BFD for Pseudowires

Load base.ipv4.and.ipv6.cfg

#IOS-XE (R1-R6)
config replace flash:ospfv2.cfg

• Enable LDP on all routers.

• Configure a pseudowire between R2-R6 on their loopbacks.

• Create a VPWS using Gi2 service-instance 10 on each router. (This will not actually be operational).

• Configure the pseudowire to use BFD.

Answer

#All routers
router ospf 1
 mpls ldp auto

#R2
template type pseudowire PW_BFD
 encapsulation mpls
 signaling protocol ldp
 monitor peer bfd local interface Loopback0
!
bfd-template multi-hop BFD_MH
 interval min-tx 750 min-rx 750 multiplier 3
!
bfd map ipv4 6.6.6.6/32 2.2.2.2/32 BFD_MH
!
interface GigabitEthernet2
 service instance 10 ethernet
  encapsulation dot1q 10
!
l2vpn xconnect context XC1
 member gi2 service-instance 10
 member 6.6.6.6 10 template PW_BFD

#R6
template type pseudowire PW_BFD
 encapsulation mpls
 signaling protocol ldp
 monitor peer bfd local interface Loopback0
!
bfd-template multi-hop BFD_MH
 interval min-tx 750 min-rx 750 multiplier 3
!
bfd map ipv4 2.2.2.2/32 6.6.6.6/32 BFD_MH
!
interface GigabitEthernet2
 service instance 10 ethernet
  encapsulation dot1q 10
!
l2vpn xconnect context XC1
 member gi2 service-instance 10
 member 2.2.2.2 10 template PW_BFD

Explanation

Using BFD with pseudowires is essentially just the process of creating a multi-hop BFD session like normal, and then telling the router to monitor the pseudowire peer via BFD.

First we create a multi-hop BFD template and map the remote pseudowire peer to the BFD template:

#R2
bfd-template multi-hop BFD_MH
 interval min-tx 750 min-rx 750 multiplier 3
!
bfd map ipv4 6.6.6.6/32 2.2.2.2/32 BFD_MH

Next, we create a pseduowire template and configure BFD monitoring:

#R2
template type pseudowire PW_BFD
 encapsulation mpls
 signaling protocol ldp
 monitor peer bfd local interface Loopback0

Finally, the template is applied to the pseudowire peer in the xconnect config:

#R2
l2vpn xconnect context XC1
 member gi2 service-instance 10
 member 6.6.6.6 10 template PW_BFD

Verification

We can verify the multi-hop session just like any other BFD multi-hop session. Notice that xconnect is the registered protocol, and that, as usual, echos cannot be used for multi-hop sessions.

Let’s now simulate failure a new way. We’ll apply an ACL to all of R6’s interfaces that block BFD control packets. This simulates a scenario in which OSPF is still up (somehow), or hasn’t yet hit the dead timer.

#R6
ip access-list extended BLOCK_BFD
 10 deny   udp any any eq 4784
 20 permit ip any any
!
int GigabitEthernet2.36
 ip access-group BLOCK_BFD in
int GigabitEthernet2.46
 ip access-group BLOCK_BFD in
int GigabitEthernet2.56
 ip access-group BLOCK_BFD in

Within just a few seconds, BFD goes down on R2 and informs the xconnect process. The AToM VC is now down:

Personally, I don’t really see the use case for this. It is much more complex than just running BFD for the IGP, and relying on the IGP for reachability to the pseudowire peer.