Friday , September 20 2024

BFD process-interface-status vs. process-pst

11 Apr, 2012 0

BFD process-interface-status and process-pst are applicable only for single-hop BFD. Let’s assume that we have two routers directly connected through interface GE1/0/0.

process-interface-status

By associating BFD session status with interface status we can trigger fast route convergence. We can use this function only for BFD session that uses a default multicast IP address to detect the single-hop link. We can use association between BFD session status and interface status in the case, when transport devices exist on the link between the routers. As the actual physical path is segmented by transport devices, the routers on both ends need a long time to detect a fault that occurred on the link. The change of BFD status affects the protocol status of the interface and thus fast convergence is triggered. When the BFD session becomes DOWN, the correspondence interface status also goes to BFD_DOWN state, causing that this direct route is deleted from the routing table but the router can still forward BFD packets.

[Labnario] bfd
[Labnario-bfd] quit
[Labnario] bfd test bind peer-ip default-ip interface gigabitethernet 1/0/0
[Labnario-bfd-session-test] discriminator local 1
[Labnario-bfd-session-test] discriminator remote 2
[Labnario-bfd-session-test] process-interface-status
[Labnario-bfd-session-test] commit

Remember that BFD should be configured symmetrically on both ends of the link.

[Labnario] display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 16384     (One Hop) State : Up     Name : test
--------------------------------------------------------------------------------
Local Discriminator     :1         Remote Discriminator     :2
Session Detect Mode     : Asynchronous Mode Without Echo Function
BFD Bind Type           : Interface(GigabitEthernet1/0/0)
Bind Session Type       : Static
Bind Peer Ip Address    : 224.0.0.184
NextHop Ip Address      : 224.0.0.184
Bind Interface          : GigabitEthernet1/0/0
FSM Board Id            : 3                   TOS-EXP      : 7
Min Tx Interval (ms)    : 10      Min Rx Interval (ms)     : 10
Actual Tx Interval (ms) : 10   Actual Rx Interval (ms)     : 10
Local Detect Multi      : 3        Detect Interval (ms)    : 30
Echo Passive            : Disable           Acl Number     : --
Destination Port        : 3784                     TTL     :255
Proc interface status   : Enable            Process PST    : Disable
WTR Interval (ms)       : 300000
Active Multi            : 3
Last Local Diagnostic   : No Diagnostic
Bind Application        :IFNET
Session TX TmrID        : --       Session Detect TmrID    : --
Session Init TmrID      : --          Session WTR TmrID    : --
PDT Index               : FSM-5000000|RCV-0|IF-0|TOKEN-0
Session Description     : --
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0

Look what will happen if we shutdown interface GE1/0/0:

[Labnario] display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 16384     (One Hop) State : Down     Name : test
--------------------------------------------------------------------------------
Local Discriminator     :1         Remote Discriminator     :2
Session Detect Mode     : Asynchronous Mode Without Echo Function
BFD Bind Type           : Interface(GigabitEthernet1/0/0)
Bind Session Type       : Static
Bind Peer Ip Address    : 224.0.0.184
NextHop Ip Address      : 224.0.0.184
Bind Interface          : GigabitEthernet1/0/0
FSM Board Id            : 3                   TOS-EXP      : 7
Min Tx Interval (ms)    : 10      Min Rx Interval (ms)     : 10
Actual Tx Interval (ms) : 10   Actual Rx Interval (ms)     : 10
Local Detect Multi      : 3        Detect Interval (ms)    : 30
Echo Passive            : Disable           Acl Number     : --
Destination Port        : 3784                     TTL     :255
Proc interface status   : Enable            Process PST    : Disable
WTR Interval (ms)       : 300000
Active Multi            : 3
Last Local Diagnostic   : No Diagnostic
Bind Application        :IFNET
Session TX TmrID        : --       Session Detect TmrID    : --
Session Init TmrID      : --          Session WTR TmrID    : --
PDT Index               : FSM-5000000|RCV-0|IF-0|TOKEN-0
Session Description     : --
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0

Display interface command shows that line protocol state for GE1/0/0 is “BFD status down”:

[Labnario] display interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 current state : UP
Line protocol current state : UP(BFD status down)

You can also associate BFD status with subinterface status by adding the following command:

process-interface-status sub-if

process-pst

As it was mentioned earlier in this post process-pst function is only applicable to single-hop BFD session. BFD can modify Port State Table (PST) when it detects that interface has a fault. It detects that interface is DOWN and modifies the corresponding entry in the PST. Through the PST, upper application protocols can know the BFD detection result. LDP FRR and IP FRR are examples of such protocols that need to know the BFD detection result through PST.

Use the following command in BFD view to permit PST to be modified:

process-pst

[Labnario] display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 16384     (One Hop) State : Up     Name : test
--------------------------------------------------------------------------------
Local Discriminator     :1         Remote Discriminator     :2
Session Detect Mode     : Asynchronous Mode Without Echo Function
BFD Bind Type           : Interface(GigabitEthernet1/0/0)
Bind Session Type       : Static
Bind Peer Ip Address    : 224.0.0.184
NextHop Ip Address      : 224.0.0.184
Bind Interface          : GigabitEthernet1/0/0
FSM Board Id            : 3                   TOS-EXP      : 7
Min Tx Interval (ms)    : 10      Min Rx Interval (ms)     : 10
Actual Tx Interval (ms) : 10   Actual Rx Interval (ms)     : 10
Local Detect Multi      : 3        Detect Interval (ms)    : 30
Echo Passive            : Disable           Acl Number     : --
Destination Port        : 3784                     TTL     :255
Proc interface status   : Disable        Process PST    : Enable
WTR Interval (ms)       : 300000
Active Multi            : 3
Last Local Diagnostic   : No Diagnostic
Bind Application        :IFNET
Session TX TmrID        : --       Session Detect TmrID    : --
Session Init TmrID      : --          Session WTR TmrID    : --
PDT Index               : FSM-5000000|RCV-0|IF-0|TOKEN-0
Session Description     : --
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0

Read More »

Huawei cheat sheet – Huawei CLI

5 Apr, 2012 0

I have been describing Huawei datacom devices on my blog since July 2011. I started with some basic information about Huawei CLI, access methods and upgrade procedures. Then I showed you more advanced topics like PBR, DHCP etc. I am pleasantly surprised that this blog is visited by people from all continents, even from countries I have never heard about. As this blog is getting more and more popular I will do my best to publish more interesting posts.

As we went through a some stage, I have decided to prepare a cheat sheet describing Huawei CLI. You can download it as PDF, print and keep it :). I hope it will be useful for you.

Read More »

console password recovery Huawei S5300

2 Apr, 2012 0

What to do if you forgot console password to Huawei S5300 switch?

I received such question last week. One of readers of this blog forgot console password and he wanted to modify startup configuration file from bootrom menu. His operation failed and there was a notification from the system that there is an “invalid package file!” and “auto-booting failed!”.

There was s5300ei-v100r002c02spc100 software installed in this switch so we can focus just on this software.

In S5300 there are two ways to solve this problem:

  1. Create configuration file on your PC, upload it to S5300 and modify startup file
  2. Delete configuration file from S5300 to let it to boot with empty configuration

Let’s start with the first way:

  • Create configuration file on your PC. You can use default empty configuration downloaded from another switch
  • Start FTP server on your PC
  • Upload the configuration file to flash of S5300 from bootrom menu:

*       Copyright (c) 2008-2009 HUAWEI TECH CO., LTD.       *
*************************************************************
Board Name ....................................... CX22EFGE
DDR SDRAM size ................................... 256MB

DDR SDRAM test ................................... pass
Press Ctrl+T to enter Boot-Up Diagnostics in 1 seconds

     ************************************************
     *                                              *
     *             Basic BOOTROM, Ver009            *
     *                                              *
     ************************************************

     Copyright (c) 2008-2009 HUAWEI TECH CO., LTD.
     Creation date: Sep 16 2009, 01:28:46

     CPU L1 Cache    : 32KB
     CPU Clock Speed : 533MHz
     Bus Clock Speed : 266MHz
     Memory Size     : 256MB

Press Ctrl+B to enter BOOTROM menu... 2
password: (default password for S5300 is huawei)
          BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Display flash files
    5. Modify BOOTROM password
    6. Reboot
Enter your choice(1-6):
  • As this is an old bootrom type “CTRL Z” to go to hidden bootrom menu and follow the procedure below:
HIDDEN MENU

    1. Erase Flash
    2. Delete file from Flash
    3. Format flash
    4. Enter ethernet submenu
    5. Update EPLD file
    6. Update FPGA file
    7. Update FansCard File
    8. Return to main menu    

Enter your choice(1-8): 4
  ETHERNET  SUBMENU

    1. Download file to SDRAM through ethernet interface and boot
    2. Download file to Flash through ethernet interface
    3. Modify ethernet interface boot parameter
    4. Return to main menu

Be sure to select 3 to modify boot parameter before downloading!

Enter your choice(1-4): 3

Note: Two protocols for download, tftp & ftp.
      You can modify the flags following the menu.
      tftp--0x80, ftp--0x0.

'.' = clear field;  '-' = go to previous field;  ^D = quit

boot device          : mottsec0
processor number     : 0
host name            : host
file name            : S5300EI-V100R005C00SPC100.cc new_cfg.cfg (new configuration file)
inet on ethernet (e) : 192.168.0.20 1.1.1.2 (IP address of the switch)
inet on backplane (b):
host inet (h)        : 192.168.0.22 1.1.1.1 (IP address of PC)
gateway inet (g)     :
user (u)             : huawei huawei (FTP user)
ftp password (pw) (blank = use rsh): huawei huawei (FTP password)
flags (f)            : 0x0 (FTP flag)
target name (tn)     : V1R5SPC100.cc new_cfg.cfg
startup script (s)   :
other (o)            : 

Starting to write BOOTLINE into flash ... done

          ETHERNET  SUBMENU

    1. Download file to SDRAM through ethernet interface and boot
    2. Download file to Flash through ethernet interface
    3. Modify ethernet interface boot parameter
    4. Return to main menu

Enter your choice(1-4): 2

boot device          : mottsec
unit number          : 0
processor number     : 0
host name            : host
file name            : new_cfg.cfg
inet on ethernet (e) : 1.1.1.2
host inet (h)        : 1.1.1.1
user (u)             : huawei
ftp password (pw)    : huawei
flags (f)            : 0x0
target name (tn)     : new_cfg.cfg

Attached TCP/IP interface to mottsec0.
Warning: no netmask specified.
Attaching network interface lo0... done.
Loading... 

Read file to sdram .Done

Writing Flash.done
File length: 5057 bytes
Took time : 4s

          ETHERNET  SUBMENU

    1. Download file to SDRAM through ethernet interface and boot
    2. Download file to Flash through ethernet interface
    3. Modify ethernet interface boot parameter
    4. Return to main menu

Enter your choice(1-4): 4

         HIDDEN MENU

    1. Erase Flash
    2. Delete file from Flash
    3. Format flash
    4. Enter ethernet submenu
    5. Update EPLD file
    6. Update FPGA file
    7. Update FansCard File
    8. Return to main menu    

Enter your choice(1-8): 8

          BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Display flash files
    5. Modify BOOTROM password
    6. Reboot

Enter your choice(1-6): 4
No. File Size(bytes)     Created Date       File Name
=================================================================
1:  108376   bytes   Oct 01 2008 00:01:24   matnlog.dat
2:  5169809  bytes   Oct 01 2008 00:05:18   log.log
3:  102      bytes   Oct 09 2008 16:27:17   $_patchstate_a
4:  836      bytes   Oct 01 2008 00:04:36   rr.dat
5:  836      bytes   Oct 01 2008 00:04:41   rr.bak
6:  5057     bytes   Oct 01 2008 00:05:23   new_config.cfg
7:  11050836 bytes   Oct 01 2008 00:02:26   S5300EI-V100R005C00SPC100.cc
8:  327968   bytes   Oct 01 2008 00:50:21   bootrom104.bin
9:  4860     bytes   Oct 01 2008 00:12:59   vrpcfg.cfg
10:  1037     bytes   Oct 01 2008 00:13:12   private-data.txt
11:  7458012  bytes   Oct 01 2008 00:10:20   s5300ei-v100r002c02spc100.cc
12:  384384   bytes   Oct 01 2008 00:11:11   bootrom009.bin
13:  5057     bytes   Oct 01 2008 00:06:35   new_cfg.cfg
Total: 30008KB(Free: 6024KB)

          BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Display flash files
    5. Modify BOOTROM password
    6. Reboot

Enter your choice(1-6): 3

       Startup Configuration Submenu

    1. Display startup configuration
    2. Modify startup configuration
    3. Return to main menu

Enter your choice(1-3): 2

Note: startup file field can not be cleard
'.'=clear field; '^D'=quit; Enter=use current configuration
startup type(1: Flash  2: Server)
  current: 1
  new    : 1
Flash startup file (can not be cleared)
  current: s5300ei-v100r002c02spc100.cc
  new    : s5300ei-v100r002c02spc100.cc
saved-configuration file
  current: vrpcfg.cfg
  new    : new_cfg.cfg
license file
  current:
  new    :
patch package
  current:
  new    :
       Startup Configuration Submenu

    1. Display startup configuration
    2. Modify startup configuration
    3. Return to main menu

Enter your choice(1-3): 1
Current startup configuration

  startup type      : Flash
  startup file      : s5300ei-v100r002c02spc100.cc
  configuration file: new_cfg.cfg
  license file      :
  patch package     :
Last time startup state : Success
Latest successful startup configuration
  startup file      : s5300ei-v100r002c02spc100.cc
  configuration file: vrpcfg.cfg
  license file      :
  patch package     :
       Startup Configuration Submenu

    1. Display startup configuration
    2. Modify startup configuration
    3. Return to main menu

Enter your choice(1-3): 3

          BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Display flash files
    5. Modify BOOTROM password
    6. Reboot
Enter your choice(1-6): 6
Reboot...

After this procedure the switch will boot with the new configuration file.

And now the second way:

  • Go to bootrom menu:
*       Copyright (c) 2008-2009 HUAWEI TECH CO., LTD.       *
*************************************************************
Board Name ....................................... CX22EFGE
DDR SDRAM size ................................... 256MB

DDR SDRAM test ................................... pass
Press Ctrl+T to enter Boot-Up Diagnostics in 1 seconds

     ************************************************
     *                                              *
     *             Basic BOOTROM, Ver009            *
     *                                              *
     ************************************************

     Copyright (c) 2008-2009 HUAWEI TECH CO., LTD.
     Creation date: Sep 16 2009, 01:28:46

     CPU L1 Cache    : 32KB
     CPU Clock Speed : 533MHz
     Bus Clock Speed : 266MHz
     Memory Size     : 256MB

Press Ctrl+B to enter BOOTROM menu... 2
password: (default password for S5300 is huawei)
          BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Display flash files
    5. Modify BOOTROM password
    6. Reboot
Enter your choice(1-6):
  • As this is an old bootrom type “CTRL Z” to go to hidden bootrom menu and follow the procedure below:
HIDDEN MENU

    1. Erase Flash
    2. Delete file from Flash 
    3. Format flash
    4. Enter ethernet submenu
    5. Update EPLD file
    6. Update FPGA file
    7. Update FansCard File
    8. Return to main menu    

Enter your choice(1-8): 2
No. File Size(bytes)      Created Date       File Name
=================================================================
1:  108376   bytes   Oct 01 2008 00:12:29   flash:/matnlog.dat
2:  5169809  bytes   Oct 01 2008 00:05:18   flash:/log.log
3:  102      bytes   Oct 09 2008 16:27:17   flash:/$_patchstate_a
4:  836      bytes   Oct 01 2008 00:12:54   flash:/rr.dat
5:  836      bytes   Oct 01 2008 00:12:58   flash:/rr.bak
6:  5057     bytes   Oct 01 2008 00:05:23   flash:/new_config.cfg
7:  11050836 bytes   Oct 01 2008 00:02:26   flash:/S5300EI-V100R005C00SPC100.cc
8:  327968   bytes   Oct 01 2008 00:50:21   flash:/bootrom104.bin
9:  4860     bytes   Oct 01 2008 00:12:59   flash:/vrpcfg.cfg
10:  1037     bytes   Oct 01 2008 00:13:12   flash:/private-data.txt
11:  7458012  bytes   Oct 01 2008 00:10:20   flash:/s5300ei-v100r002c02spc100.cc
12:  384384   bytes   Oct 01 2008 00:11:11   flash:/bootrom009.bin
13:  5057     bytes   Oct 01 2008 00:06:35   flash:/new_cfg.cfg                  

BE CAREFUL!
This may cause your system fail to start!
Please input the full directory and filename you want to delete, e.g.: flash:/hw-switch.cc  flash     flash:/vrpcfg.cfg

delete it? Yes or No(Y/N)y

Deleting file .....done

         HIDDEN MENU

    1. Erase Flash
    2. Delete file from Flash
    3. Format flash
    4. Enter ethernet submenu
    5. Update EPLD file
    6. Update FPGA file
    7. Update FansCard File
    8. Return to main menu    

Enter your choice(1-8): 8

          BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Display flash files
    5. Modify BOOTROM password
    6. Reboot

Enter your choice(1-6): 4
No. File Size(bytes)     Created Date       File Name
=================================================================
1:  108376   bytes   Oct 01 2008 00:12:29   matnlog.dat
2:  5169809  bytes   Oct 01 2008 00:05:18   log.log
3:  102      bytes   Oct 09 2008 16:27:17   $_patchstate_a
4:  836      bytes   Oct 01 2008 00:12:54   rr.dat
5:  836      bytes   Oct 01 2008 00:12:58   rr.bak
6:  5057     bytes   Oct 01 2008 00:05:23   new_config.cfg
7:  11050836 bytes   Oct 01 2008 00:02:26   S5300EI-V100R005C00SPC100.cc
8:  327968   bytes   Oct 01 2008 00:50:21   bootrom104.bin
9:  1037     bytes   Oct 01 2008 00:13:12   private-data.txt
10:  7458012  bytes   Oct 01 2008 00:10:20   s5300ei-v100r002c02spc100.cc
11:  384384   bytes   Oct 01 2008 00:11:11   bootrom009.bin
12:  5057     bytes   Oct 01 2008 00:06:35   new_cfg.cfg
Total: 30008KB(Free: 6032KB)

          BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Display flash files
    5. Modify BOOTROM password
    6. Reboot

Enter your choice(1-6): 3

       Startup Configuration Submenu

    1. Display startup configuration
    2. Modify startup configuration
    3. Return to main menu

Enter your choice(1-3): 1
Current startup configuration
  startup type      : Flash
  startup file      : s5300ei-v100r002c02spc100.cc
  configuration file: vrpcfg.cfg
  license file      :
  patch package     : 

Last time startup state : Success
Latest successful startup configuration
  startup file      : s5300ei-v100r002c02spc100.cc
  configuration file: vrpcfg.cfg
  license file      :
  patch package     : 

       Startup Configuration Submenu

    1. Display startup configuration
    2. Modify startup configuration
    3. Return to main menu

Enter your choice(1-3): 3

          BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Display flash files
    5. Modify BOOTROM password
    6. Reboot

Enter your choice(1-6): 6

After this operation the switch will boot with default empty configuration file.

After a new software is installed, for example S5300EI-V100R005C00SPC100, the main bootrom menu appearance is changed:

Press Ctrl+B to enter BOOTROM menu... 2 1
password: 

          BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Enter ethernet submenu
    5. Enter filesystem submenu
    6. Modify BOOTROM password
    7. Reboot

Enter your choice(1-7): 5

         FILESYSTEM SUBMENU

    1. Erase Flash
    2. Format flash
    3. Delete file from Flash
    4. Rename file from Flash
    5. Display Flash files
    6. Update EPLD file
    7. Update FPGA file
    8. Update FansCard File
    9. Return to main menu    

Enter your choice(1-9):

As you can see, you do not have to go to hidden mode to use ethernet submenu and do operation on files.

How to upload file from this new bootrom menu you can find in upgrade of Huawei’s S5300 switch.

Read More »

a few words about BFD

29 Mar, 2012 0

BFD (Bidirectional Forwarding Detection)

What to do to quickly establish an alternative path in case of communication failure between adjacent systems?

There are two detection mechanisms:

  • Hardware detection, for example alarms in SDH used to detect link faults
  • Hello mechanism used by routing protocols.

The main disadvantage of hardware detection is that not all media support it. For example Ethernet does not provide this kind of signalling.

When there is no hardware signalling we can use Hello in routing protocols but this mechanism is relatively slow. Sensitive services, for example voice, cannot work with more than one second delay.

The best solution is to use BFD (Bidirectional Forwarding Detection). This is simple mechanism that works independently of media, data and routing protocols. The main goal of BFD is to detect failures in the path between adjacent devices in a short time (minimum detection time for NE40E is 30ms). It does not matter if it is physical link, virtual circuit, tunnel, MPLS LSP, multi-hop path or unidirectional link. We can treat BFD as a simple Hello protocol where a pair of devices periodically sends BFD packets between them. If one device does not receive BFD packets within specified period, the system assumes that the bidirectional path to the neighboring system has failed.

BFD operates on top of any data protocols creating, deleting and modifying BFD sessions according to information provided by upper layers, at the same time notifying upper layers applications about the session status.

BFD control packets are encapsulated in UDP packet as payload.

BFD provides the following detection modes:

  • Asynchronous mode where 2 devices periodically send BFD packets to each other
  • Query mode where device does not periodically send BFD packets but using for example Hello mechanism of routing protocols for failures’ detection.

Link types detected by BFD:

  • IP links (both one-hop and multi-hop detection)
  • Eth-Trunk
  • VLANIF
  • MPLS LSP
  • PWs

As you already know there are two BFD session modes:

  1. Static BFD where local and remote discriminator are configured manually
  2. Dynamic BFD where system dynamically allocates a “My Discriminator” and then sends a BFD control packet with remote discriminator equals 0. Remote system controls the BFD packet and learns the value of “My Discriminator” as a remote discriminator.

BFD state machine implements a three-way handshake mechanism to establish BFD session.

There are four BFD session states:

  1. DOWN
  2. INIT
  3. UP
  4. AdminDOWN.

Examples of using BFD:

  1. BFD for unicast static route
  2. BFD for routing protocols (OSPF, ISIS, BGP)
  3. BFD for VRRP (virtual router redundancy protocol)
  4. BFD for PST (port state table)
  5. BFD for TE
  6. BFD for PIM
  7. BFD for PW.

This post was only to mention about such mechanism as BFD. As BFD is often being used in current IP networks, for sure you will know how to configure it reading my next posts. At the first opportunity I will show you examples of BFD configuration.

Read More »

Huawei interface backup configuration

15 Mar, 2012 0

There are two interface backup modes:

  1. Active/standby
  2. Load balancing

In common active/standby mode only one interface transmit services at any time. When active interface works properly, it transmit all the traffic. In case of fault of the primary interface, a backup interface with the highest priority starts transmitting packets. If primary interface recovers, traffic is switched back to active interface.

In load balancing mode, in case traffic volume exceeds an upper threshold set for active interface, a backup interface with the highest priority starts transmitting packets and load balancing is performed.

Which mode we have is determined by upper and lower thresholds. If thresholds are not set, active/standby mode is used. Otherwise, load balancing mode is used.

Let’s assume that we have the following topology:

Normally traffic from CE1 router to CE2 router should go through interface GE0/0/1 of RouterA. What we want to do is to configure backup interfaces to ensure that one of them will hand over this traffic in case the active interface is DOWN.

First configure IP addresses and routing between these four routers (below CE1 and RouterA as an example):

CE1 configuration:
#
interface GigabitEthernet0/0/0
 ip address 172.16.10.2 255.255.255.252
#
ip route-static 0.0.0.0 0.0.0.0 172.16.10.1

RouterA configuration:
#
interface GigabitEthernet0/0/0
 ip address 172.16.10.1 255.255.255.252
#
interface GigabitEthernet0/0/1
 undo shutdown
 ip address 10.0.0.1 255.255.255.252
#
interface GigabitEthernet0/0/2
 ip address 10.0.0.5 255.255.255.252
#
interface GigabitEthernet0/0/3
 ip address 10.0.0.9 255.255.255.252
#
ip route-static 172.16.10.12 255.255.255.252 10.0.0.6
ip route-static 172.16.10.12 255.255.255.252 10.0.0.10
ip route-static 172.16.10.12 255.255.255.252 10.0.0.2

Displaying routing table of RouterA we can see that a network 172.16.10.12 is available through these 3 configured static routes:

[RouterA]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
        Destinations : 11       Routes : 13

Destination/Mask    Proto  Pre  Cost       Flags NextHop         Interface

       10.0.0.0/30  Direct 0    0            D   10.0.0.1        GigabitEthernet0/0/1
       10.0.0.1/32  Direct 0    0            D   127.0.0.1       InLoopBack0
       10.0.0.4/30  Direct 0    0            D   10.0.0.5        GigabitEthernet0/0/2
       10.0.0.5/32  Direct 0    0            D   127.0.0.1       InLoopBack0
       10.0.0.8/30  Direct 0    0            D   10.0.0.9        GigabitEthernet0/0/3
       10.0.0.9/32  Direct 0    0            D   127.0.0.1       InLoopBack0
      127.0.0.0/8   Direct 0    0            D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct 0    0            D   127.0.0.1       InLoopBack0
    172.16.10.0/30  Direct 0    0            D   172.16.10.1     GigabitEthernet0/0/0
    172.16.10.1/32  Direct 0    0            D   127.0.0.1       InLoopBack0
   172.16.10.12/30  Static 60   0           RD   10.0.0.6        GigabitEthernet0/0/2
                    Static 60   0           RD   10.0.0.10       GigabitEthernet0/0/3
                    Static 60   0           RD   10.0.0.2        GigabitEthernet0/0/1

Now we can configure backup interface on interface GE0/0/1 of RouterA:

#
interface GigabitEthernet0/0/1
 standby interface GigabitEthernet0/0/2 60
 standby interface GigabitEthernet0/0/3 30
#

Look what we can see now. Backup interfaces are in DOWN state. Only active interface is UP:

[RouterA-GigabitEthernet0/0/1]display ip interface brief
*down: administratively down
!down: FIB overload down
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2

Interface                         IP Address/Mask      Physical   Protocol
GigabitEthernet0/0/0              172.16.10.1/30       up         up
GigabitEthernet0/0/1              10.0.0.1/30          up         up
GigabitEthernet0/0/2              10.0.0.5/30          down       down
GigabitEthernet0/0/3              10.0.0.9/30          down       down
NULL0                             unassigned           up         up(s)

In IP routing table we have only one static route:

[RouterA]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
        Destinations : 7        Routes : 7

Destination/Mask    Proto  Pre  Cost       Flags NextHop         Interface

       10.0.0.0/30  Direct 0    0            D   10.0.0.1        GigabitEthernet0/0/1
       10.0.0.1/32  Direct 0    0            D   127.0.0.1       InLoopBack0
      127.0.0.0/8   Direct 0    0            D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct 0    0            D   127.0.0.1       InLoopBack0
    172.16.10.0/30  Direct 0    0            D   172.16.10.1     GigabitEthernet0/0/0
    172.16.10.1/32  Direct 0    0            D   127.0.0.1       InLoopBack0
   172.16.10.12/30  Static 60   0           RD   10.0.0.2        GigabitEthernet0/0/1

Trace from CE1 to CE2 shows that traffic is going through active interface of RouterA (GE0/0/1):

<CE1>tracert 172.16.10.14
 traceroute to  172.16.10.14(172.16.10.14), max hops: 30 ,packet length: 40
 1 172.16.10.1 30 ms  50 ms  40 ms
 2 10.0.0.2 80 ms  80 ms  50 ms
 3 172.16.10.14 80 ms  90 ms  90 ms

Now we can shutdown interface GE0/0/1 of RouterA:

[RouterA-GigabitEthernet0/0/1]shutdown

[RouterA-GigabitEthernet0/0/1]display this
interface GigabitEthernet0/0/1
 shutdown
 ip address 10.0.0.1 255.255.255.252
 standby interface GigabitEthernet0/0/2 60
 standby interface GigabitEthernet0/0/3 30

Now traffic from CE1 to CE2 is going through GE0/0/2 of RouterA:

<CE>tracert 172.16.10.14
 traceroute to  172.16.10.14(172.16.10.14), max hops: 30 ,packet length: 40
 1 172.16.10.1 30 ms  30 ms  50 ms
 2 10.0.0.6 80 ms  60 ms  50 ms
 3 172.16.10.14 110 ms  100 ms  100 ms

What we can see on RouterA is:

[RouterA]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
        Destinations : 7        Routes : 7

Destination/Mask    Proto  Pre  Cost       Flags NextHop         Interface

       10.0.0.4/30  Direct 0    0            D   10.0.0.5        GigabitEthernet0/0/2
       10.0.0.5/32  Direct 0    0            D   127.0.0.1       InLoopBack0
      127.0.0.0/8   Direct 0    0            D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct 0    0            D   127.0.0.1       InLoopBack0
    172.16.10.0/30  Direct 0    0            D   172.16.10.1     GigabitEthernet0/0/0
    172.16.10.1/32  Direct 0    0            D   127.0.0.1       InLoopBack0
   172.16.10.12/30  Static 60   0           RD   10.0.0.6        GigabitEthernet0/0/2

[RouterA]display standby state
Interface            Interfacestate Backupstate Backupflag Pri Loadstate
GigabitEthernet0/0/1         DOWN    MDOWN      MU
GigabitEthernet0/0/2         UP      UP         BU          60
GigabitEthernet0/0/3         STANDBY STANDBY    BU          30

 Backup-flag meaning:
 M---MAIN  B---BACKUP     V---MOVED    U---USED
 D---LOAD  P---PULLED     G---LOGICCHANNEL

As we can see active interface is now in DOWN state, one of backup interfaces is UP and the second backup interface is in standby state.

To speed up switching between active and backup interfaces, we can associate interface backup with BFD. BFD provides fast fault detection of the primary link and reports faults to the interface backup module. Then traffic is switched to the backup link. We can do this in ARx2 routers. NE routers do not support BFD with backup interface association.

Read More »
Design By: ThemeTen