[j-nsp] BFD between Cisco - Juniper when FRR is enabled does not torn down primary tunnel

David Ball davidtball at gmail.com
Fri Apr 3 16:53:49 EDT 2009 

  How long does it take for your FRR to kick in?  Is your logical or
physical link actually down (you mention both below) ?  I imagine if
you want BFD-speed failover, you may want to look at 9.4, which
apparently supports BFD for LDP and RSVP sessions.

David



On 03/04/2009, Robert Kern <cj11st at gmail.com> wrote:
> Hi all,
>
> we have run into a problem with BFD between Cisco and Juniper box when
> MPLS-FRR is configured.
>
> ISIS is used as IGP protocol and one hop MPLS-TE tunnels are configured with
> link protection. BFD is configured on both sides (under IS-IS protocol).
> After primary logical link is dropped between Cisco-Juniper (simulating DWDM
> system), BFD session and isis adj are torn down on both sides. The problem
> is that Juniper does not signal to MPLS-TE FRR that physical interface is
> logicaly down and FRR should be used. Instead it keeps  primary tunnel up
> showing faulty interface as outgoing. The result is that traffic is
> blackholed. On the other side Cisco re-routes traffic corectly.
>
> Am I missing some configuration or this is a known issue?
>
> Config on both sides (FRR without BFD works fine):
>
> ge-1/3/0
>         description Link_to_Cisco;
>         mtu 9110;
>         hold-time up 0 down 0;
>         unit 0
>             family inet
>                 address 10.100.111.50/30;
>
>             family iso;
>             family inet6
>                 address 2A00:EE00:0:12:10:100:111:50/64;
>
>             family mpls;
>
> protocols
>     rsvp
>         interface ge-1/3/0.0
>             authentication-key
> "$9$9cAaCORSrvxNd9AIclKx7jHqmfzAtO1IcApclMXbwHqm"; ## SECRET-DATA
>             bandwidth 850m;
>             link-protection
>                 path
>                     10.100.111.66 strict;
>                     10.100.111.53 strict;
> mpls
>         traffic-engineering mpls-forwarding;
>         explicit-null;
>         ipv6-tunneling;
>         standby;
>         label-switched-path Protect-ge020
>             to 10.100.100.5;
>             ldp-tunneling;
>             link-protection;
>             primary path1;
>
>         path path1
>             10.100.111.49 strict;
>         interface ge-1/3/0.0;
>
>
> isis
>
>         lsp-lifetime 65000;
>         spf-options
>             delay 50;
>             holddown 2000;
>
>         topologies ipv6-unicast;
>         overload timeout 600;
>         traffic-engineering
>             family inet
>                 shortcuts;
>
>             family inet6
>                 shortcuts;
>
>
>         level 1 disable;
>         level 2
>             authentication-key "$9$L04XVYoJD.P5bsfz3/0OxNd"; ## SECRET-DATA
>             authentication-type md5;
>             wide-metrics-only;
>
>
>
>         interface ge-1/3/0.0
>             point-to-point;
>             bfd-liveness-detection
>                 version automatic;
>                 minimum-interval 300;
>                 minimum-receive-interval 300;
>                 multiplier 3;
>
> On Cisco side I have under interface:
>
> bfd interval 300 min_rx 300 multiplier 3
>
> and under router isis:
>
> bfd all-interfaces
>
>
> Regards,
>
> Robert
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list