[c-nsp] OSPF flapping ME3400
James Bensley
jwbensley at gmail.com
Fri Dec 11 06:20:17 EST 2015
On 7 December 2015 at 19:28, Lee Starnes <lee.t.starnes at gmail.com> wrote:
> Any pointers or config best practices would be greatly appreciated.
>
It seems like you have two issues, the DDoS and the link dampening
(becasue DDoS can occur without causing a link flap and vice verse).
So looking just at the link flaps:
Globally you can configure the following:
"ip routing protocol purge interface"
This will pass link-down events directly to the IGP rather than to RIB
which causes a CEF update which then triggers IGP recalculation and
then RIB and CEF updates again!
At the interface level you can configure (and adjust as needed):
"bfd interval 50 min_rx 50 multiplier 3"
bfd echo / no bfd echo
Configure BFD as your hardware permits (you also need to enable this
for the IGP) so that you can raplidly detect the link as being up/down
(then you can act on that information).
"carrier-delay down 0 up 2000"
If you configure that with BFD, then when the link is detected as down
it will be torn down strait away but in terms of coming up, the link
needs to be up for 2 seconds before the IGP will be informed the link
is "UP" again.
"dampening"
This will enable interface IP event dampening to protect against rapid
link flaps.
You can also look at tuning your IGP LSA timers so you don't flood out LSA.
Its could be worth looking into QoS too if that suites your scenario,
to ensure BGP/BFD/IGP/LDP updates are prioritised.
I have some notes here, it's not self-explanatory so you might need to
look up some of the commands:
http://null.53bits.co.uk/index.php?page=ospf-ldp-bgp-convergence-tuning
These are actually notes on faster convergences but also stable
convergence is a part of that.
Cheers,
James.
More information about the cisco-nsp
mailing list