Cisco Catalyst SD-WAN BFD

Table 1. Feature History

Feature Name

Release Information

Description
Automatically Suspend Unstable Cisco Catalyst SD-WAN BFD Sessions

Cisco IOS XE Catalyst SD-WAN Release 17.10.1a

Cisco Catalyst SD-WAN Control Components Release 20.10.1

With this feature, you can automatically suspend an unstable Cisco Catalyst SD-WAN Bidirectional Forwarding Detection (BFD) session based on flap-cycle parameters or on Service-Level Agreement (SLA) parameters.

You can also monitor the suspended BFD sessions and manually reset suspended BFD sessions.

With this feature, you can automatically suspend an unstable Cisco Catalyst SD-WAN Bidirectional Forwarding Detection (BFD) session based on flap-cycle parameters or on Service-Level Agreement (SLA) parameters.

Information About Cisco Catalyst SD-WAN BFD

Within Cisco Catalyst SD-WAN, there are the following types of BFD:

  • Cisco Catalyst SD-WAN BFD

    This type of BFD detects failures in the overlay tunnel and has the following characteristics:

    • Is enabled by default and cannot be disabled

    • Is typically enabled for the Cisco Catalyst SD-WAN Overlay Management Protocol (OMP)

    • Besides link failures, Cisco Catalyst SD-WAN BFD also measures latency, loss, jitter, and other link statistics used by application-aware routing

      For more information on Cisco Catalyst SD-WAN BFD for measuring latency, loss, and jitter used by application-aware routing, see Application-Aware Routing.

  • BFD Support for Routing Protocols in Cisco Catalyst SD-WAN

    This type of BFD supports BGP, OSFP, and EIGRP routing protocols in Cisco Catalyst SD-WAN.

    For more information on BFD for routing protocols, see BFD for Routing Protocols in Cisco Catalyst SD-WAN.

Information About Automatically Suspending BFD Sessions

Minimum supported releases: Cisco IOS XE Catalyst SD-WAN Release 17.10.1a and Cisco Catalyst SD-WAN Control Components Release 20.10.1

BFD sessions may experience flapping, meaning that the BFD session enters a down state and then returns to an up state. This can occur when one device that is part of the BFD session becomes unavailable and then returns to being available. When a BFD session flaps, applications running on that tunnel are disrupted. The unstable BFD session can be brought up, but due to the unstable connection, the BFD session can quickly become disrupted again. With this feature, you avoid the impact of application traffic getting steered unnecessarily from one overlay path to another path because of an unstable BFD session.

To avoid the cycle of BFD session flaps, Cisco Catalyst SD-WAN provides an automatic suspension mechanism for suspending BFD sessions based on the following parameters:

  • Flap cycle

    A flap cycle is defined only as the following:

    • BFD session is in the up state

    • BFD session is in the down state

    • BFD session is coming back up

  • SLA threshold

    An SLA threshold is the threshold by which the BFD session is added to the suspended list. An SLA threshold is a threshold value for a traffic metric, such as loss, latency, or jitter. If one of these metrics indicates that traffic performance has degraded to a point defined by a threshold, the BFD session state changes to suspended. These thresholds reflect the level of traffic performance specified in the SLA.


    Note

    An SLA threshold is an optional configuration. If you configure a SLA threshold, configure higher metrics for loss, latency, and jitter, so the SLA threshold does not conflict with the SLA parameters as defined in the SLA classes. For more information on SLA classes, see the Cisco Catalyst SD-WAN Policies Configuration Guide.

Benefits of Automatically Suspending BFD Sessions

  • Supports manual removal of the affected circuit or tunnel interface from the BFD suspended list.

  • Provides monitoring of a suspended tunnel.

How Automatically Suspending BFD Sessions Works

Minimum supported releases: Cisco IOS XE Catalyst SD-WAN Release 17.10.1a and Cisco Catalyst SD-WAN Control Components Release 20.10.1

Configure the following BFD session parameters using a Cisco SD-WAN Manager device CLI template or a CLI add-on template:

Table 2. BFD Session Flap Cycle and SLA Parameters

Field

Description

enable-lr

Enable last resort upon BFD suspension.

For more information on enabling a last resort on a tunnel interface, see last-resort-circuit.

duration

Duration of time for which the BFD session remains in the suspended state.

flapping-window

Time frame or window to detect the BFD session flap.

flap-count

Number of BFD session flaps after which the BFD session is suspended.

The recommended flap-count is 3.

thresholds

SLA threshold triggering a BFD session to be suspended.

BFD Session Suspension Workflow

If a BFD session exceeds the flap-count value within the configured flapping-window interval, then the BFD session must remain suspended until the configured duration interval.

For a BFD session in the suspended state, the following occurs:

  1. If a session reflaps or exceeds the threshold parameters defined, the session is moved back to suspended state and the duration is reset again.

  2. If the session does not flap and is within the threshold range, the session is automatically removed out of the suspended state after the duration interval expires.

  3. You can also manually remove suspended BFD sessions by using the request platform software sdwan auto-suspend reset command. For more information, see the Cisco IOS XE SD-WAN Qualified Command Reference Guide.

Regular SLA measurement and echo response or path maximum transmission unit (PMTU) control traffic only is sent across the suspended BFD session.


Note
Data traffic is not sent across the overlay network when a BFD session is in the suspended state.

Note

This feature does not manipulate the state of the BFD session.

Note

As the BFD suspension feature is for forward data traffic, you should enable BFD suspension on the remote-end node to block the reverse data traffic to avoid dropping data traffic.

Restrictions for Automatically Suspending BFD Sessions

Minimum supported releases: Cisco IOS XE Catalyst SD-WAN Release 17.10.1a and Cisco Catalyst SD-WAN Control Components Release 20.10.1

  • For a Cisco IOS XE Catalyst SD-WAN device with a single TLOC, automatic suspension of a BFD session may cause BFD sessions to be dropped.

  • The last-resort circuit may not work for a single site unless all BFD sessions are down for a tunnel interface. The last-resort circuit is enabled only if all BFD sessions on the non last-resort circuit are suspended or down.

  • Cisco SD-WAN Manager feature templates do not support configuration of automatic suspension of BFD sessions.

    Support is provided only for configuring BFD automatic suspension using a device CLI or a CLI add-on template.

  • If duplicated traffic is sent on a different BFD session, the duplicated traffic may get routed through a BFD suspended session.

Configure Automatic Suspension of BFD Sessions Using a CLI Template

Minimum supported releases: Cisco IOS XE Catalyst SD-WAN Release 17.10.1a and Cisco Catalyst SD-WAN Control Components Release 20.10.1

For more information about using CLI templates, see CLI Add-On Feature Templates and CLI Templates.


Note

By default, CLI templates execute commands in global config mode.

  1. Enable BFD automatic suspension with or without last resort.

    auto-suspend
    enable-lr
    auto-suspend
    no enable-lr

    Note

    Before enabling last resort for the BFD automatic suspension feature, you must enable the last-resort circuit on a tunnel interface.

    For more information on last resort, see last-resort-circuit.

  2. Configure the following flap parameters:

    duration sec
    flapping-window sec
    flap-count flap-count

    Note

    When using SLA-based BFD automatic suspension, duration should be more than the number of the bfd multiplier x the bfd poll interval . We recommend that you configure BFD automatic suspension duration to be more than 30 minutes.

  3. (Optional) Configure SLA parameters.

    thresholds
   color
    all
     jitter  jitter-value
     latency latency-value
     loss    loss-value
    !

    Prior to enabling SLA thresholds, configure BFD session flapping parameters and duration.

Here is a complete configuration example for configuring BFD automatic suspension with last resort enabled.
auto-suspend
  enable-lr
  duration        3600
  flapping-window 300
  flap-count      1
  thresholds
   color
    all
     latency 10
     loss    10
     jitter  10

Note
If you enable color all and a specific color , the specific color takes precedence over the color all parameter. For more information on BFD colors, see bfd color.

Verify Automatic Suspension of BFD Sessions

Minimum supported releases: Cisco IOS XE Catalyst SD-WAN Release 17.10.1a and Cisco Catalyst SD-WAN Control Components Release 20.10.1

The following sample output from the show sdwan bfd sessions suspend command displays the total suspend count, indicating the number of times that the BFD session has been suspended: 

Device# show sdwan bfd sessions suspend
                          SOURCE TLOC   REMOTE TLOC                    DST PUBLIC       DST PUBLIC         RE-SUSPEND  SUSPEND       TOTAL     SUSPEND
SYSTEM IP        STATE    COLOR         COLOR           SOURCE IP      IP               PORT        ENCAP  COUNT       TIME LEFT     COUNT     DURATION
---------------------------------------------------------------------------------------------------------------------------------------------------------
172.16.255.14    up       lte           lte             10.1.15.15     10.1.14.14       12426       ipsec   0          0:00:19:52    18        0:00:00:07

The following columns are added for analyzing BFD session suspension metrics: RE-SUSPEND COUNT, SUSPEND TIME LEFT, TOTAL COUNT, and SUSPEND DURATION.

The following sample output from the show sdwan bfd sessions alt command displays if a suspended flag has been added to a BFD session and other BFD session metrics: 

Device# show sdwan bfd sessions alt
*Sus = Suspend
*NA  = Flag Not Set
                                       SOURCE TLOC    REMOTE TLOC                  DST PUBLIC      DST PUBLIC
SYSTEM IP        SITE ID   STATE       COLOR          COLOR          SOURCE IP     IP              PORT        ENCAP  BFD-LD    FLAGS    UPTIME
-----------------------------------------------------------------------------------------------------------------------------------------------------
172.16.255.14    400       up          3g              lte           10.0.20.15    10.1.14.14      12426       ipsec  20004     NA       0:19:30:40
172.16.255.14    400       up          lte             lte           10.1.15.15    10.1.14.14      12426       ipsec  20003     Sus      0:00:02:46
172.16.255.16    600       up          3g              lte           10.0.20.15    10.0.106.1      12366       ipsec  20002     NA       0:19:30:40
172.16.255.16    600       up          lte             lte           10.1.15.15    10.0.106.1      12366       ipsec  20001     NA       0:19:20:14

The following columns are added for BFD suspension: BFD-LD and FLAGS.

Local discriminator (LD) is a unique identifier for all BFD sessions. The value for LD must be a nonzero value. LD is an internal value that Cisco Technical Assistance Center (TAC) uses for troubleshooting BFD sessions.

A BFD session flag, Sus, is added for identifying BFD sessions that are suspended.

The following sample output displays the BFD sessions for which the Sus flag is added to the BFD session: 

Device# show sdwan bfd history
                                                   DST PUBLIC       DST PUBLIC                                RX      TX
SYSTEM IP        SITE ID     COLOR     STATE       IP               PORT        ENCAP  TIME                   PKTS    PKTS    DEL   FLAGS
------------------------------------------------------------------------------------------------------------------------------------------
172.16.255.16    600         lte       up          10.0.106.1       12366       ipsec  06/03/22 02:51:06      0       0       0     [ ]
172.16.255.16    600         lte       up          10.0.106.1       12366       ipsec  06/03/22 02:52:04      153     154     0     [Sus]
172.16.255.16    600         lte       down        10.0.106.1       12366       ipsec  06/03/22 03:00:50      1085    1085    0     [Sus]

The following sample output displays a BFD session summary, including which BFD sessions are up, down, flapped, or that have been suspended: 

Device# show sdwan bfd summary
sessions-total           4
sessions-up              4
sessions-max             4
sessions-flap            4
poll-interval            60000
sessions-up-suspended    1
sessions-down-suspended  0

The following fields are added for BFD session suspension: sessions-flap, sessions-up-suspended, and sessions-down-suspended.