Soooo, how does one get BFD to come up on ROS 7? :)
So, I was off work sick today, have been holding off on upgrading all my 'production' gear to ROS 7 until BFD support was a thing. Supposedly it's now supported, so I upgraded one of my routers (RB1100AHx4). And yeah, BFD does not appear to work :( Asked a few colleagues, and it's working for them. We compared configs, and identical configs basically, just different hardware on the other side. Is there a trick to it? Is it only supported on specific Mikrotik hardware? Or only TO/FROM specific remote hardware? I tried enabling logging (/system logging add prefix=debug topics=bfd), which didn't really add anything.. Remote end is Cisco Nexus Config is basically: /routing bfd configuration add disabled=no interfaces=vlan300_WyongBGP /routing bgp connection add as=65001 connect=yes disabled=no hold-time=6s input.filter=BGP_SAU_TOR_IN_V4 keepalive-time=2s listen=yes local.address=103.235.x.x .role=ebgp name=SAU-TOR-WYONG-V4 output.filter-chain=BGP_SAU_TOR_OUT_V4 \ .network=bgp-networks .no-client-to-client-reflection=yes .redistribute=connected,static,vpn,dhcp remote.address=103.235.x.x/32 .as=64101 .port=179 router-id=103.235.x.x routing-table=main templates=SAU \ use-bfd=yes If I watch the BFD sessions, I'll see it show as 'dead',. and then disappear, then show as dead, then disappear.. Any thoughts? I've set this one to a 6 second hold timer, and halted the other upgrades for now. I've also reset the config and configured from scratch incase it was a v6>v7 upgrade issue, but still the same problem.. Thankyou! -- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
What a way to spend a sick day :) Dumb question, the remote end definitely supports bfd? (My SAU links don’t :( ) Are you permitting 3784 UDP and 3785 TCP/UDP in your input and output chains? Can you see 3784/3785 traffic on your BGP interface? BFD on my configs is pretty much as simple as yours, > interface listed in BFD > bfd = yes in BGP > firewall rules permitting… Hope something in there helps, DB On 20 Aug 2024, at 4:52 PM, Damien Gardner Jnr via Public <public@talk.mikrotik.com.au> wrote:
So, I was off work sick today, have been holding off on upgrading all my 'production' gear to ROS 7 until BFD support was a thing. Supposedly it's now supported, so I upgraded one of my routers (RB1100AHx4). And yeah, BFD does not appear to work :(
Asked a few colleagues, and it's working for them. We compared configs, and identical configs basically, just different hardware on the other side.
Is there a trick to it? Is it only supported on specific Mikrotik hardware? Or only TO/FROM specific remote hardware? I tried enabling logging (/system logging add prefix=debug topics=bfd), which didn't really add anything.. Remote end is Cisco Nexus
Config is basically:
/routing bfd configuration add disabled=no interfaces=vlan300_WyongBGP /routing bgp connection add as=65001 connect=yes disabled=no hold-time=6s input.filter=BGP_SAU_TOR_IN_V4 keepalive-time=2s listen=yes local.address=103.235.x.x .role=ebgp name=SAU-TOR-WYONG-V4 output.filter-chain=BGP_SAU_TOR_OUT_V4 \ .network=bgp-networks .no-client-to-client-reflection=yes .redistribute=connected,static,vpn,dhcp remote.address=103.235.x.x/32 .as=64101 .port=179 router-id=103.235.x.x routing-table=main templates=SAU \ use-bfd=yes
If I watch the BFD sessions, I'll see it show as 'dead',. and then disappear, then show as dead, then disappear..
Any thoughts? I've set this one to a 6 second hold timer, and halted the other upgrades for now. I've also reset the config and configured from scratch incase it was a v6>v7 upgrade issue, but still the same problem..
Thankyou! --
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Thanks Dirk, Yep, it was all working on ROS6 before the upgrade. Allowing all in the firewall from the TOR switch interface IP. Good question though, I’ll setup a capture piped back to my workstation later tonight and see exactly what’s going over there! (My bgp is internal to sau, announcing the smaller prefixes I use in my lab, not talking to the public routers - so it’s one physical link, no trunking - afaik we don’t support BFD unless you are directly peering on one of the ‘big’ routers for public BGP) Thanks! Damien Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder On Tue, 20 Aug 2024 at 5:36 PM, TFM Cloud - Dirk Bermingham < dirk@tfmcloud.au> wrote:
What a way to spend a sick day :)
Dumb question, the remote end definitely supports bfd? (My SAU links don’t :( )
Are you permitting 3784 UDP and 3785 TCP/UDP in your input and output chains?
Can you see 3784/3785 traffic on your BGP interface?
BFD on my configs is pretty much as simple as yours, > interface listed in BFD > bfd = yes in BGP > firewall rules permitting…
Hope something in there helps,
DB
On 20 Aug 2024, at 4:52 PM, Damien Gardner Jnr via Public < public@talk.mikrotik.com.au> wrote:
So, I was off work sick today, have been holding off on upgrading all my 'production' gear to ROS 7 until BFD support was a thing. Supposedly
now supported, so I upgraded one of my routers (RB1100AHx4). And yeah, BFD does not appear to work :(
Asked a few colleagues, and it's working for them. We compared configs, and identical configs basically, just different hardware on the other side.
Is there a trick to it? Is it only supported on specific Mikrotik hardware? Or only TO/FROM specific remote hardware? I tried enabling logging (/system logging add prefix=debug topics=bfd), which didn't really add anything.. Remote end is Cisco Nexus
Config is basically:
/routing bfd configuration add disabled=no interfaces=vlan300_WyongBGP /routing bgp connection add as=65001 connect=yes disabled=no hold-time=6s input.filter=BGP_SAU_TOR_IN_V4 keepalive-time=2s listen=yes local.address=103.235.x.x .role=ebgp name=SAU-TOR-WYONG-V4 output.filter-chain=BGP_SAU_TOR_OUT_V4 \ .network=bgp-networks .no-client-to-client-reflection=yes .redistribute=connected,static,vpn,dhcp remote.address=103.235.x.x/32 .as=64101 .port=179 router-id=103.235.x.x routing-table=main templates=SAU \ use-bfd=yes
If I watch the BFD sessions, I'll see it show as 'dead',. and then disappear, then show as dead, then disappear..
Any thoughts? I've set this one to a 6 second hold timer, and halted
it's the
other upgrades for now. I've also reset the config and configured from scratch incase it was a v6>v7 upgrade issue, but still the same problem..
Thankyou! --
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
One more thing, if you set up a BGP session without BFD, does the session show bfd in the capabilities for the remote end? Whatever the issue is, it’ll be small and stupid and the session will suddenly come alive once you nail it down, BFD has been really solid for us. On 20 Aug 2024, at 5:41 PM, Damien Gardner Jnr <rendrag@rendrag.net> wrote: Thanks Dirk, Yep, it was all working on ROS6 before the upgrade. Allowing all in the firewall from the TOR switch interface IP. Good question though, I’ll setup a capture piped back to my workstation later tonight and see exactly what’s going over there! (My bgp is internal to sau, announcing the smaller prefixes I use in my lab, not talking to the public routers - so it’s one physical link, no trunking - afaik we don’t support BFD unless you are directly peering on one of the ‘big’ routers for public BGP) Thanks! Damien Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net<mailto:rendrag@rendrag.net> - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder On Tue, 20 Aug 2024 at 5:36 PM, TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au<mailto:dirk@tfmcloud.au>> wrote: What a way to spend a sick day :) Dumb question, the remote end definitely supports bfd? (My SAU links don’t :( ) Are you permitting 3784 UDP and 3785 TCP/UDP in your input and output chains? Can you see 3784/3785 traffic on your BGP interface? BFD on my configs is pretty much as simple as yours, > interface listed in BFD > bfd = yes in BGP > firewall rules permitting… Hope something in there helps, DB On 20 Aug 2024, at 4:52 PM, Damien Gardner Jnr via Public <public@talk.mikrotik.com.au<mailto:public@talk.mikrotik.com.au>> wrote:
So, I was off work sick today, have been holding off on upgrading all my 'production' gear to ROS 7 until BFD support was a thing. Supposedly it's now supported, so I upgraded one of my routers (RB1100AHx4). And yeah, BFD does not appear to work :(
Asked a few colleagues, and it's working for them. We compared configs, and identical configs basically, just different hardware on the other side.
Is there a trick to it? Is it only supported on specific Mikrotik hardware? Or only TO/FROM specific remote hardware? I tried enabling logging (/system logging add prefix=debug topics=bfd), which didn't really add anything.. Remote end is Cisco Nexus
Config is basically:
/routing bfd configuration add disabled=no interfaces=vlan300_WyongBGP /routing bgp connection add as=65001 connect=yes disabled=no hold-time=6s input.filter=BGP_SAU_TOR_IN_V4 keepalive-time=2s listen=yes local.address=103.235.x.x .role=ebgp name=SAU-TOR-WYONG-V4 output.filter-chain=BGP_SAU_TOR_OUT_V4 \ .network=bgp-networks .no-client-to-client-reflection=yes .redistribute=connected,static,vpn,dhcp remote.address=103.235.x.x/32 .as=64101 .port=179 router-id=103.235.x.x routing-table=main templates=SAU \ use-bfd=yes
If I watch the BFD sessions, I'll see it show as 'dead',. and then disappear, then show as dead, then disappear..
Any thoughts? I've set this one to a 6 second hold timer, and halted the other upgrades for now. I've also reset the config and configured from scratch incase it was a v6>v7 upgrade issue, but still the same problem..
Thankyou! --
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net<mailto:rendrag@rendrag.net> - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au<mailto:Public@talk.mikrotik.com.au> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Thanks, that got it sorted. It's a ROS7 bug, not honouring the configured min_tx on the BFD session, and always sending 1000ms for min_tx - which is above the maximum 999ms for Cisco Nexus, so BFD can't be established.. Would be good if their Documentation mentioned that this setting was not honoured, and was hardcoded to 1000ms... I guess I stay with ROS6! Wish I'd realised before I upgraded this router though :( Thanks for your time, Dirk! :) On Tue, 20 Aug 2024 at 17:53, TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au> wrote:
One more thing, if you set up a BGP session without BFD, does the session show bfd in the capabilities for the remote end?
Whatever the issue is, it’ll be small and stupid and the session will suddenly come alive once you nail it down, BFD has been really solid for us.
On 20 Aug 2024, at 5:41 PM, Damien Gardner Jnr <rendrag@rendrag.net> wrote:
Thanks Dirk,
Yep, it was all working on ROS6 before the upgrade. Allowing all in the firewall from the TOR switch interface IP. Good question though, I’ll setup a capture piped back to my workstation later tonight and see exactly what’s going over there!
(My bgp is internal to sau, announcing the smaller prefixes I use in my lab, not talking to the public routers - so it’s one physical link, no trunking - afaik we don’t support BFD unless you are directly peering on one of the ‘big’ routers for public BGP)
Thanks!
Damien
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
On Tue, 20 Aug 2024 at 5:36 PM, TFM Cloud - Dirk Bermingham < dirk@tfmcloud.au> wrote:
What a way to spend a sick day :)
Dumb question, the remote end definitely supports bfd? (My SAU links don’t :( )
Are you permitting 3784 UDP and 3785 TCP/UDP in your input and output chains?
Can you see 3784/3785 traffic on your BGP interface?
BFD on my configs is pretty much as simple as yours, > interface listed in BFD > bfd = yes in BGP > firewall rules permitting…
Hope something in there helps,
DB
On 20 Aug 2024, at 4:52 PM, Damien Gardner Jnr via Public < public@talk.mikrotik.com.au> wrote:
So, I was off work sick today, have been holding off on upgrading all
'production' gear to ROS 7 until BFD support was a thing. Supposedly it's now supported, so I upgraded one of my routers (RB1100AHx4). And yeah, BFD does not appear to work :(
Asked a few colleagues, and it's working for them. We compared configs, and identical configs basically, just different hardware on the other side.
Is there a trick to it? Is it only supported on specific Mikrotik hardware? Or only TO/FROM specific remote hardware? I tried enabling logging (/system logging add prefix=debug topics=bfd), which didn't really add anything.. Remote end is Cisco Nexus
Config is basically:
/routing bfd configuration add disabled=no interfaces=vlan300_WyongBGP /routing bgp connection add as=65001 connect=yes disabled=no hold-time=6s input.filter=BGP_SAU_TOR_IN_V4 keepalive-time=2s listen=yes local.address=103.235.x.x .role=ebgp name=SAU-TOR-WYONG-V4 output.filter-chain=BGP_SAU_TOR_OUT_V4 \ .network=bgp-networks .no-client-to-client-reflection=yes .redistribute=connected,static,vpn,dhcp remote.address=103.235.x.x/32 .as=64101 .port=179 router-id=103.235.x.x routing-table=main templates=SAU \ use-bfd=yes
If I watch the BFD sessions, I'll see it show as 'dead',. and then disappear, then show as dead, then disappear..
Any thoughts? I've set this one to a 6 second hold timer, and halted
other upgrades for now. I've also reset the config and configured from scratch incase it was a v6>v7 upgrade issue, but still the same
my the problem..
Thankyou! --
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
Good morning! Are MT aware of that bug, and have they 'acknowledged' it? If not, sounds like it is worth making sure it is added to their buglist for future attention :-} You are welcome to pass it through our tech team at support@duxtel.com if you think we can help to get it on their radar! :-} Cheers, Mike. -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Damien Gardner Jnr via Public Sent: Wednesday, 21 August 2024 10:21 AM To: TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au> Cc: Damien Gardner Jnr <rendrag@rendrag.net>; MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Soooo, how does one get BFD to come up on ROS 7? :) Thanks, that got it sorted. It's a ROS7 bug, not honouring the configured min_tx on the BFD session, and always sending 1000ms for min_tx - which is above the maximum 999ms for Cisco Nexus, so BFD can't be established.. Would be good if their Documentation mentioned that this setting was not honoured, and was hardcoded to 1000ms... I guess I stay with ROS6! Wish I'd realised before I upgraded this router though :( Thanks for your time, Dirk! :) On Tue, 20 Aug 2024 at 17:53, TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au> wrote:
One more thing, if you set up a BGP session without BFD, does the session show bfd in the capabilities for the remote end?
Whatever the issue is, it’ll be small and stupid and the session will suddenly come alive once you nail it down, BFD has been really solid for us.
On 20 Aug 2024, at 5:41 PM, Damien Gardner Jnr <rendrag@rendrag.net> wrote:
Thanks Dirk,
Yep, it was all working on ROS6 before the upgrade. Allowing all in the firewall from the TOR switch interface IP. Good question though, I’ll setup a capture piped back to my workstation later tonight and see exactly what’s going over there!
(My bgp is internal to sau, announcing the smaller prefixes I use in my lab, not talking to the public routers - so it’s one physical link, no trunking - afaik we don’t support BFD unless you are directly peering on one of the ‘big’ routers for public BGP)
Thanks!
Damien
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
On Tue, 20 Aug 2024 at 5:36 PM, TFM Cloud - Dirk Bermingham < dirk@tfmcloud.au> wrote:
What a way to spend a sick day :)
Dumb question, the remote end definitely supports bfd? (My SAU links don’t :( )
Are you permitting 3784 UDP and 3785 TCP/UDP in your input and output chains?
Can you see 3784/3785 traffic on your BGP interface?
BFD on my configs is pretty much as simple as yours, > interface listed in BFD > bfd = yes in BGP > firewall rules permitting…
Hope something in there helps,
DB
On 20 Aug 2024, at 4:52 PM, Damien Gardner Jnr via Public < public@talk.mikrotik.com.au> wrote:
So, I was off work sick today, have been holding off on upgrading all
'production' gear to ROS 7 until BFD support was a thing. Supposedly it's now supported, so I upgraded one of my routers (RB1100AHx4). And yeah, BFD does not appear to work :(
Asked a few colleagues, and it's working for them. We compared configs, and identical configs basically, just different hardware on the other side.
Is there a trick to it? Is it only supported on specific Mikrotik hardware? Or only TO/FROM specific remote hardware? I tried enabling logging (/system logging add prefix=debug topics=bfd), which didn't really add anything.. Remote end is Cisco Nexus
Config is basically:
/routing bfd configuration add disabled=no interfaces=vlan300_WyongBGP /routing bgp connection add as=65001 connect=yes disabled=no hold-time=6s input.filter=BGP_SAU_TOR_IN_V4 keepalive-time=2s listen=yes local.address=103.235.x.x .role=ebgp name=SAU-TOR-WYONG-V4 output.filter-chain=BGP_SAU_TOR_OUT_V4 \ .network=bgp-networks .no-client-to-client-reflection=yes .redistribute=connected,static,vpn,dhcp remote.address=103.235.x.x/32 .as=64101 .port=179 router-id=103.235.x.x routing-table=main templates=SAU \ use-bfd=yes
If I watch the BFD sessions, I'll see it show as 'dead',. and then disappear, then show as dead, then disappear..
Any thoughts? I've set this one to a 6 second hold timer, and halted
other upgrades for now. I've also reset the config and configured from scratch incase it was a v6>v7 upgrade issue, but still the same
my the problem..
Thankyou! --
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com .au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Morning Mike :) I'm not sure, I haven't been able to find a public buglist anywhere, other than the one that comes up on page one of google - but that looks to only be for ROS6? I'd be very happy to pass through all my debugging info to your tech team, if you think you can get Mikrotik to look at it :) (Have they gotten any better? I reported a bunch of things 8-9 years ago, but never actually got replies, or they would take 3-4 months before I got 'hi, please try the latest release and see if it still happens', so I just gave up bothering, and started hacking around the issues..) Thanks, Damien On Wed, 21 Aug 2024 at 10:44, Mike Everest via Public < public@talk.mikrotik.com.au> wrote:
Good morning!
Are MT aware of that bug, and have they 'acknowledged' it? If not, sounds like it is worth making sure it is added to their buglist for future attention :-}
You are welcome to pass it through our tech team at support@duxtel.com if you think we can help to get it on their radar! :-}
Cheers, Mike.
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Damien Gardner Jnr via Public Sent: Wednesday, 21 August 2024 10:21 AM To: TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au> Cc: Damien Gardner Jnr <rendrag@rendrag.net>; MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Soooo, how does one get BFD to come up on ROS 7? :)
Thanks, that got it sorted. It's a ROS7 bug, not honouring the configured min_tx on the BFD session, and always sending 1000ms for min_tx - which is above the maximum 999ms for Cisco Nexus, so BFD can't be established.. Would be good if their Documentation mentioned that this setting was not honoured, and was hardcoded to 1000ms...
I guess I stay with ROS6! Wish I'd realised before I upgraded this router though :(
Thanks for your time, Dirk! :)
On Tue, 20 Aug 2024 at 17:53, TFM Cloud - Dirk Bermingham < dirk@tfmcloud.au> wrote:
One more thing, if you set up a BGP session without BFD, does the session show bfd in the capabilities for the remote end?
Whatever the issue is, it’ll be small and stupid and the session will suddenly come alive once you nail it down, BFD has been really solid for us.
On 20 Aug 2024, at 5:41 PM, Damien Gardner Jnr <rendrag@rendrag.net> wrote:
Thanks Dirk,
Yep, it was all working on ROS6 before the upgrade. Allowing all in the firewall from the TOR switch interface IP. Good question though, I’ll setup a capture piped back to my workstation later tonight and see exactly what’s going over there!
(My bgp is internal to sau, announcing the smaller prefixes I use in my lab, not talking to the public routers - so it’s one physical link, no trunking - afaik we don’t support BFD unless you are directly peering on one of the ‘big’ routers for public BGP)
Thanks!
Damien
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
On Tue, 20 Aug 2024 at 5:36 PM, TFM Cloud - Dirk Bermingham < dirk@tfmcloud.au> wrote:
What a way to spend a sick day :)
Dumb question, the remote end definitely supports bfd? (My SAU links don’t :( )
Are you permitting 3784 UDP and 3785 TCP/UDP in your input and output chains?
Can you see 3784/3785 traffic on your BGP interface?
BFD on my configs is pretty much as simple as yours, > interface listed in BFD > bfd = yes in BGP > firewall rules permitting…
Hope something in there helps,
DB
On 20 Aug 2024, at 4:52 PM, Damien Gardner Jnr via Public < public@talk.mikrotik.com.au> wrote:
So, I was off work sick today, have been holding off on upgrading all
'production' gear to ROS 7 until BFD support was a thing. Supposedly it's now supported, so I upgraded one of my routers (RB1100AHx4). And yeah, BFD does not appear to work :(
Asked a few colleagues, and it's working for them. We compared configs, and identical configs basically, just different hardware on the other side.
Is there a trick to it? Is it only supported on specific Mikrotik hardware? Or only TO/FROM specific remote hardware? I tried enabling logging (/system logging add prefix=debug topics=bfd), which didn't really add anything.. Remote end is Cisco Nexus
Config is basically:
/routing bfd configuration add disabled=no interfaces=vlan300_WyongBGP /routing bgp connection add as=65001 connect=yes disabled=no hold-time=6s input.filter=BGP_SAU_TOR_IN_V4 keepalive-time=2s listen=yes local.address=103.235.x.x .role=ebgp name=SAU-TOR-WYONG-V4 output.filter-chain=BGP_SAU_TOR_OUT_V4 \ .network=bgp-networks .no-client-to-client-reflection=yes .redistribute=connected,static,vpn,dhcp remote.address=103.235.x.x/32 .as=64101 .port=179 router-id=103.235.x.x routing-table=main templates=SAU \ use-bfd=yes
If I watch the BFD sessions, I'll see it show as 'dead',. and then disappear, then show as dead, then disappear..
Any thoughts? I've set this one to a 6 second hold timer, and halted
other upgrades for now. I've also reset the config and configured from scratch incase it was a v6>v7 upgrade issue, but still the same
my the problem..
Thankyou! --
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com .au
--
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
You would know if it were acknowledged – they typically reply with a comment along the lines of: “we were able to reproduce the issue and will address it in a future release. We are not able to guarantee a timeline for that update, and encourage you to watch future release notes for information” Sure, please send what you’ve got (behaviour detail, diagnostics, and ESPECIALLY reproduction steps) to support@duxtel.com <mailto:support@duxtel.com> and ask that it be relayed to MT support. Our team corresponds with them regularly, and seem to get reasonable response ‘most times’ ; ) Cheers! Mike. From: Damien Gardner Jnr <rendrag@rendrag.net> Sent: Wednesday, 21 August 2024 10:58 AM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Cc: Mike Everest <mike@duxtel.com> Subject: Re: [MT-AU Public] Soooo, how does one get BFD to come up on ROS 7? :) Morning Mike :) I'm not sure, I haven't been able to find a public buglist anywhere, other than the one that comes up on page one of google - but that looks to only be for ROS6? I'd be very happy to pass through all my debugging info to your tech team, if you think you can get Mikrotik to look at it :) (Have they gotten any better? I reported a bunch of things 8-9 years ago, but never actually got replies, or they would take 3-4 months before I got 'hi, please try the latest release and see if it still happens', so I just gave up bothering, and started hacking around the issues..) Thanks, Damien On Wed, 21 Aug 2024 at 10:44, Mike Everest via Public <public@talk.mikrotik.com.au <mailto:public@talk.mikrotik.com.au> > wrote: Good morning! Are MT aware of that bug, and have they 'acknowledged' it? If not, sounds like it is worth making sure it is added to their buglist for future attention :-} You are welcome to pass it through our tech team at support@duxtel.com <mailto:support@duxtel.com> if you think we can help to get it on their radar! :-} Cheers, Mike. -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au <mailto:public-bounces@talk.mikrotik.com.au> > On Behalf Of Damien Gardner Jnr via Public Sent: Wednesday, 21 August 2024 10:21 AM To: TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au <mailto:dirk@tfmcloud.au> > Cc: Damien Gardner Jnr <rendrag@rendrag.net <mailto:rendrag@rendrag.net> >; MikroTik Australia Public List <public@talk.mikrotik.com.au <mailto:public@talk.mikrotik.com.au> > Subject: Re: [MT-AU Public] Soooo, how does one get BFD to come up on ROS 7? :) Thanks, that got it sorted. It's a ROS7 bug, not honouring the configured min_tx on the BFD session, and always sending 1000ms for min_tx - which is above the maximum 999ms for Cisco Nexus, so BFD can't be established.. Would be good if their Documentation mentioned that this setting was not honoured, and was hardcoded to 1000ms... I guess I stay with ROS6! Wish I'd realised before I upgraded this router though :( Thanks for your time, Dirk! :) On Tue, 20 Aug 2024 at 17:53, TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au <mailto:dirk@tfmcloud.au> > wrote:
One more thing, if you set up a BGP session without BFD, does the session show bfd in the capabilities for the remote end?
Whatever the issue is, it’ll be small and stupid and the session will suddenly come alive once you nail it down, BFD has been really solid for us.
On 20 Aug 2024, at 5:41 PM, Damien Gardner Jnr <rendrag@rendrag.net <mailto:rendrag@rendrag.net> > wrote:
Thanks Dirk,
Yep, it was all working on ROS6 before the upgrade. Allowing all in the firewall from the TOR switch interface IP. Good question though, I’ll setup a capture piped back to my workstation later tonight and see exactly what’s going over there!
(My bgp is internal to sau, announcing the smaller prefixes I use in my lab, not talking to the public routers - so it’s one physical link, no trunking - afaik we don’t support BFD unless you are directly peering on one of the ‘big’ routers for public BGP)
Thanks!
Damien
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net <mailto:rendrag@rendrag.net> - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
On Tue, 20 Aug 2024 at 5:36 PM, TFM Cloud - Dirk Bermingham < dirk@tfmcloud.au <mailto:dirk@tfmcloud.au> > wrote:
What a way to spend a sick day :)
Dumb question, the remote end definitely supports bfd? (My SAU links don’t :( )
Are you permitting 3784 UDP and 3785 TCP/UDP in your input and output chains?
Can you see 3784/3785 traffic on your BGP interface?
BFD on my configs is pretty much as simple as yours, > interface listed in BFD > bfd = yes in BGP > firewall rules permitting…
Hope something in there helps,
DB
On 20 Aug 2024, at 4:52 PM, Damien Gardner Jnr via Public < public@talk.mikrotik.com.au <mailto:public@talk.mikrotik.com.au> > wrote:
So, I was off work sick today, have been holding off on upgrading all
'production' gear to ROS 7 until BFD support was a thing. Supposedly it's now supported, so I upgraded one of my routers (RB1100AHx4). And yeah, BFD does not appear to work :(
Asked a few colleagues, and it's working for them. We compared configs, and identical configs basically, just different hardware on the other side.
Is there a trick to it? Is it only supported on specific Mikrotik hardware? Or only TO/FROM specific remote hardware? I tried enabling logging (/system logging add prefix=debug topics=bfd), which didn't really add anything.. Remote end is Cisco Nexus
Config is basically:
/routing bfd configuration add disabled=no interfaces=vlan300_WyongBGP /routing bgp connection add as=65001 connect=yes disabled=no hold-time=6s input.filter=BGP_SAU_TOR_IN_V4 keepalive-time=2s listen=yes local.address=103.235.x.x .role=ebgp name=SAU-TOR-WYONG-V4 output.filter-chain=BGP_SAU_TOR_OUT_V4 \ .network=bgp-networks .no-client-to-client-reflection=yes .redistribute=connected,static,vpn,dhcp remote.address=103.235.x.x/32 .as=64101 .port=179 router-id=103.235.x.x routing-table=main templates=SAU \ use-bfd=yes
If I watch the BFD sessions, I'll see it show as 'dead',. and then disappear, then show as dead, then disappear..
Any thoughts? I've set this one to a 6 second hold timer, and halted
other upgrades for now. I've also reset the config and configured from scratch incase it was a v6>v7 upgrade issue, but still the same
my the problem..
Thankyou! --
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net <mailto:rendrag@rendrag.net> - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au <mailto:Public@talk.mikrotik.com.au>
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com .au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net <mailto:rendrag@rendrag.net> - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au <mailto:Public@talk.mikrotik.com.au> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au <mailto:Public@talk.mikrotik.com.au> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au -- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net <mailto:rendrag@rendrag.net> - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
Hi, I have bfd (for ospf) and it appears to be working ok. I have min tx of 0.5 (bigger than the default 0.2), and it says it is 500ms when looking at a wireshark capture. Regards Roger Date sent: Wed, 21 Aug 2024 10:20:34 +1000 To: TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au> Subject: Re: [MT-AU Public] Soooo, how does one get BFD to come up on ROS 7? :) From: Damien Gardner Jnr via Public <public@talk.mikrotik.com.au> Send reply to: MikroTik Australia Public List <public@talk.mikrotik.com.au> Copies to: Damien Gardner Jnr <rendrag@rendrag.net>, MikroTik Australia Public List <public@talk.mikrotik.com.au> [ Double-click this line for list subscription options ] Thanks, that got it sorted. It's a ROS7 bug, not honouring the configured min_tx on the BFD session, and always sending 1000ms for min_tx - which is above the maximum 999ms for Cisco Nexus, so BFD can't be established.. Would be good if their Documentation mentioned that this setting was not honoured, and was hardcoded to 1000ms... I guess I stay with ROS6! Wish I'd realised before I upgraded this router though :( Thanks for your time, Dirk! :) On Tue, 20 Aug 2024 at 17:53, TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au> wrote:
One more thing, if you set up a BGP session without BFD, does the session show bfd in the capabilities for the remote end?
Whatever the issue is, it´ll be small and stupid and the session will suddenly come alive once you nail it down, BFD has been really solid for us.
On 20 Aug 2024, at 5:41PM, Damien Gardner Jnr <rendrag@rendrag.net> wrote:
Thanks Dirk,
Yep, it was all working on ROS6 before the upgrade. Allowing all in the firewall from the TOR switch interface IP. Good question though, I´ll setup a capture piped back to my workstation later tonight and see exactly what´s going over there!
(My bgp is internal to sau, announcing the smaller prefixes I use in my lab, not talking to the public routers - so it´s one physical link, no trunking - afaik we don´t support BFD unless you are directly peering on one of the `big´ routers for public BGP)
Thanks!
Damien
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
On Tue, 20 Aug 2024 at 5:36PM, TFM Cloud - Dirk Bermingham < dirk@tfmcloud.au> wrote:
What a way to spend a sick day :)
Dumb question, the remote end definitely supports bfd? (My SAU links don´t :( )
Are you permitting 3784 UDP and 3785 TCP/UDP in your input and output chains?
Can you see 3784/3785 traffic on your BGP interface?
BFD on my configs is pretty much as simple as yours, > interface listed in BFD > bfd = yes in BGP > firewall rules permitting...
Hope something in there helps,
DB
On 20 Aug 2024, at 4:52PM, Damien Gardner Jnr via Public < public@talk.mikrotik.com.au> wrote:
So, I was off work sick today, have been holding off on upgrading all
'production' gear to ROS 7 until BFD support was a thing. Supposedly it's now supported, so I upgraded one of my routers (RB1100AHx4). And yeah, BFD does not appear to work :(
Asked a few colleagues, and it's working for them. We compared configs, and identical configs basically, just different hardware on the other side.
Is there a trick to it? Is it only supported on specific Mikrotik hardware? Or only TO/FROM specific remote hardware? I tried enabling logging (/system logging add prefix=debug topics=bfd), which didn't really add anything.. Remote end is Cisco Nexus
Config is basically:
/routing bfd configuration add disabled=no interfaces=vlan300_WyongBGP /routing bgp connection add as=65001 connect=yes disabled=no hold-time=6s input.filter=BGP_SAU_TOR_IN_V4 keepalive-time=2s listen=yes local.address=103.235.x.x .role=ebgp name=SAU-TOR-WYONG-V4 output.filter-chain=BGP_SAU_TOR_OUT_V4 \ .network=bgp-networks .no-client-to-client-reflection=yes .redistribute=connected,static,vpn,dhcp remote.address=103.235.x.x/32 .as=64101 .port=179 router-id=103.235.x.x routing-table=main templates=SAU \ use-bfd=yes
If I watch the BFD sessions, I'll see it show as 'dead',. and then disappear, then show as dead, then disappear..
Any thoughts? I've set this one to a 6 second hold timer, and halted
other upgrades for now. I've also reset the config and configured from scratch incase it was a v6>v7 upgrade issue, but still the same
my the problem..
Thankyou! --
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.c om.au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au---------------------------- Roger Plant
Oooh really? Can I ask what settings you have in /routing/bfd ? I currently have: /routing bfd configuration add addresses=103.235.52.xxx/32 disabled=no min-rx=200ms min-tx=200ms multiplier=5 add disabled=no interfaces=vlan300_WyongBGP min-rx=200ms min-tx=200ms multiplier=5 add disabled=no forbid-bfd=yes and it is ending up with: 103.235.52.xxy.54927 > 103.235.52.xxx.3784: [bad udp cksum 0x396b -> 0x8279!] BFDv1, length: 24 Control, State Down, Flags: [none], Diagnostic: No Diagnostic (0x00) Detection Timer Multiplier: 5 (5000 ms Detection time), BFD Length: 24 My Discriminator: 0x1a2a5630, Your Discriminator: 0x00000000 Desired min Tx Interval: 1000 ms Required min Rx Interval: 200 ms Required min Echo Interval: 0 ms I can change min-rx up and down, and it changes in the tcpdump, but min-tx change aren't making any difference to what I see in the tcpdump. Checked on my ROS6 ones, and the min-tx and min-rx in the TCPdumps are changing as I update the config no problems. I'm on 7.15.3 at the moment - what version are you on Roger? Thanks, Damien On Wed, 21 Aug 2024 at 11:08, Roger Plant via Public < public@talk.mikrotik.com.au> wrote:
Hi,
I have bfd (for ospf) and it appears to be working ok.
I have min tx of 0.5 (bigger than the default 0.2), and it says it is 500ms when looking at a wireshark capture.
Regards Roger
Date sent: Wed, 21 Aug 2024 10:20:34 +1000 To: TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au> Subject: Re: [MT-AU Public] Soooo, how does one get BFD to come up on ROS 7? :) From: Damien Gardner Jnr via Public < public@talk.mikrotik.com.au> Send reply to: MikroTik Australia Public List < public@talk.mikrotik.com.au> Copies to: Damien Gardner Jnr <rendrag@rendrag.net>, MikroTik Australia Public List <public@talk.mikrotik.com.au>
[ Double-click this line for list subscription options ]
Thanks, that got it sorted. It's a ROS7 bug, not honouring the configured min_tx on the BFD session, and always sending 1000ms for min_tx - which is above the maximum 999ms for Cisco Nexus, so BFD can't be established.. Would be good if their Documentation mentioned that this setting was not honoured, and was hardcoded to 1000ms...
I guess I stay with ROS6! Wish I'd realised before I upgraded this router though :(
Thanks for your time, Dirk! :)
On Tue, 20 Aug 2024 at 17:53, TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au> wrote:
One more thing, if you set up a BGP session without BFD, does the session show bfd in the capabilities for the remote end?
Whatever the issue is, it´ll be small and stupid and the session will suddenly come alive once you nail it down, BFD has been really solid for us.
On 20 Aug 2024, at 5:41PM, Damien Gardner Jnr <rendrag@rendrag.net> wrote:
Thanks Dirk,
Yep, it was all working on ROS6 before the upgrade. Allowing all in the firewall from the TOR switch interface IP. Good question though, I´ll setup a capture piped back to my workstation later tonight and see exactly what´s going over there!
(My bgp is internal to sau, announcing the smaller prefixes I use in my lab, not talking to the public routers - so it´s one physical link, no trunking - afaik we don´t support BFD unless you are directly peering on one of the `big´ routers for public BGP)
Thanks!
Damien
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
On Tue, 20 Aug 2024 at 5:36PM, TFM Cloud - Dirk Bermingham < dirk@tfmcloud.au> wrote:
What a way to spend a sick day :)
Dumb question, the remote end definitely supports bfd? (My SAU links don´t :( )
Are you permitting 3784 UDP and 3785 TCP/UDP in your input and output chains?
Can you see 3784/3785 traffic on your BGP interface?
BFD on my configs is pretty much as simple as yours, > interface listed in BFD > bfd = yes in BGP > firewall rules permitting...
Hope something in there helps,
DB
On 20 Aug 2024, at 4:52PM, Damien Gardner Jnr via Public < public@talk.mikrotik.com.au> wrote:
So, I was off work sick today, have been holding off on upgrading all
'production' gear to ROS 7 until BFD support was a thing. Supposedly it's now supported, so I upgraded one of my routers (RB1100AHx4). And yeah, BFD does not appear to work :(
Asked a few colleagues, and it's working for them. We compared configs, and identical configs basically, just different hardware on the other side.
Is there a trick to it? Is it only supported on specific Mikrotik hardware? Or only TO/FROM specific remote hardware? I tried enabling logging (/system logging add prefix=debug topics=bfd), which didn't really add anything.. Remote end is Cisco Nexus
Config is basically:
/routing bfd configuration add disabled=no interfaces=vlan300_WyongBGP /routing bgp connection add as=65001 connect=yes disabled=no hold-time=6s input.filter=BGP_SAU_TOR_IN_V4 keepalive-time=2s listen=yes local.address=103.235.x.x .role=ebgp name=SAU-TOR-WYONG-V4 output.filter-chain=BGP_SAU_TOR_OUT_V4 \ .network=bgp-networks .no-client-to-client-reflection=yes .redistribute=connected,static,vpn,dhcp remote.address=103.235.x.x/32 .as=64101 .port=179 router-id=103.235.x.x routing-table=main templates=SAU \ use-bfd=yes
If I watch the BFD sessions, I'll see it show as 'dead',. and then disappear, then show as dead, then disappear..
Any thoughts? I've set this one to a 6 second hold timer, and halted
other upgrades for now. I've also reset the config and configured from scratch incase it was a v6>v7 upgrade issue, but still the same
my the problem..
Thankyou! --
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.c om.au
--
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au---------------------------- Roger Plant
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
Hi Again, I did some more testing over a pppoe link, and it would normally connect immediately when rejigging the bfd, but if I downed the pppoe link and then restored it a short time (10S or so) later it would sometimes take a long time before bfd would come back up. And while it was down, it was sending bfd packets with an incorrect value of 1000ms for the min_tx interval. The first seen reply packet also had a Min tx interval of 1000ms. Once the other end started replying they would both then send the correct 200ms (in this case) value. It was only sending BFD packets a bit under every second or so until the BFD link was up. Then it started sending quickly. This rate sort of makes sense while not connected, but perhaps it shouldn't be in the actual packet?? Seems likely a bug. Some packets Frame 5: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 192.168.97.1, Dst: 192.168.97.244 User Datagram Protocol, Src Port: 49174, Dst Port: 3784 BFD Control message 001. .... = Protocol Version: 1 ...0 0000 = Diagnostic Code: No Diagnostic (0x00) 01.. .... = Session State: Down (0x1) Message Flags: 0x40 Detect Time Multiplier: 5 (= 5000 ms Detection time) Message Length: 24 bytes My Discriminator: 0x45839bbb Your Discriminator: 0x00000000 Desired Min TX Interval: 1000 ms (1000000 us) Required Min RX Interval: 200 ms (200000 us) Required Min Echo Interval: 0 ms (0 us) First seen reply packet Frame 15: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 192.168.97.244, Dst: 192.168.97.1 User Datagram Protocol, Src Port: 49158, Dst Port: 3784 BFD Control message 001. .... = Protocol Version: 1 ...0 0000 = Diagnostic Code: No Diagnostic (0x00) 01.. .... = Session State: Down (0x1) Message Flags: 0x40 Detect Time Multiplier: 5 (= 5000 ms Detection time) Message Length: 24 bytes My Discriminator: 0x11f867b3 Your Discriminator: 0x00000000 Desired Min TX Interval: 1000 ms (1000000 us) Required Min RX Interval: 200 ms (200000 us) Required Min Echo Interval: 0 ms (0 us) 2nd BFD reply packet Frame 29: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 192.168.97.244, Dst: 192.168.97.1 User Datagram Protocol, Src Port: 49158, Dst Port: 3784 BFD Control message 001. .... = Protocol Version: 1 ...0 0000 = Diagnostic Code: No Diagnostic (0x00) 11.. .... = Session State: Up (0x3) Message Flags: 0xc0 Detect Time Multiplier: 5 (= 1000 ms Detection time) Message Length: 24 bytes My Discriminator: 0x11f867b3 Your Discriminator: 0x45839bbb Desired Min TX Interval: 200 ms (200000 us) Required Min RX Interval: 200 ms (200000 us) Required Min Echo Interval: 0 ms (0 us) From: Damien Gardner Jnr <rendrag@rendrag.net> Date sent: Wed, 21 Aug 2024 11:17:44 +1000 Subject: Re: [MT-AU Public] Soooo, how does one get BFD to come up on ROS 7? :) To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Copies to: Roger Plant <rplant@melbpc.org.au> To: TFM Cloud - Dirk Bermingham <<a href="mailto:dirk@tfmcloud.au" target="_blank">dirk@tfmcloud.au</a>><br> Subject: Re: [MT-AU Public] Soooo,<br> From: Damien Gardner Jnr via Public <<a href="mailto:public@talk.mikrotik.com.au" target="_blank">public@talk.mikrotik.com.au</a>><br> Oooh really? Can I ask what settings you have in /routing/bfd ? ---------------------------- Roger Plant
Hi guys, Its not a bug, it's a required behaviour of the protocol re: the RFC https://datatracker.ietf.org/doc/html/rfc5880#section-6.8.2 "When bfd.SessionState is not Up, the system MUST set bfd.DesiredMinTxInterval to a value of not less than one second (1,000,000 microseconds). This is intended to ensure that the bandwidth consumed by BFD sessions that are not Up is negligible, particularly in the case where a neighbor may not be running BFD." There has to be something else going on there Damien... Regards, DB -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Roger Plant via Public Sent: Wednesday, August 21, 2024 1:33 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au>; Damien Gardner Jnr <rendrag@rendrag.net> Cc: Roger Plant <rplant@melbpc.org.au> Subject: Re: [MT-AU Public] Soooo, how does one get BFD to come up on ROS 7? :) Hi Again, I did some more testing over a pppoe link, and it would normally connect immediately when rejigging the bfd, but if I downed the pppoe link and then restored it a short time (10S or so) later it would sometimes take a long time before bfd would come back up. And while it was down, it was sending bfd packets with an incorrect value of 1000ms for the min_tx interval. The first seen reply packet also had a Min tx interval of 1000ms. Once the other end started replying they would both then send the correct 200ms (in this case) value. It was only sending BFD packets a bit under every second or so until the BFD link was up. Then it started sending quickly. This rate sort of makes sense while not connected, but perhaps it shouldn't be in the actual packet?? Seems likely a bug. Some packets Frame 5: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 192.168.97.1, Dst: 192.168.97.244 User Datagram Protocol, Src Port: 49174, Dst Port: 3784 BFD Control message 001. .... = Protocol Version: 1 ...0 0000 = Diagnostic Code: No Diagnostic (0x00) 01.. .... = Session State: Down (0x1) Message Flags: 0x40 Detect Time Multiplier: 5 (= 5000 ms Detection time) Message Length: 24 bytes My Discriminator: 0x45839bbb Your Discriminator: 0x00000000 Desired Min TX Interval: 1000 ms (1000000 us) Required Min RX Interval: 200 ms (200000 us) Required Min Echo Interval: 0 ms (0 us) First seen reply packet Frame 15: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 192.168.97.244, Dst: 192.168.97.1 User Datagram Protocol, Src Port: 49158, Dst Port: 3784 BFD Control message 001. .... = Protocol Version: 1 ...0 0000 = Diagnostic Code: No Diagnostic (0x00) 01.. .... = Session State: Down (0x1) Message Flags: 0x40 Detect Time Multiplier: 5 (= 5000 ms Detection time) Message Length: 24 bytes My Discriminator: 0x11f867b3 Your Discriminator: 0x00000000 Desired Min TX Interval: 1000 ms (1000000 us) Required Min RX Interval: 200 ms (200000 us) Required Min Echo Interval: 0 ms (0 us) 2nd BFD reply packet Frame 29: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 192.168.97.244, Dst: 192.168.97.1 User Datagram Protocol, Src Port: 49158, Dst Port: 3784 BFD Control message 001. .... = Protocol Version: 1 ...0 0000 = Diagnostic Code: No Diagnostic (0x00) 11.. .... = Session State: Up (0x3) Message Flags: 0xc0 Detect Time Multiplier: 5 (= 1000 ms Detection time) Message Length: 24 bytes My Discriminator: 0x11f867b3 Your Discriminator: 0x45839bbb Desired Min TX Interval: 200 ms (200000 us) Required Min RX Interval: 200 ms (200000 us) Required Min Echo Interval: 0 ms (0 us) From: Damien Gardner Jnr <rendrag@rendrag.net> Date sent: Wed, 21 Aug 2024 11:17:44 +1000 Subject: Re: [MT-AU Public] Soooo, how does one get BFD to come up on ROS 7? :) To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Copies to: Roger Plant <rplant@melbpc.org.au> To: TFM Cloud - Dirk Bermingham <<a href="mailto:dirk@tfmcloud.au" target="_blank">dirk@tfmcloud.au</a>><br> Subject: Re: [MT-AU Public] Soooo,<br> From: Damien Gardner Jnr via Public <<a href="mailto:public@talk.mikrotik.com.au" target="_blank">public@talk.mikrotik.com.au</a>><br> Oooh really? Can I ask what settings you have in /routing/bfd ? ---------------------------- Roger Plant _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hey Dirk, Ohhhhh that is REALLY helpful, thankyou!! Ok I will keep playing with it tonight and see if there's some way to get more debugging info from both the Tik and Nexus sides, and also get more captures the working from ROS6<>Nexus pair, and see what the differences might be! Thanks, Damien On Thu, 22 Aug 2024 at 17:17, TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au> wrote:
Hi guys,
Its not a bug, it's a required behaviour of the protocol re: the RFC https://datatracker.ietf.org/doc/html/rfc5880#section-6.8.2
"When bfd.SessionState is not Up, the system MUST set bfd.DesiredMinTxInterval to a value of not less than one second (1,000,000 microseconds). This is intended to ensure that the bandwidth consumed by BFD sessions that are not Up is negligible, particularly in the case where a neighbor may not be running BFD."
There has to be something else going on there Damien...
Regards,
DB
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Roger Plant via Public Sent: Wednesday, August 21, 2024 1:33 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au>; Damien Gardner Jnr <rendrag@rendrag.net> Cc: Roger Plant <rplant@melbpc.org.au> Subject: Re: [MT-AU Public] Soooo, how does one get BFD to come up on ROS 7? :)
Hi Again,
I did some more testing over a pppoe link, and it would normally connect immediately when rejigging the bfd, but if I downed the pppoe link and then restored it a short time (10S or so) later it would sometimes take a long time before bfd would come back up.
And while it was down, it was sending bfd packets with an incorrect value of 1000ms for the min_tx interval. The first seen reply packet also had a Min tx interval of 1000ms.
Once the other end started replying they would both then send the correct 200ms (in this case) value.
It was only sending BFD packets a bit under every second or so until the BFD link was up. Then it started sending quickly. This rate sort of makes sense while not connected, but perhaps it shouldn't be in the actual packet??
Seems likely a bug.
Some packets
Frame 5: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 192.168.97.1, Dst: 192.168.97.244 User Datagram Protocol, Src Port: 49174, Dst Port: 3784 BFD Control message 001. .... = Protocol Version: 1 ...0 0000 = Diagnostic Code: No Diagnostic (0x00) 01.. .... = Session State: Down (0x1) Message Flags: 0x40 Detect Time Multiplier: 5 (= 5000 ms Detection time) Message Length: 24 bytes My Discriminator: 0x45839bbb Your Discriminator: 0x00000000 Desired Min TX Interval: 1000 ms (1000000 us) Required Min RX Interval: 200 ms (200000 us) Required Min Echo Interval: 0 ms (0 us)
First seen reply packet
Frame 15: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 192.168.97.244, Dst: 192.168.97.1 User Datagram Protocol, Src Port: 49158, Dst Port: 3784 BFD Control message 001. .... = Protocol Version: 1 ...0 0000 = Diagnostic Code: No Diagnostic (0x00) 01.. .... = Session State: Down (0x1) Message Flags: 0x40 Detect Time Multiplier: 5 (= 5000 ms Detection time) Message Length: 24 bytes My Discriminator: 0x11f867b3 Your Discriminator: 0x00000000 Desired Min TX Interval: 1000 ms (1000000 us) Required Min RX Interval: 200 ms (200000 us) Required Min Echo Interval: 0 ms (0 us)
2nd BFD reply packet
Frame 29: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00) Internet Protocol Version 4, Src: 192.168.97.244, Dst: 192.168.97.1 User Datagram Protocol, Src Port: 49158, Dst Port: 3784 BFD Control message 001. .... = Protocol Version: 1 ...0 0000 = Diagnostic Code: No Diagnostic (0x00) 11.. .... = Session State: Up (0x3) Message Flags: 0xc0 Detect Time Multiplier: 5 (= 1000 ms Detection time) Message Length: 24 bytes My Discriminator: 0x11f867b3 Your Discriminator: 0x45839bbb Desired Min TX Interval: 200 ms (200000 us) Required Min RX Interval: 200 ms (200000 us) Required Min Echo Interval: 0 ms (0 us)
From: Damien Gardner Jnr <rendrag@rendrag.net> Date sent: Wed, 21 Aug 2024 11:17:44 +1000 Subject: Re: [MT-AU Public] Soooo, how does one get BFD to come up on ROS 7? :) To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Copies to: Roger Plant <rplant@melbpc.org.au>
To: TFM Cloud - Dirk Bermingham <<a href="mailto:dirk@tfmcloud.au" target="_blank">dirk@tfmcloud.au </a>><br> Subject: Re: [MT-AU Public] Soooo,<br> From: Damien Gardner Jnr via Public <<a href="mailto:public@talk.mikrotik.com.au" target="_blank"> public@talk.mikrotik.com.au</a>><br>
Oooh really? Can I ask what settings you have in /routing/bfd ?
---------------------------- Roger Plant
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
participants (4)
-
Damien Gardner Jnr
-
Mike Everest
-
Roger Plant
-
TFM Cloud - Dirk Bermingham