Mailing List Archive: Granularity for BFD in CoPP policy

If "echo" is used, I think you might need something like the following,
replicating the ACEs exactly on each side.

//

permit udp <side1> <side2> eq 3784
permit udp <side1> <side2> eq 3785
permit udp <side2> <side1> eq 3784
permit udp <side2> <side1> eq 3785
permit udp <side1> eq 3784 <side2>
permit udp <side1> eq 3785 <side2>
permit udp <side2> eq 3784 <side1>
permit udp <side2> eq 3785 <side1>

//

On Thu, Oct 31, 2019 at 11:42 AM Drew Weaver <drew.weaver@thenap.com> wrote:

> Howdy!
>
> I have noticed that if I put:
>
> permit udp any any eq 3784
> permit udp any any eq 3785
>
> Into a CoPP policy, this makes BFD function between two systems.
>
> If I try to get specific and use the source and destination addresses of
> the two systems BFD flaps wildly.
>
> I would assume, most likely foolishly that the NeighAddr listed in 'sh bfd
> nei' would be the source IP of the BFD packets but it appears that I am
> mistaken.
>
> Any ideas?
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/