BFD协议原理及应用

网络发展需求和现状快速检测相邻系统之间的通信故障，并切换到备份路径是可靠网络的必备功能；采用“慢Hello”机制的控制协议检测时间以秒为单位，无法实现快速检测；控制协议一般只能完成控制层面的检测，无法做到对转发层面的快速检测；一些硬件检测可以快速发现转发故障（如SDH），但并不是所有介质都支持这样的硬件检测。BFD的诞生一种通用的检测邻居间转发路径可用性的协议呼之欲出BFD（BidirectionalForwardingDetection）双向转发检测诞生IETF标准RFC5880专注于故障快速检测，且轻负荷专注于转发平面检测与传输介质和底层协议无关为上层控制协议提供检测服务，自身不作为无发现机制，由上层协议提供邻居信息BFD的诞生BFD协议原理BFD协议典型应用BFD配置问题探讨目录BFD会话的触发BFD会话的触发过程上层协议如OSPF发现邻居OSPF通知BFD与邻居建立会话BFD向邻居建立会话OSPFPeersBFDPeersOSPFinformsBFDtheneighborrelationshipBFD邻居的角色BFD邻居角色Active:可以主动发起会话建立Passive：不可以主动发起会话，被动接受；Howareyou?FineHowareyou?Fine!ActiveActiveActivePassiveBFD会话的建立和拆除——三次握手BFD会话建立和拆除都是三次握手DownDown->InitBFDDownInit->UpABBFDInitBFDUpInit->UpDownUp->DownBFDDownUp->DownBFDDownBFDDownDownDownBFD的操作模式BFD有两种操作模式异步模式（Asynchronous）查询模式（Demand）UpUpI’malive!I’malivetoo!UpUpBFD的辅助功能——EchoBFD的回声功能同样可以实现双向检测需要邻居双方都支持在任何一个方向可选使能仅在UP状态发送EchoHi!BFD会话Down通知BDF会话Down后通知上层协议采取动作OSPFneighborrelationshipisoverBFDdetectsfailure,sessionstatebecomesDOWNBFDinformsOSPF,thepeerisunreachableBFD重要参数定时器min-transmit-interval，BFD控制报文的最小发送时间min-echo-receive-interval，系统接收BFDecho报文的最小时间间隔min-receive-interval，BFD控制报文的最小接收时间间隔detect-multiplier，BFD报文最大失效的个数Echo源地址echo-source-ip，BFDecho报文源IP地址BFD的诞生BFD协议原理BFD应用举例BFD配置问题探讨目录BFD典型应用概述BFD与静态路由联动BFD与动态路由协议联动BFD与MPLS联动BFD与Track联动BFD与Track联动BDF与Track联动实现VRRP快速倒换SmartBitsS95E-1Vlan100:100.1.1.1Vlan10:10.1.1.14/0/234/0/234/0/164/0/16VRRP:100.1.1.254Vlan100:100.1.1.2S95E-2Vlan10:10.1.1.2Port1/1:100.1.1.3Port1/2:10.1.1.3Port1/3:10.1.1.31/0/11/0/2测试步骤和预期结果测试步骤从SMB的Port1向10.1.1.3的地址发包，经过VRRP组转发后，由SMB的Port2或Port3收到；在没有启用BFD检测的情况下，测试VRRP的Master故障造成的中断时间；在启用了BFD检测，并与Track和VRRP联动的情况下，测试VRRP的Master故障造成的中断时间；预期结果没有启用BFD时，中断时间为秒级启用BFD后，中断时间为毫秒级BFD相关配置配置BFDbfdecho-source-ip1.1.1.1interfaceVlan-interface100bfdmin-echo-receive-interval10bfddetect-multiplier3配置Track联动track10bfdechointerfaceVlan-interface100remoteip100.1.1.1localip100.1.1.2配置VRRP联动vrrpvrid1track10switchover测试数据Test1Test2Test3Test4Test5Test6Port1267155316132033019819235476123829522110861Port2836384470042627105931000632461900139Port315151958188042054057141983517469521207032发包速率(p/ms)100100100100100100中断时间(ms)3199.743243.573386.5739.2635.3936.90测试结论测试结论：没有启用BFD时，VRRP的Master故障，VRRP备份组通过协议自己的Hello机制检测故障。中断时间约为3秒。启用BFD时，通过Track与VRRP联动，VRRP的Master故障后，BFD首先发现线路中断，随即通知Track。Track启动Switchover的动作，将原Slave切换成新的Master。中断时间约为30多毫秒；通过使用BFD协议，VRRP备份组对转发路径故障的感应灵敏度大大的提高了，故障造成的中断时间也由秒级达到毫秒级，实现了VRRP的快速倒换。BFD的诞生BFD协议原理BFD应用举例BFD配置问题探讨目录SMBG5/0/1G5/0/1VLAN100G5/0/2Port1Port2G5/0/2S125_1S125_2测试一、拓扑及设备配置关键配置：两个千兆电口聚合,在三层接口上启用OSPFBFD功能；启用ospf功能，把两端的Loopback地址3.3.3.3和4.4.4.4引入到ospf中；OSPFPeerBFDPeerL1：3.3.3.3L1：4.4.4.4测试一、链路聚合/BFD/OSPF状态[125-1-Vlan-interface100]displaylink-aggregationverboseLocal:PortStatusPriorityOper-KeyFlag--------------------------------------------------------------------------------GE5/0/1S327681{ACDEF}GE5/0/2S327681{ACDEF}Remote:ActorPartnerPriorityOper-KeySystemIDFlag--------------------------------------------------------------------------------GE5/0/193276810x8000,0023-893d-1c00{ACDEF}GE5/0/2103276810x8000,0023-893d-1c00{ACDEF}[125-1-Vlan-interface100]displaybfdsessionLD/RDSourceAddrDestAddrStateHoldtimeInterface4/41.1.1.11.1.1.2Up600msVlan100[125-1-Vlan-interface100]disiprouter-tableRoutingTables:PublicDestinations:6Routes:6Destination/MaskProtoPreCostNextHopInterface4.4.4.4/32O_ASE15011.1.1.2Vlan100SMBG5/0/1G5/0/1VLAN100G5/0/2Port1Port2G5/0/2S125_1S125_2测试一、Shutdown其中一个端口

shutdown其中一个端口：[125-2-GigabitEthernet5/0/1]shutdownX测试一、测试结果[125-1-Vlan-interface100]ping-c10004.4.4.4PING4.4.4.4:56databytes,pressCTRL_CtobreakReplyfrom4.4.4.4:bytes=56Sequence=34ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=35ttl=255time=1ms%Sep219:38:11:2692010125-1BFD/4/LOG:Sess[1.1.1.1/1.1.1.2,Vlan100,Ctrl],Sta:UP->DOWN,Diag:5%Sep219:38:11:3812010125-1RM/3/RMLOG:OSPF-NBRCHANGE:Process1,Neighbor1.1.1.2(Vlan-interface100)fromFulltoDown

Requesttimeout%Sep219:38:12:9692010125-1IFNET/4/LINKUPDOWN:GigabitEthernet5/0/1:linkstatusisDOWNReplyfrom4.4.4.4:bytes=56Sequence=37ttl=255time=1ms%Sep219:38:13:0802010125-1LAGG/2/LAGG_LOG:PortmemberGigabitEthernet5/0/1ofaggregationgroupBAGG1becomesINACTIVE,becausetheport'sconfigurationisimproperforaggregation.Replyfrom4.4.4.4:bytes=56Sequence=38ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=39ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=40ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=41ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=42ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=43ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=44ttl=255time=1msRequesttimeoutRequesttimeoutRequesttimeout%Sep219:38:15:1752010125-1RM/3/RMLOG:OSPF-NBRCHANGE:Process1,Neighbor1.1.1.2(Vlan-interface100)fromLoadingtoFullReplyfrom4.4.4.4:bytes=56Sequence=45ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=46ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=47ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=48ttl=255time=1ms%Sep219:38:16:2002010125-1BFD/4/LOG:Sess[1.1.1.1/1.1.1.2,Vlan100,Ctrl],Sta:DOWN->UP,Diag:0Replyfrom4.4.4.4:bytes=56Sequence=52ttl=255time=1ms测试一、进一步测试（1）更改配置：更改BFD检测时间为900ms；测试结果正常。[125-1-Vlan-interface100]ping-c10004.4.4.4PING4.4.4.4:56databytes,pressCTRL_CtobreakReplyfrom4.4.4.4:bytes=56Sequence=34ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=35ttl=255time=1msRequesttimeout%Sep219:38:12:9692010125-1IFNET/4/LINKUPDOWN:GigabitEthernet5/0/1:linkstatusisDOWNReplyfrom4.4.4.4:bytes=56Sequence=37ttl=255time=1ms%Sep219:38:13:0802010125-1LAGG/2/LAGG_LOG:PortmemberGigabitEthernet5/0/1ofaggregationgroupBAGG1becomesINACTIVE,becausetheport'sconfigurationisimproperforaggregation.Replyfrom4.4.4.4:bytes=56Sequence=38ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=39ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=40ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=41ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=42ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=43ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=44ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=45ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=46ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=47ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=48ttl=255time=1ms测试一、进一步测试（2）更改配置：删除BFD功能；测试结果正常。[125-1-Vlan-interface100]ping-c10004.4.4.4PING4.4.4.4:56databytes,pressCTRL_CtobreakReplyfrom4.4.4.4:bytes=56Sequence=26ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=27ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=28ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=29ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=30ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=31ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=32ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=33ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=34ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=35ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=36ttl=255time=1ms%Sep315:18:51:8892010125-1IFNET/4/LINKUPDOWN:Ten-GigabitEthernet3/0/2:linkstatusisDOWN%Sep315:18:52:0002010125-1LAGG/2/LAGG_LOG:PortmemberTen-GigabitEthernet3/0/2ofaggregationgroupBAGG1becomesINACTIVE,becausetheport'sconfigurationisimproperforaggregation.

RequesttimeoutReplyfrom4.4.4.4:bytes=56Sequence=38ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=39ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=40ttl=255time=1ms

SMBT3/0/2T3/0/2VLAN100T3/0/4Port1Port2T3/0/4S125_1S125_2测试二、拓扑及设备配置关键配置：两个万兆光接口聚合,在三层接口上启用OSPFBFD功能；启用ospf功能，把两端的Loopback地址3.3.3.3和4.4.4.4引入到ospf中；OSPFPeerBFDPeerL1：3.3.3.3L1：4.4.4.4测试二、链路聚合/BFD/OSPF状态[125-1]displaylink-aggregationverboseSystemID:0x8000,0023-893c-f800Local:PortStatusPriorityOper-KeyFlag--------------------------------------------------------------------------------XGE3/0/2S327681{ACDEF}XGE3/0/4S327681{ACDEF}Remote:ActorPartnerPriorityOper-KeySystemIDFlag--------------------------------------------------------------------------------XGE3/0/21073276810x8000,0023-893d-1c00{ACDEF}XGE3/0/41083276810x8000,0023-893d-1c00{ACDEF}[125-1]disp[125-1]displaybfdsessionLD/RDSourceAddrDestAddrStateHoldtimeInterface11/111.1.1.11.1.1.2Up20msVlan100[125-1]dispiprouDestination/MaskProtoPreCostNextHopInterface4.4.4.4/32O_ASE15011.1.1.2Vlan100测试二、测试结果[125-1-Vlan-interface100]ping-c100004.4.4.4PING4.4.4.4:56databytes,pressCTRL_CtobreakReplyfrom4.4.4.4:bytes=56Sequence=330ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=331ttl=255time=1ms%Sep309:05:54:6622010125-1IFNET/4/LINKUPDOWN:Ten-GigabitEthernet3/0/2:linkstatusisDOWN%Sep309:05:54:7742010125-1LAGG/2/LAGG_LOG:PortmemberTen-GigabitEthernet3/0/2ofaggregationgroupBAGG1becomesINACTIVE,becausetheport'sconfigurationisimproperforaggregation.RequesttimeoutReplyfrom4.4.4.4:bytes=56Sequence=333ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=334ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=335ttl=255time=1msReplyfrom4.4.4.4:bytes=56Sequence=336ttl=255time=1msRep