Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[vRR] Bidirectional Forwarding Detection in Virtual Route Reflector

0

0

Article ID: KB35345 KB Last Updated: 11 Dec 2019Version: 1.0
Summary:

This article explains what to expect when running BFD (Bidirectional Forwarding Detection) in a vRR (Virtual Route Reflector).

The vRR is a pure control plane product, and is designed to be placed out of the data path as an out-of-band route reflector. BFD is a protocol to verify the liveliness of a data path (data plane). However, users may want to run BFD on the vRR. The vRR (being only control plane), as an out of band route reflector (not in the data path) should not need BFD to operate.

Example scenario:

  • No BFD was used with the vRR, and a default BGP hold-time of 90s.
  • There are 2 route reflector clients, RRC-A and RRC-B.
  • Suppose the vRR goes down.
  • In those 90s hold-time that BGP would take to detect that the vRR is down, a second failure occurs and RRC-A goes down.

In this scenario, RRC-B would have routing information originating from RRC-A, reflected by vRR (which is down) but whose BGP hold-time has not expired yet. However, the routes with a next-hop of RRC-A loopback address in RRC-B RIB would become hidden because RRC-A is down, and it’s loopback is no longer reachable via IGP (via the data path, protected with BFD). Therefore, recursive NH resolution is no longer possible for RRC-B. As a result, no black-holing of traffic would take place.

Symptoms:

Running BFD with aggressive (sub-second) timers on a vRR might cause BFD session to flap.

Cause:

Background information into Juniper's BFD implementation:

  • ppmd (periodic packet management daemon) is the daemon in charge of periodic packet generation to alleviate rpd (routing protocol daemon) from these tasks.

  • ppmd is used, for example to transmit and receive, OSPF hello packets, BFD packets, LACPDUs, xSTP BPDUs, VRRP, etc.

  • Bidirectional Forwarding Detection on Juniper Network products can run in 3 different modes, depending on the hardware and platform.

The ppmd daemon (or periodic packet management daemon) can run in these 3 modes:

  • Centralized (or nondistributed) BFD: BFD is run on the Routing Engine CPU

  • Distributed (or single-hop) BFD: BFD is delegated to the line card (FPC) CPU micro-kernel.

  • Inline BFD: - BFD is run in the ASIC (scales even further than distributed mode)

The vRR is a pure control plane product, which means there is no data plane. Therefore, the BFD protocol and ppmd run purely in centralized mode on the vRR. BFD and ppmd are running in user space (‘RE’ CPU space). Ppmd interacts with RPD and kernel through Unix sockets. There is a bottleneck with sub-second packet generation and ‘higher scale’. This means that BFD running in control plane usually cannot offer failure detection in the sub-second range. In other words, there is no u-kernel that can be offloaded/delegated to FPC/PFE CPU, like in distributed mode.

Solution:

Based on the number of BGP prefixes in the RIB and RAM assigned to the vRR, the BFD timer might need to be adjusted. BFD minimum-interval might need to be adjusted to an optimal level.

This optimal level depends on the load on the system (traffic and RPD current load), which would be to around ~1sec. Then BFD should be monitored to verify it's stability. If it is not stable, the minimum-interval might need to be further adjusted.

The minimum-interval might differ based on the number of BGP sessions, the size of the RIB, the amount of RAM, etc.

  • 32GB RAM for VRR is usually recommended for higher/max scale 30 million routes.
  • 16GB RAM should be sufficient for a BGP scale of 3 million routes.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search