Example: BFD
Support on DMVPN
The following is
an example of configuring BFD support on DMVPN on hub.
bfd-template single-hop sample
interval min-tx 1000 min-rx 1000 multiplier 5
!
interface Tunnel0
ip address 10.0.0.1 255.255.255.0
no ip redirects
ip nhrp authentication cisco123
ip nhrp network-id 5
ip nhrp redirect
ip mtu 1400
ip tcp adjust-mss 1360
bfd template sample
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 6
!
interface GigabitEthernet0/0/0
ip address 10.0.0.1 255.0.0.0
negotiation auto
!
router eigrp 2
network 10.0.0.0 0.0.0.255
bfd all-interfaces
auto-summary
!
The following is
an example of configuring BFD support on DMVPN on spoke.
bfd-template single-hop sample
interval min-tx 1000 min-rx 1000 multiplier 5
!
interface Tunnel1
ip address 10.0.0.10 255.255.255.0
no ip redirects
ip nhrp authentication cisco123
ip nhrp network-id 5
ip nhrp nhs 10.0.0.1 nbma 10.0.0.10 multicast
bfd template sample
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 6
!
interface GigabitEthernet0/0/0
mtu 4000
ip address 11.0.0.1 255.0.0.0
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0/1
mtu 6000
ip address 111.0.0.1 255.255.255.0
negotiation auto
!
router eigrp 2
network 11.0.0.0 0.0.0.255
network 111.0.0.0 0.0.0.255
network 10.0.0.0 0.0.0.255
bfd all-interfaces
auto-summary
!
ip route 0.0.0.0 0.0.0.0 10.0.0.2
The following is
an example to illustrate faster convergence on spoke.
interface Tunnel1
ip address 18.0.0.10 255.255.255.0
no ip redirects
ip nhrp authentication cisco123
ip nhrp network-id 12
ip nhrp nhs 10.0.0.1 nbma 10.0.0.10 multicast
bfd template sample
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 18
tunnel protection ipsec profile MY_PROFILE
!
bfd-template single-hop sample
interval min-tx 1000 min-rx 1000 multiplier 3
echo
!
router eigrp 2
bfd interface Tunnel1 ------------------------> Specify the interface on which the routing protocol must act for BFD up/down events
network 11.0.0.0 0.0.0.255
network 111.0.0.0 0.0.0.255
With the above
configuration, as soon as BFD is reported down (3 seconds to detect), EIGRP
will remove the routes installed from RIB.
The following
sample output shows a summary output on hub:
device#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel1, IPv4 NHRP Details
Type:Hub, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 172.17.0.1 10.0.0.1 UP 00:00:14 D
1 172.17.0.2 10.0.0.2 BFD 00:00:03 D
BFD is a new state
which implies that while the session is UP as seen by lower layers (IKE, IPSec
and NHRP), BFD sees the session as DOWN. As usual, the state is an indication
of the lower most layer where the session is not UP. Also, this applies only to
the parent cache entry. This could be because it was detected as DOWN by BFD or
BFD is not configured on the other side.
The following
sample output shows a summary output on spoke:
device#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel2, IPv4 NHRP Details
Type:Spoke, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
2 172.17.0.2 10.0.0.2 BFD 00:00:02 DT1
10.0.0.2 UP 00:00:02 DT2
1 172.17.0.11 10.0.0.11 UP 00:05:35 S
The following
sample shows output for show ip/ipv6 nhrp command
device#show ip nhrp
10.0.0.2/32 via 10.0.0.2
Tunnel2 created 00:00:15, expire 00:04:54
Type: dynamic, Flags: router nhop rib bfd
NBMA address: 172.17.0.2
10.0.0.11/32 via 10.0.0.11
Tunnel2 created 00:09:04, never expire
Type: static, Flags: used bfd
NBMA address: 172.17.0.11
192.168.1.0/24 via 10.0.0.1
Tunnel2 created 00:00:05, expire 00:04:54
Type: dynamic, Flags: router unique local
NBMA address: 172.17.0.1
(no-socket)
192.168.2.0/24 via 10.0.0.2
Tunnel2 created 00:00:05, expire 00:04:54
Type: dynamic, Flags: router rib nho
NBMA address: 172.17.0.2
BFD flag here
implies that there is a BFD session for this peer. This marking is only for
parent entries.
The following
sample shows output for show tunnel endpoints command
device#show tunnel endpoints
Tunnel2 running in multi-GRE/IP mode
Endpoint transport 172.17.0.2 Refcount 3 Base 0x2ABF53ED09F0 Create Time 00:00:07
overlay 10.0.0.2 Refcount 2 Parent 0x2ABF53ED09F0 Create Time 00:00:07
Tunnel Subblocks:
tunnel-nhrp-sb:
NHRP subblock has 2 entries; BFD(0x2):U
Endpoint transport 172.17.0.11 Refcount 3 Base 0x2ABF53ED0B80 Create Time 00:09:07
overlay 10.0.0.11 Refcount 2 Parent 0x2ABF53ED0B80 Create Time 00:09:07
Tunnel Subblocks:
tunnel-nhrp-sb:
NHRP subblock has 1 entries; BFD(0x1):U
For every tunnel
endpoint, a new text "BFD(handle):state" is added. State here is UP(U),
DOWN(D), NONE(N) or INVALID(I).
The following
sample shows output for show nhrp interfaces command. This shows the
configuration (and not operational) states on the interface or globally.
device#show nhrp interfaces
NHRP Config State
-----------------
Global:
BFD: Registered
Tunnel1:
BFD: Disabled
Tunnel2:
BFD: Enabled
This is an
internal and hidden command. This will currently display if NHRP is client of
BFD and if BFD is enabled on the NHRP interface.