Cisco Catalyst SD-WAN BFD: Automatic Suspension

This document details the automatic suspension feature for Bidirectional Forwarding Detection (BFD) sessions within Cisco Catalyst SD-WAN. It covers the functionality, benefits, configuration, and verification methods.

Feature History

Information About Cisco Catalyst SD-WAN BFD

Within Cisco Catalyst SD-WAN, BFD is used to detect failures in the overlay tunnel. It offers the following characteristics:

• Is enabled by default and cannot be disabled.
• Is typically enabled for the Cisco Catalyst SD-WAN Overlay Management Protocol (OMP).
• Beyond link failures, Cisco Catalyst SD-WAN BFD measures latency, loss, jitter, and other link statistics used by application-aware routing. For more information, see Application-Aware Routing.
• BFD Support for Routing Protocols: This type of BFD supports BGP, OSFP, and EIGRP routing protocols in Cisco Catalyst SD-WAN. For more information, see BFD for Routing Protocols in Cisco Catalyst SD-WAN.

Information About Automatically Suspending BFD Sessions

Minimum supported releases: Cisco IOS XE Catalyst SD-WAN Release 17.10.1a and Cisco Catalyst SD-WAN Control Components Release 20.10.1.

BFD sessions can experience flapping, where a session enters a down state and then returns to an up state. This disruption affects applications running on the tunnel. Automatic suspension prevents applications from being unnecessarily steered to different overlay paths due to unstable BFD sessions.

BFD Suspension Parameters

Cisco Catalyst SD-WAN provides an automatic suspension mechanism based on the following parameters:

• Flap cycle: Defined by the BFD session states: up, down, or coming back up.
• SLA threshold: A threshold value for traffic metrics (loss, latency, jitter). If a metric exceeds the threshold, the BFD session state changes to suspended. These thresholds reflect the level of traffic performance specified in the SLA.

Benefits of Automatically Suspending BFD Sessions

• Supports manual removal of affected circuits or tunnel interfaces from the BFD suspended list.
• Provides monitoring of a suspended tunnel.

Note: An SLA threshold is an optional configuration. If configured, it is recommended to set higher metrics for loss, latency, and jitter to avoid conflicts with SLA parameters. For more information on SLA classes, see the Cisco Catalyst SD-WAN Policies Configuration Guide.

How Automatically Suspending BFD Sessions Works

Minimum supported releases: Cisco IOS XE Catalyst SD-WAN Release 17.10.1a and Cisco Catalyst SD-WAN Control Components Release 20.10.1.

BFD session parameters can be configured using a Cisco SD-WAN Manager device CLI template or a CLI add-on template.

BFD Session Flap Cycle and SLA Parameters

BFD Session Suspension Workflow

If a BFD session exceeds the flap-count within the configured flapping-window, it remains suspended until the configured duration interval expires. For a BFD session in the suspended state, the following occurs:

1. If a session reflaps or exceeds defined threshold parameters, it is moved back to the suspended state, and the duration is reset.
2. If the session does not flap and remains within the threshold range, it is automatically removed from the suspended state after the duration interval expires.
3. Suspended BFD sessions can be manually removed using the request platform software sdwan auto-suspend reset command. For more information, see the Cisco IOS XE SD-WAN Qualified Command Reference Guide.

Regular SLA measurement and echo response or path maximum transmission unit (PMTU) control traffic is sent across the suspended BFD session.

Note: Data traffic is not sent across the overlay network when a BFD session is in the suspended state.

Note: This feature does not manipulate the state of the BFD session itself.

Note: As the BFD suspension feature is for forward data traffic, enable BFD suspension on the remote-end node to block reverse data traffic and avoid dropping data traffic.

Restrictions for Automatically Suspending BFD Sessions

Minimum supported releases: Cisco IOS XE Catalyst SD-WAN Release 17.10.1a and Cisco Catalyst SD-WAN Control Components Release 20.10.1.

• For a Cisco IOS XE Catalyst SD-WAN device with a single TLOC, automatic suspension of a BFD session may cause BFD sessions to be dropped.
• The last-resort circuit may not function for a single site unless all BFD sessions are down for a tunnel interface. The last-resort circuit is enabled only if all BFD sessions on the non-last-resort circuit are suspended or down.
• Cisco SD-WAN Manager feature templates do not support the configuration of automatic suspension of BFD sessions. Support is provided only for configuring BFD automatic suspension using a device CLI or a CLI add-on template.
• If duplicated traffic is sent on a different BFD session, the duplicated traffic may be routed through a BFD suspended session.

Configure Automatic Suspension of BFD Sessions Using a CLI Template

Minimum supported releases: Cisco IOS XE Catalyst SD-WAN Release 17.10.1a and Cisco Catalyst SD-WAN Control Components Release 20.10.1.

For more information about using CLI templates, see CLI Add-On Feature Templates and CLI Templates.

Note: By default, CLI templates execute commands in global config mode.

Enable BFD Automatic Suspension

Enable BFD automatic suspension with or without last resort:

auto-suspend
enable-lr

Or disable last resort:

auto-suspend
no enable-lr

Note: Before enabling last resort for the BFD automatic suspension feature, ensure the last-resort circuit is enabled on a tunnel interface. For more information on last resort, see last-resort-circuit.

Configure Flap Parameters

Configure the following flap parameters:

duration sec
flapping-window sec
flap-count flap-count

Note: When using SLA-based BFD automatic suspension, the duration should be greater than the product of the BFD multiplier and the BFD poll interval. Cisco recommends configuring BFD automatic suspension duration to be more than 30 minutes.

Configure SLA Parameters (Optional)

Configure SLA thresholds:

thresholds
 color all
 jitter jitter-value
 latency latency-value
 loss loss-value

Prior to enabling SLA thresholds, configure BFD session flapping parameters and duration.

Here is a complete configuration example for configuring BFD automatic suspension with last resort enabled:

auto-suspend
enable-lr
duration 3600

Verify Automatic Suspension of BFD Sessions

Minimum supported releases: Cisco IOS XE Catalyst SD-WAN Release 17.10.1a and Cisco Catalyst SD-WAN Control Components Release 20.10.1.

Verifying Suspended Sessions

The show sdwan bfd sessions suspend command displays the total suspend count, indicating the number of times the BFD session has been suspended:

The following columns are added for analyzing BFD session suspension metrics: RE-SUSPEND COUNT, SUSPEND TIME LEFT, TOTAL COUNT, and SUSPEND DURATION.

Verifying BFD Session Metrics

The show sdwan bfd sessions alt command displays if a suspended flag has been added to a BFD session and other BFD session metrics:

The following columns are added for BFD suspension: BFD-LD and FLAGS.

Local discriminator (LD) is a unique identifier for all BFD sessions. The value for LD must be a nonzero value. LD is an internal value that Cisco Technical Assistance Center (TAC) uses for troubleshooting BFD sessions.

A BFD session flag, Sus, is added for identifying BFD sessions that are suspended.

Verifying BFD Session History

The following sample output displays the BFD sessions for which the Sus flag is added to the BFD session:

Verifying BFD Session Summary

The following sample output displays a BFD session summary, including which BFD sessions are up, down, flapped, or that have been suspended:

The following fields are added for BFD session suspension: sessions-flap, sessions-up-suspended, and sessions-down-suspended.