Mailing List Archive

NXOS BFD sends packets sourced and destined for it's own IP address to the remote host.
Howdy,

Sorry for the noise but I have run into a little confusion surrounding how NXOS does BFD.

I noticed that BFD wasn't establishing between two switches while there was an iACL attached to an interface and when I checked into the traffic that was getting blocked I noticed this:

Acl: %ACL-6-IPACCESS: list TESTv4 Vlan1061 denied udp 192.168.1.194(49254) -> 192.168.1.194(3785)
Acl: %ACL-6-IPACCESS: list TESTv4 Vlan1061 denied udp 192.168.1.194(49254) -> 192.168.1.194(3785)

Does anyone know why if NXOS is trying to communicate with itself it would try to accomplish this by sending the traffic through the remote device?

I can really easily resolve this by just adding another line to the ACL but I would much rather understand how this traffic is ending up on the wire in the first place.

Thanks,
-Drew



_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NXOS BFD sends packets sourced and destined for it's own IP address to the remote host. [ In reply to ]
Hi,

On Mon, Jan 18, 2021 at 08:15:02PM +0000, Drew Weaver wrote:
> I can really easily resolve this by just adding another line to the ACL but I would much rather understand how this traffic is ending up on the wire in the first place.

By being sent out, to be returned by the other end "if its IP forwarding
engine is working" - BFD echo mode

https://netcraftsmen.com/clarifying-bfd-and-bfd-echo/

gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany gert@greenie.muc.de
Re: NXOS BFD sends packets sourced and destined for it's own IP address to the remote host. [ In reply to ]
Ah okay, I suppose I was confused because I didn't configure bfd echo on the Nexus side and it's not anywhere in the configuration on the device.


-----Original Message-----
From: Gert Doering <gert@greenie.muc.de>
Sent: Monday, January 18, 2021 4:26 PM
To: Drew Weaver <drew.weaver@thenap.com>
Cc: 'cisco-nsp@puck.nether.net' <cisco-nsp@puck.nether.net>
Subject: Re: [c-nsp] NXOS BFD sends packets sourced and destined for it's own IP address to the remote host.

Hi,

On Mon, Jan 18, 2021 at 08:15:02PM +0000, Drew Weaver wrote:
> I can really easily resolve this by just adding another line to the ACL but I would much rather understand how this traffic is ending up on the wire in the first place.

By being sent out, to be returned by the other end "if its IP forwarding engine is working" - BFD echo mode

https://netcraftsmen.com/clarifying-bfd-and-bfd-echo/

gert
--
"If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany gert@greenie.muc.de
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NXOS BFD sends packets sourced and destined for it's own IP address to the remote host. [ In reply to ]
Hi,

On Tue, Jan 19, 2021 at 01:22:57PM +0000, Drew Weaver wrote:
> Ah okay, I suppose I was confused because I didn't configure bfd echo on the Nexus side and it's not anywhere in the configuration on the device.

Google says echo mode is default on Nexus.

gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany gert@greenie.muc.de