Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Should I use BFD when in active/passive HA with OSPF?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Should I use BFD when in active/passive HA with OSPF?

L1 Bithead

I am setting up some new OSPF adjacencies between my PA and a pair of Dell switches. Should I be using BFD? Will BFD make things better or worse?

 

What I currently do is set LACP in HA passive state. OSPF graceful failover is configured on my switches and on firewall (which is default). I am using default grace period of 120 seconds. My OSPF hello timers are set to 1 second, and dead time to 10 seconds. I have found that if my dead timer is at 5 seconds or so, that OSPF would completely drop from my switch, which is certainly not desirable. In this configuration, a planned failover usually results in 1 dropped ping.

 

In this environment, is BFD useful? I haven't found information relating BFD and PA active/passive deployments. My concern is that a failover will cause BFD to go down, which will then cause OSPF to drop and there goes my graceful restart. 😞 I don't know, maybe if I used longer BFD timers I can make it work. Anyone know what BFD timers would survice a graceful failover?

 

In this setup, my PA has an adjacency with each redundant switch. It would be nice to detect the switch being down with BFD before my OSPF dead timer expires. I can't do interface down detection because of of the use of AE interface going to both switches. Maybe it is possible to only have OSPF on the PAN to subscribe to BFD? That way PAN can quickly withdraw routes to a dead switch before OSPF timers expire, but a PAN failover won't cause issues for the switches.

 

Thank you!

2 REPLIES 2

L3 Networker

PA has a bit strange behavior on BFD, apparently it will flush the fib during a ha failover if BFD is in use. (this was confirmed by a local SE after we spent quite some time with bfd tweaking), so if i understand your concern, you are correct. BFD can make it worse during a failover. This was to cisco routers (with a l2 switch between).

We never got it to work even with tweaking the timers.

Thank you. I will see if I can setup some test conenctions with my production gear.

  • 4471 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!