RE: Can Multihop BFD be protected using RLFA backup?

Jeff Tantsura <> Thu, 17 January 2019 17:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 92A2A130EC8 for <>; Thu, 17 Jan 2019 09:31:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TaT-fiwjZ793 for <>; Thu, 17 Jan 2019 09:31:17 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::833]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 829E0130EC3 for <>; Thu, 17 Jan 2019 09:31:17 -0800 (PST)
Received: by with SMTP id t33so12184696qtt.4 for <>; Thu, 17 Jan 2019 09:31:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=date:from:to:cc:message-id:in-reply-to:references:subject :mime-version; bh=1/qnCIcClxzGMVN6g+xygLF+tZO0OjHvzuUcU7UIiRM=; b=vNf0oNJKPs7t6DKpliTUfUqcszrQk/tlEY6LST3IX+xw2YM68pwItgdOg5S/4VUnHk RNVR7PMU0IcQ5CVUTAiB3Pq9dCkUgCE6Ah98x7O5MTtWhEI0VgdYM9j6qg1BMKC1nZ7P EX0p0ryeLnzdJtTsNxl8z3RkytvjGpbZUS3LX+/g96Ca+NuTkUqN3urpygLzGBvLw0kD fE2HTrNlRtRYfGwRLoboAJIHjHHCqNBmCt1G2cK1leKp9KmjVQLUo6CCjm5gwNUsJSMc 7W04J/oUKu8pnEKCKtDLcv5xq+oqeCsjfBnGtt2+ysQ0g0R5UrHPKtnTDStSrG9+r22/ 9MBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:date:from:to:cc:message-id:in-reply-to :references:subject:mime-version; bh=1/qnCIcClxzGMVN6g+xygLF+tZO0OjHvzuUcU7UIiRM=; b=L92U6X04rX0nyxmXbJIyl+qcK7ayobKd/dRbgcyaXRdTrP9xxyUw5/RvbuWWHeJLre AWuHIKq3MAE4JLIqdrwIELgdTgi0jIFLLQ3zmhXnJm1YXwdQFL6d3fDtXg4qFUkKL8MX VSC8wgc50eWCbj+EdzQR5Qg0+nndXG+TTCUSvQdBNOWAMmQcKu9oRKDo0YiLPmGS4LIp OQH8bEKFTleU2QWrOW+h8MuLo2bp2oNJrDHHleDPXeuQ+KKHKvzbWuPA95gDTCOJHkVH 7DMoEgRtFesJqmueG9c0Z8MAddxL26vJYE6XjLifjWXt4/ApYU79Wpkev9XPSJoYwDvB bsWQ==
X-Gm-Message-State: AJcUukcytVLjDZmCDOF/BsYHdT1V7RLOgNr3ye41zMDRmYUEQG543WEm Vpw5j039Cs354LCcrqwniI2p9037
X-Google-Smtp-Source: ALg8bN7ps4PmOy+JGbNNrzcZSL46KhVpx0WbPEVbJw9iF82C7C+8ouW1qcKc7y0nORRlPyYg+tCgdw==
X-Received: by 2002:ad4:410c:: with SMTP id i12mr12105186qvp.219.1547746276463; Thu, 17 Jan 2019 09:31:16 -0800 (PST)
Received: from [] ([]) by with ESMTPSA id o25sm60078986qtj.10.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 17 Jan 2019 09:31:15 -0800 (PST)
Date: Thu, 17 Jan 2019 09:31:07 -0800
From: Jeff Tantsura <>
To: Muthu Arul Mozhi Perumal <>, Alexander Vainshtein <>
Cc: "=?utf-8?Q?" <>
Message-ID: <d508a3bd-970e-4669-bfc5-ff2a4167841f@Spark>
In-Reply-To: <>
References: <> <25009_1547719034_5C40517A_25009_420_1_9E32478DFA9976438E7A22F69B08FF924B78E8A2@OPEXCLILMA4.corporate.adroot.infra.ftgroup> <> <>
Subject: RE: Can Multihop BFD be protected using RLFA backup?
X-Readdle-Message-ID: d508a3bd-970e-4669-bfc5-ff2a4167841f@Spark
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="5c40bbe0_50801ee1_116"
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 17 Jan 2019 17:31:22 -0000


Multihop BFD provides liveness monitoring of a remote end point while LFA/rLFA provides protection of a local resource.
If Multihop BFD packets happen to exit the system over an interface that is protected by LFA/rLFA, when that interface fails, they should be transparently sent over the protecting path
Depending on implementation (as Stephane said) locally generated traffic (which BFD is) could be injected into fast path at different stages and could be the case that the injection point for bfd is done too late to get it into protecting path. In general - “slow BFD” (RP generated) would follow the transit traffic path, ASIC/NPU generated BFD - really depends.

On Jan 17, 2019, 4:55 AM -0800, Alexander Vainshtein <>, wrote:
> Muthu, and all,
> A minor correction: s/iBGP peers/remote BGP Next Hops/ in my previous email.
> Regards,
> Sasha
> Office: +972-39266302
> Cell:      +972-549266302
> Email:
> From: Alexander Vainshtein
> Sent: Thursday, January 17, 2019 2:20 PM
> To: 'Muthu Arul Mozhi Perumal' <>
> Cc:;
> Subject: RE: Can Multihop BFD be protected using RLFA backup?
> Muthu,
> Regarding the question in your 2nd email “Do we know of any implementation that provides RLFA FRR protection to multihop BFD packets?”
> My employer (ECI Telecom) has implemented multi-hop IP BFD protected by IP FRR (including local and remote LFA) with encapsulation that follows RFC 5883.
> (As explained by Stephane, IP FRR does not differentiate between multi-hop IP BFD and any other native IP traffic to the protected destination).
> Multi-hop IP BFD is used for reliable and reasonably fast detection of failure of iBGP peers that, in its turn,  can trigger appropriate protection mechanisms.
> Regards,
> Sasha
> Office: +972-39266302
> Cell:      +972-549266302
> Email:
> From: Rtg-bfd <> On Behalf Of Muthu Arul Mozhi Perumal
> Sent: Thursday, January 17, 2019 1:02 PM
> To:
> Cc:
> Subject: Re: Can Multihop BFD be protected using RLFA backup?
> Hi Stephane,
> Thanks for your response. Please see inline..
> On Thu, Jan 17, 2019 at 3:27 PM <> wrote:
> > Hi,
> >
> > I think that the fact that “control” packets can benefit of FRR is really implementation dependent. It is also linked to the place where BFD packets are created (RP or LC).
> > From a theoretical point of view, nothing prevents FRR to be used as for any packet generated by the router itself.
> Do we know of any implementation that provides RLFA FRR protection to multihop BFD packets?
> > Regarding the encapsulation, if your BFD client is using RFC5883, this will not change during FRR, the FRR will just push labels on top independently.
> The primary reason for my question on encapsulations is because RFC 4379 has the foll. as one of the reasons for using the destination address in 127/8 range for IPv4 (0:0:0:0:0:FFFF:7F00/104 range for IPv6) for diagnostic packets sent over MPLS LSP:
>    1. Although the LSP in question may be broken in unknown ways, the
>       likelihood of a diagnostic packet being delivered to a user of an
>       MPLS service MUST be held to an absolute minimum.
> Since multihop BFD uses a routable destination address, wondering whether there would be any issues if multihop BFD packets are sent over the RLFA backup path without following RFC 5884 encapsulation..
> Regards,
> Muthu
> >
> > Again, the possibility to get FRR is really implementation dependent, as the forwarding decision of the BFD packet may not be taken by the network processor of the LC.
> >
> > Brgds,
> >
> > From: Rtg-bfd [] On Behalf Of Muthu Arul Mozhi Perumal
> > Sent: Thursday, January 17, 2019 10:16
> > To:
> > Subject: Can Multihop BFD be protected using RLFA backup?
> >
> > Hi All,
> >
> > Multihop BFD (RFC 5883) packets are sent over UDP/IP. The encapsulation used is identical to single hop BFD (RFC 5881) except that the UDP destination port is set to 4784.
> >
> > Now, suppose on the ingress node there is no IP/LFA backup path for the destination address tracked by multihop BFD, but there exists an an RLFA backup path to that destination. In this case, is multihop BFD expected to be protected using the RLFA backup path i.e should multihop BFD packets be sent over the RLFA backup path if the primary path goes down?
> >
> > If multihop BFD packets are to be sent over the RLFA backup path, what encapsulation should the ingress use? The encapsulation specified in RFC 5883 or the encapsulation specified in RFC 5884 (MPLS BFD)?
> >
> > Please let me know you opinion.
> >
> > Regards,
> > Muthu
> > _________________________________________________________________________________________________________________________
> > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> > This message and its attachments may contain confidential or privileged information that may be protected by law;
> > they should not be distributed, used or copied without authorisation.
> > If you have received this email in error, please notify the sender and delete this message and its attachments.
> > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> > Thank you.
> ___________________________________________________________________________
> This e-mail message is intended for the recipient only and contains information which is
> CONFIDENTIAL and which may be proprietary to ECI Telecom. If you have received this
> transmission in error, please inform us by e-mail, phone or fax, and then delete the original
> and all copies thereof.
> ___________________________________________________________________________