Example: BFD Support on DMVPN
The following is an example of configuring BFD support on DMVPN on hub.
bfd-template single-hop sample
interval min-tx 1000 min-rx 1000 multiplier 5
!
interface Tunnel0
ip address 10.0.0.1 255.255.255.0
no ip redirects
ip nhrp authentication cisco123
ip nhrp network-id 5
ip nhrp redirect
ip mtu 1400
ip tcp adjust-mss 1360
bfd template sample
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 6
!
interface GigabitEthernet0/0/0
ip address 10.0.0.1 255.0.0.0
negotiation auto
!
router eigrp 2
network 10.0.0.0 0.0.0.255
bfd all-interfaces
auto-summary
!
The following is an example of configuring BFD support on DMVPN on spoke.
bfd-template single-hop sample
interval min-tx 1000 min-rx 1000 multiplier 5
!
interface Tunnel1
ip address 10.0.0.10 255.255.255.0
no ip redirects
ip nhrp authentication cisco123
ip nhrp network-id 5
ip nhrp nhs 10.0.0.1 nbma 10.0.0.10 multicast
bfd template sample
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 6
!
interface GigabitEthernet0/0/0
mtu 4000
ip address 11.0.0.1 255.0.0.0
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0/1
mtu 6000
ip address 111.0.0.1 255.255.255.0
negotiation auto
!
router eigrp 2
network 11.0.0.0 0.0.0.255
network 111.0.0.0 0.0.0.255
network 10.0.0.0 0.0.0.255
bfd all-interfaces
auto-summary
!
ip route 0.0.0.0 0.0.0.0 10.0.0.2
The following example outlines how to delete the tunnel entry details when BFD support is down by addition of ip nhrp bfd
command. By default, the tunnel entry is not immediately deleted and is deleted after expiry of the entry.
!
interface Tunnel0
ip address 10.0.1.100 255.255.255.0
no ip redirects
ip nhrp authentication testing
ip nhrp summary-map 192.168.0.0/16 72.68.100.2
ip nhrp summary-map 77.77.0.0/16 72.68.100.2
ip nhrp network-id 100
ip nhrp bfd delete
ip nhrp redirect
bfd interval 1000 min_rx 1000 multiplier 5
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile default
!
Note
|
In this configuration, the tunnel entry is immediately deleted upon receiving a BFD down event. Without this configuration,
the cache entry pertaining to the tunnel address of the peer is not deleted and performs its default behaviour.
|
The following is an example to illustrate faster convergence on spoke.
interface Tunnel1
ip address 18.0.0.10 255.255.255.0
no ip redirects
ip nhrp authentication cisco123
ip nhrp network-id 12
ip nhrp nhs 10.0.0.1 nbma 10.0.0.10 multicast
bfd template sample
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 18
tunnel protection ipsec profile MY_PROFILE
!
bfd-template single-hop sample
interval min-tx 1000 min-rx 1000 multiplier 3
echo
!
router eigrp 2
bfd interface Tunnel1 ------------------------> Specify the interface on which the routing protocol must act for BFD up/down events
network 11.0.0.0 0.0.0.255
network 111.0.0.0 0.0.0.255
With the above configuration, as soon as BFD is reported down (3 seconds to detect), EIGRP will remove the routes installed
from RIB.
The following sample output shows a summary output on hub:
device#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel1, IPv4 NHRP Details
Type:Hub, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 172.17.0.1 10.0.0.1 UP 00:00:14 D
1 172.17.0.2 10.0.0.2 BFD 00:00:03 D
BFD is a new state which implies that while the session is UP as seen by lower layers (IKE, IPSec and NHRP), BFD sees the
session as DOWN. As usual, the state is an indication of the lower most layer where the session is not UP. Also, this applies
only to the parent cache entry. This could be because it was detected as DOWN by BFD or BFD is not configured on the other
side.
The following sample output shows a summary output on spoke:
device#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel2, IPv4 NHRP Details
Type:Spoke, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
2 172.17.0.2 10.0.0.2 BFD 00:00:02 DT1
10.0.0.2 UP 00:00:02 DT2
1 172.17.0.11 10.0.0.11 UP 00:05:35 S
The following sample shows output for show ip/ipv6 nhrp command
device#show ip nhrp
10.0.0.2/32 via 10.0.0.2
Tunnel2 created 00:00:15, expire 00:04:54
Type: dynamic, Flags: router nhop rib bfd
NBMA address: 172.17.0.2
10.0.0.11/32 via 10.0.0.11
Tunnel2 created 00:09:04, never expire
Type: static, Flags: used bfd
NBMA address: 172.17.0.11
192.168.1.0/24 via 10.0.0.1
Tunnel2 created 00:00:05, expire 00:04:54
Type: dynamic, Flags: router unique local
NBMA address: 172.17.0.1
(no-socket)
192.168.2.0/24 via 10.0.0.2
Tunnel2 created 00:00:05, expire 00:04:54
Type: dynamic, Flags: router rib nho
NBMA address: 172.17.0.2
BFD flag here implies that there is a BFD session for this peer. This marking is only for parent entries.
The following sample shows output for show tunnel endpoints command
device#show tunnel endpoints
Tunnel2 running in multi-GRE/IP mode
Endpoint transport 172.17.0.2 Refcount 3 Base 0x2ABF53ED09F0 Create Time 00:00:07
overlay 10.0.0.2 Refcount 2 Parent 0x2ABF53ED09F0 Create Time 00:00:07
Tunnel Subblocks:
tunnel-nhrp-sb:
NHRP subblock has 2 entries; BFD(0x2):U
Endpoint transport 172.17.0.11 Refcount 3 Base 0x2ABF53ED0B80 Create Time 00:09:07
overlay 10.0.0.11 Refcount 2 Parent 0x2ABF53ED0B80 Create Time 00:09:07
Tunnel Subblocks:
tunnel-nhrp-sb:
NHRP subblock has 1 entries; BFD(0x1):U
For every tunnel endpoint, a new text "BFD(handle):state" is added. State here is UP(U), DOWN(D), NONE(N) or INVALID(I).
The following sample shows output for show nhrp interfaces command. This shows the configuration (and not operational) states on the interface or globally.
device#show nhrp interfaces
NHRP Config State
-----------------
Global:
BFD: Registered
Tunnel1:
BFD: Disabled
Tunnel2:
BFD: Enabled
This is an internal and hidden command. This will currently display if NHRP is client of BFD and if BFD is enabled on the
NHRP interface.