Mailing List Archive

BFD not working on ASR920
Hi,

this is no question (except "why oh why?") but for the sake of google
and to help the next one that runs into this...

We have a number of ASR920-12 on 16.06.05a - because we cannot be bothered
to go to "the new licensing scheme" - and we have customer lines on them,
"because SFP handoff".

All the interfaces follow a standard scheme

interface GigabitEthernet0/0/2
description <customer>/lid=nnn (primary)
ip address 195.xx.xx.12 255.255.255.252
ip flow ingress
negotiation auto
cdp enable
ipv6 address 2001:608:xxx:xxx::1234/64
bfd interval 200 min_rx 200 multiplier 10

(really nothing special here)

and then there's BGP config to the customer's router, with BFD

neighbor 195.xx.xx.13 fall-over bfd
neighbor 2001:608:xxx:xxx::1235 fall-over bfd

... this used to work fine on our 6500s, but BFD just did not want to
come up on the ASR920s, no matter what I tested and debugged.

Today I found the culprit - the configs were copied over from the 6500,
including an "ip flow ingress" line - we do not have netflow active on
the ASR920 (and from my understanding of "how it works", this is not
something we actually want) so I considered this more of a no-op / config
wart than a problem.

Today I went cleaning up... and lo and behold

ar21(config)#interface GigabitEthernet0/0/2
ar21(config-if)#no ip flow ing
ar21(config-if)#^Z
Apr 3 11:41:11: %SYS-5-CONFIG_I: Configured from console by gert on vty0 (2001:608:0:736::18)
Apr 3 11:41:18: %BFDFSM-6-BFD_SESS_UP: BFD-SYSLOG: BFD session ld:37 handle:9 is going UP

... all the "down and we cannot find a reason" BFD sessions came up the
moment I removed the "ip flow ingress" from the interface config.


long story short:

"ip flow ingress" kills BFD on ASR920, both for IPv4 and for IPv6.

(and no, I'm not going to bother spending another month of my life
explaining this to TAC - documenting this on c-nsp is more helpful to
other victims than trying to get things fixed on this platform)

gert

--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany gert@greenie.muc.de
Re: BFD not working on ASR920 [ In reply to ]
On 4/3/22 12:01, Gert Doering wrote:
> ... all the "down and we cannot find a reason" BFD sessions came up the
> moment I removed the "ip flow ingress" from the interface config.

IIRC, isn't Netflow support on the ASR920 somewhere between suspect to
non-existent? Or was that NAT? Or was that PPPoE?

Thanks for the tip. I'm sure it will be helpful for many!

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: BFD not working on ASR920 [ In reply to ]
Hi,

On Sun, Apr 03, 2022 at 07:58:22PM +0200, Mark Tinka wrote:
> On 4/3/22 12:01, Gert Doering wrote:
> > ... all the "down and we cannot find a reason" BFD sessions came up the
> > moment I removed the "ip flow ingress" from the interface config.
>
> IIRC, isn't Netflow support on the ASR920 somewhere between suspect to
> non-existent? Or was that NAT? Or was that PPPoE?

Netflow is sort of semi-supported, if I remember right - by using
the SPAN feature of the chip to siphon traffic off to the CPU, and
do netflow there, capped to 1GE of traffic. Or something like that.

Did not try NAT or PPPoE on that box... but I'm sure there is excitement.

(Speaking of SPAN - trying to debug BGP using a local SPAM is a real
adventure, as packets sent by the local CPU are not seen on a RX/TX
mirror session... only the RSTs coming in from the other end gave a
clue what happened)

> Thanks for the tip. I'm sure it will be helpful for many!

That was the idea :-)

gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany gert@greenie.muc.de
Re: BFD not working on ASR920 [ In reply to ]
On 4/3/22 20:30, Gert Doering wrote:

> Netflow is sort of semi-supported, if I remember right - by using
> the SPAN feature of the chip to siphon traffic off to the CPU, and
> do netflow there, capped to 1GE of traffic. Or something like that.
>
> Did not try NAT or PPPoE on that box... but I'm sure there is excitement.
>
> (Speaking of SPAN - trying to debug BGP using a local SPAM is a real
> adventure, as packets sent by the local CPU are not seen on a RX/TX
> mirror session... only the RSTs coming in from the other end gave a
> clue what happened)

We are finding the ASR920 has reached its usefulness for us.

We are looking at other options now; and yes, from me, that also
includes boxes shipping with Broadcom :-\...

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: BFD not working on ASR920 [ In reply to ]
That's a big no on NAT. We're still deploying them on the edge, feeding
customer facing FTTH and DSL customers. At least they support EIGRP (yes
we still use that) and MPLS. I really wish they would do some more
development for the platform, or at least fix all the 'wierd-ness' on
them.

On Sun, Apr 3, 2022 at 3:09 PM Mark Tinka <mark@tinka.africa> wrote:

>
>
> On 4/3/22 20:30, Gert Doering wrote:
>
> > Netflow is sort of semi-supported, if I remember right - by using
> > the SPAN feature of the chip to siphon traffic off to the CPU, and
> > do netflow there, capped to 1GE of traffic. Or something like that.
> >
> > Did not try NAT or PPPoE on that box... but I'm sure there is excitement.
> >
> > (Speaking of SPAN - trying to debug BGP using a local SPAM is a real
> > adventure, as packets sent by the local CPU are not seen on a RX/TX
> > mirror session... only the RSTs coming in from the other end gave a
> > clue what happened)
>
> We are finding the ASR920 has reached its usefulness for us.
>
> We are looking at other options now; and yes, from me, that also
> includes boxes shipping with Broadcom :-\...
>
> Mark.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: BFD not working on ASR920 [ In reply to ]
On 4/3/22 21:25, Shawn L wrote:
> That's a big no on NAT. We're still deploying them on the edge, feeding
> customer facing FTTH and DSL customers. At least they support EIGRP (yes
> we still use that) and MPLS. I really wish they would do some more
> development for the platform, or at least fix all the 'wierd-ness' on
> them.

They won't.

If you want a better ASR920, Cisco will force you on to the NCS540 train.

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: BFD not working on ASR920 [ In reply to ]
On 4/3/22 9:04 PM, Mark Tinka wrote:
>
>
> On 4/3/22 20:30, Gert Doering wrote:
>
>> Netflow is sort of semi-supported, if I remember right - by using
>> the SPAN feature of the chip to siphon traffic off to the CPU, and
>> do netflow there, capped to 1GE of traffic.  Or something like that.
>>
>> Did not try NAT or PPPoE on that box... but I'm sure there is excitement.
>>
>> (Speaking of SPAN - trying to debug BGP using a local SPAM is a real
>> adventure, as packets sent by the local CPU are not seen on a RX/TX
>> mirror session... only the RSTs coming in from the other end gave a
>> clue what happened)
>
> We are finding the ASR920 has reached its usefulness for us.
>
> We are looking at other options now; and yes, from me, that also
> includes boxes shipping with Broadcom :-\...


Curious to hear what other options you are considering? We're also
looking for alternatives ...

- bryan
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: BFD not working on ASR920 [ In reply to ]
On 4/5/22 20:00, Bryan Holloway wrote:

>
> Curious to hear what other options you are considering? We're also
> looking for alternatives ...

ACX7k...

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/