[j-nsp] BFD between Cisco - Juniper when FRR is enabled does not torn down primary tunnel

Robert Kern cj11st at gmail.com
Fri Apr 3 15:02:44 EDT 2009 

Hi all,

we have run into a problem with BFD between Cisco and Juniper box when
MPLS-FRR is configured.

ISIS is used as IGP protocol and one hop MPLS-TE tunnels are configured with
link protection. BFD is configured on both sides (under IS-IS protocol).
After primary logical link is dropped between Cisco-Juniper (simulating DWDM
system), BFD session and isis adj are torn down on both sides. The problem
is that Juniper does not signal to MPLS-TE FRR that physical interface is
logicaly down and FRR should be used. Instead it keeps  primary tunnel up
showing faulty interface as outgoing. The result is that traffic is
blackholed. On the other side Cisco re-routes traffic corectly.

Am I missing some configuration or this is a known issue?

Config on both sides (FRR without BFD works fine):

ge-1/3/0
        description Link_to_Cisco;
        mtu 9110;
        hold-time up 0 down 0;
        unit 0
            family inet
                address 10.100.111.50/30;

            family iso;
            family inet6
                address 2A00:EE00:0:12:10:100:111:50/64;

            family mpls;

protocols
    rsvp
        interface ge-1/3/0.0
            authentication-key
"$9$9cAaCORSrvxNd9AIclKx7jHqmfzAtO1IcApclMXbwHqm"; ## SECRET-DATA
            bandwidth 850m;
            link-protection
                path
                    10.100.111.66 strict;
                    10.100.111.53 strict;
mpls
        traffic-engineering mpls-forwarding;
        explicit-null;
        ipv6-tunneling;
        standby;
        label-switched-path Protect-ge020
            to 10.100.100.5;
            ldp-tunneling;
            link-protection;
            primary path1;

        path path1
            10.100.111.49 strict;
        interface ge-1/3/0.0;


isis

        lsp-lifetime 65000;
        spf-options
            delay 50;
            holddown 2000;

        topologies ipv6-unicast;
        overload timeout 600;
        traffic-engineering
            family inet
                shortcuts;

            family inet6
                shortcuts;


        level 1 disable;
        level 2
            authentication-key "$9$L04XVYoJD.P5bsfz3/0OxNd"; ## SECRET-DATA
            authentication-type md5;
            wide-metrics-only;



        interface ge-1/3/0.0
            point-to-point;
            bfd-liveness-detection
                version automatic;
                minimum-interval 300;
                minimum-receive-interval 300;
                multiplier 3;

On Cisco side I have under interface:

bfd interval 300 min_rx 300 multiplier 3

and under router isis:

bfd all-interfaces


Regards,

Robert

More information about the juniper-nsp mailing list