Fix flapping BFD link over ospfv3

Home » Blog » Routing » ipv6 » ipv6 design » Fix flapping BFD link over ospfv3

Fix flapping BFD link over ospfv3

22.12 2022 | by massimiliano

Fix flapping BFD link over ospfv3   Problema: Continui flapping link ogni 4 ore tra due router cisco   Sintomi: […]



Fix flapping BFD link over ospfv3

 

Problema: Continui flapping link ogni 4 ore tra due router cisco

 

Sintomi: nessun problema occorso in ipv4 mentre in ipv6 le sessioni ripetevano un up/down della sessione BFD

 

Logging:

 

R1

130197: Dec  2 2022 12:00:29.787 UTC: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:5856 handle:94,is going Down Reason: DETECT TIMER EXPIRED

130198: Dec  2 2022 12:00:29.788 UTC: %BFD-6-BFD_SESS_DESTROYED: BFD-SYSLOG: bfd_session_destroyed,  ld:5856 neigh proc:OSPFv3, handle:94 act

130200: Dec  2 2022 12:00:30.551 UTC: %OSPFv3-5-ADJCHG: Process 777, IPv6, VRF Consultants, Nbr 10.92.6.14 on Port-channel14.1776 from FULL to DOWN, Neighbor Down: BFD node down

130202: Dec  2 2022 12:00:32.106 UTC: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:5857 handle:95 is going UP

130203: Dec  2 2022 12:00:36.934 UTC: %OSPFv3-5-ADJCHG: Process 777, IPv6, VRF Consultants, Nbr 10.92.6.14 on Port-channel14.1776 from LOADING to FULL, Loading Done

130204: Dec  2 2022 12:00:36.934 UTC: %BFD-6-BFD_SESS_CREATED: BFD-SYSLOG: bfd_session_created, neigh FE80::7261:7BFF:FE83:F29F proc:OSPFv3, idb:Port-channel14.1776 handle:94 act

130206: Dec  2 2022 12:00:41.261 UTC: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:5862 handle:95 is going UP

 

R2

130197: Dec  2 2022 12:00:29.787 UTC: %BFDFSM-6-BFD_SESS_DOWN: BFD-SYSLOG: BFD session ld:5856 handle:94,is going Down Reason: DETECT TIMER EXPIRED

130198: Dec  2 2022 12:00:29.788 UTC: %BFD-6-BFD_SESS_DESTROYED: BFD-SYSLOG: bfd_session_destroyed,  ld:5856 neigh proc:OSPFv3, handle:94 act

130200: Dec  2 2022 12:00:30.551 UTC: %OSPFv3-5-ADJCHG: Process 777, IPv6, VRF Consultants, Nbr 10.92.6.14 on Port-channel14.1776 from FULL to DOWN, Neighbor Down: BFD node down

130202: Dec  2 2022 12:00:32.106 UTC: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:5857 handle:95 is going UP

130203: Dec  2 2022 12:00:36.934 UTC: %OSPFv3-5-ADJCHG: Process 777, IPv6, VRF Consultants, Nbr 10.92.6.14 on Port-channel14.1776 from LOADING to FULL, Loading Done

130204: Dec  2 2022 12:00:36.934 UTC: %BFD-6-BFD_SESS_CREATED: BFD-SYSLOG: bfd_session_created, neigh FE80::7261:7BFF:FE83:F29F proc:OSPFv3, idb:Port-channel14.1776 handle:94 act

130206: Dec  2 2022 12:00:41.261 UTC: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:5862 handle:95 is going UP

 

 

Configurazione interfaccia con continui ipv6 flap link bfd

 

interface Port-channel14.1776
encapsulation dot1Q 1776
vrf forwarding Consultants
ip address < ipv4 address mask >
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 11595D1511242D3A
ip ospf network point-to-point
ip ospf 777 area 0.0.0.0
ipv6 address < ipv6 address mask >
ipv6 enable
ipv6 nd ra suppress
no ipv6 redirects
no ipv6 unreachables
ospfv3 777 ipv6 area 0.0.0.0
ospfv3 777 ipv6 network point-to-point
bfd interval 250 min_rx 250 multiplier 3
end

  

 

Configurazione interfaccia con assenza di ipv6 flap link bfd (risoluzione)

 

interface Port-channel14.1776
encapsulation dot1Q 1776
vrf forwarding Consultants
ip address < ipv4 address mask >
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 11595D1511242D3A
ip ospf network point-to-point
ip ospf 777 area 0.0.0.0
ipv6 address < ipv6 address mask >
ipv6 enable
ipv6 nd na glean
ipv6 nd cache expire 7200 refresh
ipv6 nd nud retry 1 1000 3 1000

ipv6 nd ra suppress
no ipv6 redirects
no ipv6 unreachables
ospfv3 777 bfd
ospfv3 777 ipv6 area 0.0.0.0
ospfv3 777 ipv6 network point-to-point
bfd interval 250 min_rx 250 multiplier 3
end 

 

Nota Cisco:

 

Neighbor discovery (ND) protocol enforces neighbor unreachability detection (NUD), which can detect failing nodes or routers and changes, to link-layer addresses.

NUD is used to maintain reachability information for all paths between hosts and neighboring nodes, including host-to-host, host-to-router, and router-to-host communication.

The neighbor cache maintains mapping information about the IPv6 link-local or global address to the link-layer address.

The neighbor cache also maintains the neighbor’s reachability state, which is updated using NUD. Neighbors can be in one of the following five possible states:

 

  • DELAY— Neighbor is pending re-resolution, and traffic might flow to this neighbor.
  • INCOMPLETE— Address resolution is in progress, and the link-layer address is not yet known.
  • PROBE— Neighbor re-resolution is in progress, and traffic might flow to this neighbor.
  • REACHABLE— Neighbor is known to be reachable within the last reachable time interval.
  • STALE— Neighbor requires re-resolution, and traffic may flow to this neighbor.

Use the ipv6 nd na glean command to configure ND to glean an entry from an unsolicited neighbor advertisement (NA).

Use the ipv6 nd nud retry command to configure ND to maintain an ND cache entry for a neighbor during network disruption.

Use the ipv6 nd cache expire refresh command to configure the neighbor to maintain an ND cache entry, when no traffic is sent to the neighbor.

ITEM Purpose
     
1 ipv6 nd nud retry base interval max-attempts [final-wait-time]

Example:

Device(config-if)# ipv6 nd nud retry 1 1000 3 1000

Configures the number of times neighbor unreachability detection (NUD) resends neighbor solicitations (NS) before the final wait time on the last probe and the interval between NS during NUD.

When a device runs NUD to resolve the ND entry for a neighbor, it sends three NS packets 1 second apart. In certain situations (for example, spanning-tree events, high traffic, the end host being reloaded), three NS packets sent at an interval of 1 second may not be sufficient. To help maintain the neighbor cache in such situations, use the ipv6 nd nud retry command to configure exponential timers for NS retransmits.

The retransmit probe time is calculated by tm^n (where, t = interval, m = base, and n = current attempt). Therefore, ipv6 nd nud retry 3 1000 5 command will produce retransmit intervals of 1,3,9,27,81 seconds. If the final-wait-time is not configured, the entry remains for 243 seconds before it is deleted.

  • The range for base is from 1 to 3.
  • The range for interval is from 1000 to 32000 milliseconds.
  • The range for max-attempts is from 1 to 128.
  • The range for final-wait-time is from 1000 to 32000 milliseconds.

2 ipv6 nd cache expire expire-time-in-seconds [refresh]

Example:

Device(config-if)# ipv6 nd cache expire 7200

Configures the length of time before an IPv6 neighbor discovery cache entry expires. The range is from 1 to 65536 seconds.

By default, an ND cache entry is expired and deleted if it remains in the STALE state for 14,400 seconds, or 4 hours. The ipv6 nd cache expire command allows the user to vary the expiry time and to trigger autorefresh of an expired entry before the entry is deleted.

When the refresh keyword is used, an ND cache entry is autorefreshed. The entry moves into the DELAY state and the NUD process occurs, in which the entry transitions from the DELAY state to the PROBE state after 5 seconds. When the entry reaches the PROBE state, a neighbor solicitation (NS) is sent and then retransmitted as per the configuration.

When you configure the expiry duration, the device will probe the neighbor on entry expiration, that is, the neighbor discovery enters into the probe state and sends a neighbor solicitation to the neighbor. If the neighbor responds, the ND cache entry reverts to the reachable state. If the neighbor does not respond, the cache entry is deleted.

This maintains an entry in the ND cache until the neighbor exists and is reachable, even if no traffic is sent to the neighbor.

3 ipv6 nd na glean

Example:

Device(config-if)# ipv6 nd na glean

Configures ND to glean an entry from an unsolicited neighbor advertisement (NA).

The IPv6 ND ignores an unsolicited NA packet if it does not have a cache entry for the neighbor that is sending the NA. If the ND is configured on an interface to glean an entry from an unsolicited NA, the neighbor discovery protocol creates neighbor discovery cache entries based on unsolicited NA packets sent from the previously unknown neighbors on that interface. This allows the device to populate its ND cache with an entry for a neighbor in advance of any data traffic exchange with the neighbor.

     
Torna in alto