簡介
本檔案介紹雙向轉送偵測(BFD)的問題,在Nexus 7000上的交換器虛擬介面(SVI)上,邊界閘道通訊協定(BGP)未出現問題。
背景資訊
從5.0(2)開始的Nexus版本支援適用於BGP的BFD,但存在某些限制。6.2(12)版本不支援跨虛擬埠通道(VPC)的BFD over SVI。7.2(0)D1(1)版本支援使用BFD over SVI over FabricPath。但是,在常規鏈路聚合控制協定(LACP)埠通道介面上應支援BFD over SVI。
問題:Nexus 7000上的SVI不會為BGP提供BFD
BFD保持管理關閉狀態,但當BFD作業階段通過常規連線埠通道上的SVI介面時,BGP作業階段可以正常運作。這是SVI介面的配置:
interface Vlan1012
description Connected-to-N7k-2
no shutdown
mtu 9202
mac-address 0022.0022.0022
bfd interval 50 min_rx 50 multiplier 3
bfd echo-rx-interval 50
bfd ipv4 interval 50 min_rx 50 multiplier 3
bfd ipv6 interval 50 min_rx 50 multiplier 3
bfd ipv4 echo-rx-interval 50
bfd ipv6 echo-rx-interval 50
vrf member ROUTING-TRANSIT
ip flow monitor Monitor-x input sampler Sampler-x
ipv6 flow monitor Monitor-x-IPv6 input sampler Sampler-x
no ip redirects
ip address 10.1.12.0/31
當BGP設定為使用BFD時,BFD作業階段會保留在AdminDown狀態,但BGP作業階段會啟動。BFD會話的Tx計數遞增或0,但Rx計數始終保持0。
N7k-1#show bfd nei vrf all details
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int Vrf
10.0.12.0 10.0.12.1 1107296261/0 Down N/A(3) Down Vlan1012 ROUTING-TRANSIT
Session state is Down and not using echo function
Local Diag: 0, Demand mode: 0, Poll bit: 0, Authentication: None
MinTxInt: 2000000 us, MinRxInt: 2000000 us, Multiplier: 3
Received MinRxInt: 0 us, Received Multiplier: 3
Holdown (hits): 0 ms (0), Hello (hits): 2000 ms (0)
Rx Count: 0, Rx Interval (ms) min/max/avg: 0/0/1 last: 50999 ms ago
Tx Count: 0, Tx Interval (ms) min/max/avg: 0/0/0 last: 0 ms ago
Registered protocols: bgp
Downtime: 0 days 0 hrs 1 mins 3 secs
Last packet: Version: 0 - Diagnostic: 0
State bit: AdminDown - Demand bit: 0
Poll bit: 0 - Final bit: 0
Multiplier: 3 - Length: 24
My Discr.: 0 - Your Discr.: 0
Min tx interval: 0 - Min rx interval: 0
Min Echo interval: 0 - Authentication bit: 0
Hosting LC: 4, Down reason: No Diagnostic, Reason not-hosted: None
N7k-1#show ip bgp vrf all summary
BGP summary information for VRF ROUTING-TRANSIT, address family IPv4 Unicast
BGP router identifier 10.1.12.0, local AS number 65535
BGP table version is 13, IPv4 Unicast config peers 1, capable peers 1
0 network entries and 0 paths using 0 bytes of memory
BGP attribute entries [0/0], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.12.1 4 65535 5406 5407 13 0 0 00:01:10 0
即使VDC被刪除並重新建立,並且整個配置從一開始即已建立,問題仍繼續存在。
分析
從日誌中可發現似乎導致此行為的TCAM錯誤消息。在SVI上配置Netflow時,這是Nexus上顯示的錯誤消息。
N7k %$ VDC-1 %$ %ACLQOS-SLOT4-2-ACLQOS_FAILED: ACLQOS failure: feature combination not supported on VDC-2 VLAN 1012 for : Netflow Sampler (SVI), Netflow Sampler (SVI), BFD
使用功能組合時會顯示此錯誤訊息。當在同一三元內容可定址記憶體(TCAM)庫上設定無法共存的功能組合時,會出現TCAM故障,其中一些功能無法正常運作。
解決方案
如果啟用了訪問控制清單(ACL)TCAM庫對映,將有助於解決此問題。ACL TCAM庫對映允許TCAM庫以更可預測的方式容納更多功能組合。特徵被預先分類到特徵組中,特徵組被進一步預定義為特徵類,根據該特徵類允許特徵在TCAM庫內共存。ACL TCAM庫對映允許您同時配置一組功能,並減少在相同TCAM庫上配置無法共存的功能組合時可能累積的多個結果。在預設VDC中,可以使用命令hardware access-list resource feature bank-mapping配置TCAM庫映射。要檢視功能如何對映到TCAM庫,請使用命令show system internal access-list feature bank-chain map vlan-vlan ingress module slot-number。
配置TCAM庫對映後,BFD會話將脫出AdminDown狀態,並且不會再次發現%ACLQOS錯誤日誌。
意見