Forwarding check (uRPF) is disabled by default. If you need to enable it on an interface functioning with BFD, the BFD echo function must be disabled.
Security
Cisco NX-OS uses the packet Time to Live (TTL) value to verify that the BFD packets came from an adjacent BFD peer. For all asynchronous and echo request packets, the BFD neighbor sets the TTL value to 255 and the local BFD process verifies the TTL value as 255 before processing the incoming packet. For the echo response packet, BFD sets the TTL value to 254.
Beginning with Cisco NX-OS Release 5.2, you can configure SHA-1 authentication of BFD packets.
High Availability
BFD supports stateless restarts and in-service software upgrades (ISSUs). ISSU allows you to upgrade software without impacting forwarding. After a reboot or supervisor switchover, Cisco NX-OS applies the running configuration and BFD immediately sends control packets to the BFD peers.
Virtualization Support
BFD supports virtual routing and forwarding instances (VRFs). VRFs exist within virtual device contexts (VDCs). By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF. For more information, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x .
Licensing Requirements for BFD
The following table shows the licensing requirements for this feature:
Prerequisites for BFD
BFD has the following prerequisites:
- You must enable the BFD feature (see the “Enabling the BFD Feature” section).
- For any client protocols that you want to enable BFD on, you enable BFD in that client protocol. See the “Configuring BFD Support for Routing Protocols” section.
- Disable Internet Control Message Protocol (ICMP) redirect messages on a BFD-enabled interfaces.
- Disable the IP packet verification check for identical IP source and destination addresses in the default VDC.
- See other detailed prerequisites that are listed with the configuration tasks.
Guidelines and Limitations
BFD has the following configuration guidelines and limitations:
- BFD supports BFD version 1.
- BFD supports IPv4.
- BFD supports single-hop BFD.
- BFD for BGP supports single-hop EBGP and iBGP peers.
- BFD supports keyed SHA-1 authentication beginning with Cisco NX-OS Release 5.2.
- BFD supports the following Layer 3 interfaces—physical interfaces, port channels, subinterfaces, and VLAN interfaces.
- BFD depends on a Layer 3 adjacency information to discover topology changes, including Layer 2 topology changes. A BFD session on a VLAN interface (SVI) may not be up after the convergence of the Layer 2 topology if there is no Layer 3 adjacency information available.
- Port channel configuration limitations:
– For Layer 3 port channels used by BFD, you must enable LACP on the port channel.
– For Layer 2 port channels used by SVI sessions, you must enable LACP on the port channel.
– An ASIC reset will cause traffic disruption for other ports. This event could possibly cause SVI sessions on other ports to flap. Some triggers for an ASIC reset are port moves between VDCs, reloading a VDC, or if the carrier interface is a virtual port channel (vPC), BFD is not supported over the SVI interface.
– When you change the topology (for example, add or delete a link into a VLAN, delete a member from a Layer 2 port channel, and so on), the SVI session could be affected. It may go down first and then come up after the topology discovery is finished.
Tip If you do not want the SVI sessions to flap and you need to change the topology, you can disable the BFD feature before making the changes and reenable BFD after the changes have been made. You can also configure the BFD timer to be a large value (for example, 5 seconds), and change it back to a fast timer after the above events complete.
- BFD over VLAN interfaces that have member ports only on a N7K-F132XL-15 module are not supported. You should disable BFD over any VLAN with member ports only on a N7K-F132XL-15 module.
Note If you enable BFD at the router level (for example, from OSPF), any BFD sessions over a N7K-F132XL-15 linecard will not come-up. See the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x for information about OSPF and other routing protocols.
- When you configure the BFD Echo function on the distributed Layer 3 port channels, reloading a member module flaps the BFD session hosted on that module, which results in a packet loss.
If you connect the BFD peers directly without a Layer 2 switch in between, you can use the BFD per-link mode as an alternative solution.
Note Using BFD per-link mode and sub-interface optimization simultaneously on a Layer 3 port channel is not supported.
Default Settings
Table 5-1 lists the default settings for BFD parameters.
Configuring BFD
This section includes the following topics:
- Configuration Hierarchy
- Task Flow for Configuring BFD
- Enabling the BFD Feature
- Configuring Global BFD Parameters
- Configuring BFD on an Interface
- Configuring BFD on a Port Channel
- Configuring BFD Echo Function
- Optimizing BFD on Subinterfaces
- Configuring BFD Support for Routing Protocols
Configuration Hierarchy
You can configure BFD at the global level and at the interface or subinterface level (for physical interfaces and port channels). The interface or sub-interface configuration overrides global configuration. On supported interfaces, the subinterface-level configuration overrides the interface or port channel configuration unless subinterface optimization is enabled. See the “Optimizing BFD on Subinterfaces” section for more information.
Note Using BFD per-link mode and sub-interface optimization simultaneously on a Layer 3 port channel is not supported.
For physical ports that are members of a port channel, the member port inherits the master port channel BFD configuration. The member port subinterfaces can override the master port channel BFD configuration, unless subinterface optimization is enabled.
Task Flow for Configuring BFD
Follow these steps to configure BFD:
Step 1 Enabling the BFD Feature.
Step 2 Configuring Global BFD Parameters or Configuring BFD on an Interface.
Step 3 Configuring BFD Support for Routing Protocols.
Enabling the BFD Feature
You must enable the BFD feature before you can configure BFD on an interface and protocol within a device (VDC).
DETAILED STEPS
Use the no feature bfd command to disable the BFD feature and remove all associated configuration.
Configuring Global BFD Parameters
You can configure the BFD session parameters for all BFD sessions on the device. The BFD session parameters are negotiated between the BFD peers in a three-way handshake.
See the “Configuring BFD on an Interface” section to override these global session parameters on an interface.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Enable the BFD feature. See the “Enabling the BFD Feature” section.
SUMMARY STEPS
2. bfd interval mintx min_rx msec multiplier value
3. bfd slow-timer [ interval ]
DETAILED STEPS
Configuring BFD on an Interface
You can configure the BFD session parameters for all BFD sessions on an interface. The BFD session parameters are negotiated between the BFD peers in a three-way handshake.
This configuration overrides the global session parameters for the configured interface.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Enable the BFD feature. See the “Enabling the BFD Feature” section.
SUMMARY STEPS
3. bfd interval mintx min_rx msec multiplier value
4. (Optional) bfd authentication keyed-sha1 keyid id key ascii_key
DETAILED STEPS
Configuring BFD on a Port Channel
You can configure the BFD session parameters for all BFD sessions on a port channel. If per-link mode is used for Layer 3 port channels, BFD creates a session for each link in the port channel and provides an aggregate result to client protocols. For example, if the BFD session for one link on a port channel is up, BFD informs client protocols, such as OSPF, that the port channel is up. The BFD session parameters are negotiated between the BFD peers in a three-way handshake.
This configuration overrides the global session parameters for the configured port channel. The member ports of the port channel inherit the port channel BFD session parameters, unless you configure subinterface-level BFD parameters on a member port. In that case, the member port subinterface uses the subinterface BFD configuration if subinterface optimization is not enabled. See the “Optimizing BFD on Subinterfaces” section for more information.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Ensure that you enable LACP on the port channel before you enable BFD.
Enable the BFD feature. See the “Enabling the BFD Feature” section.
SUMMARY STEPS
2. interface port-channel number
4. (Optional) bfd interval mintx min_rx msec multiplier value
5. (Optional) bfd authentication keyed-sha1 keyid id key ascii_key
DETAILED STEPS
Configuring BFD Echo Function
You can configure the BFD echo function on one or both ends of a BFD-monitored link. The echo function slows down the required minimum receive interval, based on the configured slow timer. The RequiredMinEchoRx BFD session parameter is set to zero if the echo function is disabled. The slow timer becomes the required minimum receive interval if the echo function is enabled.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Enable the BFD feature. See the “Enabling the BFD Feature” section.
Configure the BFD session parameters. See the “Configuring Global BFD Parameters” section or the “Configuring BFD on an Interface” section.
Ensure that Internet Control Message Protocol (ICMP) redirect messages are disabled on BFD-enabled interfaces. Use the no ip redirects command on the interface.
Ensure that the IP packet verification check for identical IP source and destination addresses is disabled. Use the no hardware ip verify address identical command in the default VDC. See the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x , for more information on this command.
DETAILED STEPS
Optimizing BFD on Subinterfaces
You can optimize BFD on subinterfaces. BFD creates sessions for all configured subinterfaces. BFD sets the subinterface with the lowest configured VLAN ID as the master subinterface and that subinterface uses the BFD session parameters of the parent interface. The remaining subinterfaces use the slow timer. If the optimized subinterface session detects an error, BFD marks all subinterfaces on that physical interface as down.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Enable the BFD feature. See the “Enabling the BFD Feature” section.
Configure the BFD session parameters. See the “Configuring Global BFD Parameters” section or the “Configuring BFD on an Interface” section.
Ensure that these subinterfaces connect to another Cisco NX-OS device. This feature is supported on Cisco NX-OS only.
DETAILED STEPS
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Enable the BFD feature. See the “Enabling the BFD Feature” section.
Configure the BFD session parameters. See the “Configuring Global BFD Parameters” section or the “Configuring BFD on an Interface” section.
Enable the BGP feature. See the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x , for more information.
SUMMARY STEPS
3. neighbor { ip-address | ipv6-address } remote-as as-number
DETAILED STEPS
Configuring BFD on EIGRP
You can configure BFD for the Enhanced Interior Gateway Routing Protocol (EIGRP).
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Enable the BFD feature. See the “Enabling the BFD Feature” section.
Configure the BFD session parameters. See the “Configuring Global BFD Parameters” section or the “Configuring BFD on an Interface” section.
Enable the EIGRP feature. See the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x , for more information.
SUMMARY STEPS
5. (Optional) ip eigrp instance-tag bfd
6. (Optional) show ip eigrp [ vrf vrf-name ] [ interfaces if ]
DETAILED STEPS
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Enable the BFD feature. See the “Enabling the BFD Feature” section.
Configure the BFD session parameters. See the “Configuring Global BFD Parameters” section or the “Configuring BFD on an Interface” section.
Enable the OSPF feature. See the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x , for more information.
DETAILED STEPS
Configuring BFD on IS-IS
You can configure BFD for the Intermediate System-to-Intermediate System (IS-IS) protocol.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Enable the BFD feature. See the “Enabling the BFD Feature” section.
Configure the BFD session parameters. See the “Configuring Global BFD Parameters” section or the “Configuring BFD on an Interface” section.
Enable the IS-IS feature. See the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x , for more information.
DETAILED STEPS
Configuring BFD on HSRP
You can configure BFD for the Hot Standby Router Protocol (HSRP). The active and standby HSRP routers track each other through BFD. If BFD on the standby HSRP router detects that the active HSRP router is down, the standby HSRP router treats this event as an active time rexpiry and takes over as the active HSRP router.
The show hsrp detail will show this event as BFD@Act-down or BFD@Sby-down.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Enable the BFD feature. See the “Enabling the BFD Feature” section.
Configure the BFD session parameters. See the “Configuring Global BFD Parameters” section or the “Configuring BFD on an Interface” section.
Enable the HSRP feature. See the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x , for more information.
DETAILED STEPS
Configuring BFD on VRRP
You can configure BFD for the Virtual Router Redundancy Protocol (VRRP). The active and standby VRRP routers track each other through BFD. If BFD on the standby VRRP router detects that the active VRRP router is down, the standby VRRP router treats this event as an active time rexpiry and takes over as the active VRRP router.
The show vrrp detail will show this event as BFD@Act-down or BFD@Sby-down.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Enable the BFD feature. See the “Enabling the BFD Feature” section.
Configure the BFD session parameters. See the “Configuring Global BFD Parameters” section or the “Configuring BFD on an Interface” section.
Enable the VRRP feature. See the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x , for more information.
DETAILED STEPS
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Enable the BFD feature. See the “Enabling the BFD Feature” section.
Enable the PIM feature. See the Cisco Nexus 7000 Series NX-OS Multicast Routing Configuration Guide, Release 5.x , for more information.
DETAILED STEPS
Configuring BFD on Static Routes
You can configure BFD for static routes on an interface. You can optionally configure BFD on a static route within a virtual routing and forwarding (VRF) instance.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
Enable the BFD feature. See the “Enabling the BFD Feature” section.
SUMMARY STEPS
2. (Optional) vrf context vrf-name
3. ip route route interface if { nh-address | nh-prefix }
4. ip route static bfd interface { nh-address | nh-prefix }
DETAILED STEPS
Configuring BFD on MPLS TE Fast Reroute
MPLS Traffic Engineering (TE) uses BFD accelerate the detection of node failures and to provide fast forwarding path failure detection times. BFD for MPLS TE fast reroute is configured automatically when you enable the fast reroute on a tunnel. “See the Configuring MPLS TE Fast Reroute Link and Node Protection” chapter in the Cisco Nexus 7000 Series NX-OS Multiprotocol Label Switching Configuration Guide, Release 5.x for more information.
Disabling BFD on an Interface
You can selectively disable BFD on an interface for a routing protocol that has BFD enabled at the global or VRF level.
To disable BFD on an interface, use one of the following commands in interface configuration mode:
Verifying the BFD Configuration
To display BFD configuration information, perform one of the following tasks:
For detailed information about the fields in the output from these commands, see the Cisco Nexus 7000 Series NX-OS Interfaces Command Reference, Release 5.x .
Monitoring BFD
Use the following commands to display BFD:
For detailed information about the fields in the output from these commands, see the Cisco Nexus 7000 Series NX-OS Interfaces Command Reference, Release 5.x .
Configuration Examples for BFD
The following example shows how to configure BFD for OSPFv2 on Ethernet 2/1, using the default BFD session parameters:
The following example shows how to configure BFD for all EIGRP interfaces, using the default BFD session parameters:
Additional References
For additional information related to implementing BFD, see the following sections:
Feature History for BFD
Table 5-2 lists the release history for this feature.
Feedback