Wednesday, July 27, 2011

Static Routes with Fast Failure Detection

How do we could protect against blackholing traffic in a network that was only configured with static routes?

You know those pesky problems that arise when two routers are connected on opposite ends of an Ethernet Switch or wan transport gear. A failure on one side of the link leaves the link up on the other side. Fiber cuts, clumsy engineers, failed equipment all can cause a static route blackhole. So how do we protect against this type of failure? That is a very good question and the answer is by using BFD (Bidirectional forwarding detection)





The Configs

Router 3

[edit]
jparks@J2350-1-R3# show routing-options
static {
    route 10.0.3.4/32 {
        next-hop 10.0.2.6;
        bfd-liveness-detection {
            minimum-interval 300;
            multiplier 3;
            neighbor 10.0.3.4;
            local-address 10.0.3.3;
        }
    }
}
router-id 10.0.3.3;
autonomous-system 65006;

Router 4

[edit]
jparks@J2350-2-R4# show routing-options
static {
    route 10.0.3.3/32 {
        next-hop 10.0.2.5;
        bfd-liveness-detection {
            minimum-interval 300;
            multiplier 3;
            neighbor 10.0.3.3;
            local-address 10.0.3.4;
        }
    }
}
router-id 10.0.3.4;
autonomous-system 65116;

Summary

If you need a way to prevent static routes from blackholing traffic in your network.  BFD will be your best answer. It is configurable to detect failure in milliseconds and can be applied on just about any protocol used in the network.

1 comment: