Marcus.Gerdon wrote:
Hi,
you've written most routers are dual-attached, so the concern mostly
is failure detection and not re-establishment of a neighbor I think.
Correct
If you go into debounce or carrier-delay you'll raise the convergence
time as a link failure will be ignored for a short time before
processes are notified.
Further reading indicates that carrier/debounce are by default as low as
you can safely get them on a 6500, so I think I can disregard these.
OSPF should immediately react on an link-down event, so I'd try to
speed it up this way. If you use 2 separate SVI for the 2 connections
We're already doing this.
and each VLAN has only 1 port it is allowed in (either a single
access port or exactly 1 trunk port) the SVI should go down along
with that single port.
It does.
Interestingly info I've read indicates that routed interfaces signal
upper-layer protocols much faster than SVI interfaces, which is
something I'll have to investigate.
Playing around the timers I keep for last resort - as there's always
the risk to de-stabilize the network seriously (I've seen people
trying to get the last second out of a protocol resulting in
occasional burn-downs far too often).
Hmm.
Further digging has some pretty concrete recommendations from Cisco in
presentations and such suggesting:
timers throttle spf 10 100 5000
timers throttle lsa all 10 100 5000
timers lsa arrival 80
e.g.
http://www.ciscoexpo.sk/slides/41-vsettey_fast_convergence.pdf
The default SPF initial delay is 5 *whopping* seconds; which means that,
no matter how fast your link detection and SPF propagation is, it'll be
at least 5 seconds before you even *start* trying to converge.
Having read the docs, I have a hard time seeing how changing these can
"burn down" the network - the spf and lsa timers have exponential
backoff. Would you care to elaborate on the failure modes you have seen?
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
