配置基于 ExpressRoute 的 BFDConfigure BFD over ExpressRoute

ExpressRoute 支持基于专用对等互连和 Microsoft 对等互连的双向转发检测 (BFD)。ExpressRoute supports Bidirectional Forwarding Detection (BFD) both over private and Microsoft peering. 启用基于 ExpressRoute 的 BFD 后,可在 Microsoft 企业边缘 (MSEE) 设备与终止 ExpressRoute 线路 (CE/PE) 的路由器之间加速链路故障检测。By enabling BFD over ExpressRoute, you can expedite link failure detection between Microsoft Enterprise edge (MSEE) devices and the routers on which you terminate the ExpressRoute circuit (CE/PE). 可以通过客户边缘路由设备或合作伙伴边缘路由设备终止 ExpressRoute(如果使用托管的第 3 层连接服务)。You can terminate ExpressRoute over Customer Edge routing devices or Partner Edge routing devices (if you went with managed Layer 3 connection service). 本文档将逐步讲解 BFD 的需求,以及如何启用基于 ExpressRoute 的 BFD。This document walks you through the need for BFD, and how to enable BFD over ExpressRoute.

BFD 的需求Need for BFD

下图演示了启用基于 ExpressRoute 线路的 BFD 的好处:1The following diagram shows the benefit of enabling BFD over ExpressRoute circuit: 1

可以通过第 2 层连接或托管的第 3 层连接启用 ExpressRoute 线路。You can enable ExpressRoute circuit either by Layer 2 connections or managed Layer 3 connections. 在任一情况下,如果 ExpressRoute 连接路径中有一个或多个第 2 层设备,则检测路径中任何链路故障的工作由叠加的 BGP 负责。In either case, if there are one or more Layer-2 devices in the ExpressRoute connection path, responsibility of detecting any link failures in the path lies with the overlying BGP.

在 MSEE 设备上,BGP keepalive 和保持时间通常分别配置为 60 和 180 秒。On the MSEE devices, BGP keepalive and hold-time are typically configured as 60 and 180 seconds respectively. 因此,在发生链路故障后,最多需要三分钟才能检测到任何链路故障并将流量切换到备用连接。Therefore, following a link failure it would take up to three minutes to detect any link failure and switch traffic to alternate connection.

可以通过在客户边缘对等互连设备上配置较低的 BGP keepalive 和保持时间来控制 BGP 计时器。You can control the BGP timers by configuring lower BGP keepalive and hold-time on the customer edge peering device. 如果两个对等互连设备之间的 BGP 计时器不匹配,则对等方之间的 BGP 会话将使用较低的计时器值。If the BGP timers are mismatched between the two peering devices, the BGP session between the peers would use the lower timer value. BGP keepalive 最低可设置为 3 秒,保持时间是 10 的数量级秒。The BGP keepalive can be set as low as three seconds, and the hold-time in the order of tens of seconds. 但是,由于协议是进程密集型的,因此,激进地设置 BGP 计时器不太可取。However, setting BGP timers aggressively less preferable because the protocol is process intensive.

在这种情况下,BFD 可发挥作用。In this scenario, BFD can help. BFD 能够以亚秒级的时间间隔提供低开销的链路故障检测。BFD provides low-overhead link failure detection in a subsecond time interval.

启用 BFDEnabling BFD

在 MSEE 上所有新建的 ExpressRoute 专用对等互连接口中,默认已配置 BFD。BFD is configured by default under all the newly created ExpressRoute private peering interfaces on the MSEEs. 因此,若要启用 BFD,只需在 CE/PE(二者都在主设备和辅助设备上)上配置 BFD 即可。Therefore, to enable BFD, you need to just configure BFD on your CEs/PEs (both on your primary and secondary devices). 配置 BFD 的过程包括两个步骤:需在接口上配置 BFD,然后将其链接到 BGP 会话。Configuring BFD is two-step process: you need to configure the BFD on the interface and then link it to the BGP session.

下面显示了 CE/PE 配置示例(使用 Cisco IOS XE)。An example CE/PE (using Cisco IOS XE) configuration is shown below.

interface TenGigabitEthernet2/0/0.150
  description private peering to Azure
  encapsulation dot1Q 15 second-dot1q 150
  ip vrf forwarding 15
  ip address 192.168.15.17 255.255.255.252
  bfd interval 300 min_rx 300 multiplier 3


router bgp 65020
  address-family ipv4 vrf 15
    network 10.1.15.0 mask 255.255.255.128
    neighbor 192.168.15.18 remote-as 12076
    neighbor 192.168.15.18 fall-over bfd
    neighbor 192.168.15.18 activate
    neighbor 192.168.15.18 soft-reconfiguration inbound
  exit-address-family

Note

若要在现有的专用对等互连中启用 BFD,需要重置该对等互连。To enable BFD under an already existing private peering; you need to reset the peering. 请参阅重置 ExpressRoute 对等互连See Reset ExpressRoute peerings

BFD 计时器协商BFD Timer Negotiation

在两个 BFD 对等方之间,速度较慢的对等方决定了传输速率。Between BFD peers, the slower of the two peers determine the transmission rate. MSEE BFD 传输/接收间隔设置为 300 毫秒。MSEEs BFD transmission/receive intervals are set to 300 milliseconds. 在某些情况下,可以将间隔设置为 750 毫秒的较高值。In certain scenarios, the interval may be set at a higher value of 750 milliseconds. 通过配置较高的值,可以强制这些间隔变得更长;但无法变得更短。By configuring higher values, you can force these intervals to be longer; but, not shorter.

Note

如果已配置异地冗余的 ExpressRoute 线路,或使用站点到站点 IPSec VPN 连接作为备用连接,则启用 BFD 有助于在发生 ExpressRoute 连接故障后加快故障转移的速度。If you have configured Geo-redundant ExpressRoute circuits or use Site-to-Site IPSec VPN connectivity as backup; enabling BFD would help failover quicker following an ExpressRoute connectivity failure.

后续步骤Next Steps

有关详细信息或帮助,请查看以下链接:For more information or help, check out the following links: