High Availability Configuration Guide, Cisco IOS Release 15S
Configuring Nonstop Forwarding
Configuring Nonstop Forwarding
Last Updated: November 25, 2012
This module describes how to configure Nonstop Forwarding (NSF) in Cisco software to minimize the amount of time a network is unavailable to its users following a switchover. The main objective of NSF is to continue forwarding IP packets following a Route Processor (RP) switchover. NSF is supported by the BGP, EIGRP, IPv6, IS-IS, and OSPF protocols for routing and by CEF for forwarding.
The following terms are used throughout this document:
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Nonstop Forwarding
Restrictions for Nonstop Forwarding
BGP NSF Restrictions
EIGRP NSF Restrictions
OSPF NSF Restrictions
Information About Nonstop Forwarding
NSF works with the SSO feature in Cisco software to minimize the amount of time a network is unavailable to its users following a switchover. The main objective of NSF is to continue forwarding IP packets following an RP switchover.
Usually, when a networking device restarts, all routing peers of that device detect that the device went down and then came back up. This transition results in what is called a routing flap, which could spread across multiple routing domains. Routing flaps caused by routing restarts create routing instabilities, which are detrimental to the overall network performance. NSF helps to suppress routing flaps in SSO-enabled devices, thus reducing network instability.
NSF allows for the forwarding of data packets to continue along known routes while the routing protocol information is being restored following a switchover. With NSF, peer networking devices do not experience routing flaps. Data traffic is forwarded through intelligent line cards or dual forwarding processors (FPs) while the standby RP assumes control from the failed active RP during a switchover. The ability of line cards and FPs to remain up through a switchover and to be kept current with the Forwarding Information Base (FIB) on the active RP is key to NSF operation.
The NSF feature provides the following benefits:
NSF always runs together with SSO. SSO supported protocols and applications must be high-availability (HA)-aware. A feature or protocol is HA-aware if it maintains, either partially or completely, undisturbed operation during an RP switchover. For some HA-aware protocols and applications, state information is synchronized from the active to the standby processor.
Cisco NSF Routing and Forwarding
Cisco NSF is supported by the BGP, EIGRP, IPv6, IS-IS, and OSPF protocols for routing and by CEF for forwarding. Of the routing protocols, BGP, EIGRP, IPv6, IS-IS, and OSPF have been enhanced with NSF-capability and awareness, which means that devices running these protocols can detect a switchover and take the necessary actions to continue forwarding network traffic and to recover route information from the peer devices. The IS-IS protocol can be configured to use state information that has been synchronized between the active and the standby RP to recover route information following a switchover instead of information received from peer devices.
Each protocol depends on CEF to continue forwarding packets during switchover while the routing protocols rebuild the Routing Information Base (RIB) tables. Once the routing protocols have converged, CEF updates the FIB table and removes stale route entries. CEF, in turn, updates the line cards with the new FIB information.
Routing Protocols and CEF Support in Cisco NSF
The table below lists the routing protocol and CEF support in Cisco NSF.
1 The Cisco 7200 is a single-route processor system and cannot maintain its forwarding table in the event of a route processor failure. It cannot perform nonstop forwarding of packets. However, it supports the NSF protocol extensions for BGP, EIGRP, OSPF, and IS-IS. Therefore, it can peer with NSF-capable routers and facilitate the resynchronization of routing information with such routers.
2 The Cisco 7200 is NSF-aware in Cisco IOS Release 12.2(18)S.
3 The Cisco 7200 is a single-processor device and does not support SSO; therefore, CEF support for NSF does not apply.
Cisco Express Forwarding and NSF
A key element of NSF is packet forwarding. In a Cisco networking device, packet forwarding is provided by CEF. CEF maintains the FIB, and uses the FIB information that was current at the time of the switchover to continue forwarding packets during a switchover. This feature reduces traffic interruption during the switchover.
During normal NSF operation, CEF on the active RP synchronizes its current FIB and adjacency databases with the FIB and adjacency databases on the standby RP. Upon switchover of the active RP, the standby RP initially has FIB and adjacency databases that are mirror images of those that were current on the active RP. For platforms with intelligent line cards, the line cards will maintain the current forwarding information over a switchover; for platforms with forwarding engines, CEF will keep the forwarding engine on the standby RP current with changes that are sent to it by CEF on the active RP. In this way, the line cards or forwarding engines will be able to continue forwarding after a switchover as soon as the interfaces and a data path are available.
As the routing protocols start to repopulate the RIB on a prefix-by-prefix basis, the updates in turn cause prefix-by-prefix updates to CEF, which it uses to update the FIB and adjacency databases. Existing and new entries will receive the new version ("epoch") number, indicating that they have been refreshed. The forwarding information is updated on the line cards or forwarding engine during convergence. The RP signals when the RIB has converged. The software removes all FIB and adjacency entries that have an epoch older than the current switchover epoch. The FIB now represents the newest routing protocol forwarding information.
The routing protocols run only on the active RP, and they receive routing updates from their neighbor devices. Routing protocols do not run on the standby RP. Following a switchover, the routing protocols request that the NSF-aware neighbor devices send state information to help rebuild the routing tables. Alternately, the IS-IS protocol can be configured to synchronize state information from the active to the standby RP to help rebuild the routing table on the NSF-capable device in environments where neighbor devices are not NSF-aware.
For NSF operation, the routing protocols depend on CEF to continue forwarding packets while the routing protocols rebuild the routing information. The CEF NSF feature operates by default while the networking device is running in SSO mode. No configuration is necessary.
BGP NSF Operations
When a NSF-capable device begins a BGP session with a BGP peer, it sends an OPEN message to the peer. Included in the message is a declaration that the NSF-capable device has "graceful restart capability." Graceful restart is the mechanism by which BGP routing peers avoid a routing flap following a switchover. If the BGP peer has received this capability, it is aware that the device sending the message is NSF-capable. Both the NSF-capable device and its BGP peers need to exchange the graceful restart capability in their OPEN messages, at the time of session establishment. If both the peers do not exchange the graceful restart capability, the session will not be graceful restart capable.
If the BGP session is lost during the RP switchover, the NSF-aware BGP peer marks all the routes associated with the NSF-capable device as stale; however, it continues to use these routes to make forwarding decisions for a set period of time. This functionality means that no packets are lost while the newly active RP is waiting for convergence of the routing information with the BGP peers.
After an RP switchover occurs, the NSF-capable device reestablishes the session with the BGP peer. In establishing the new session, it sends a new graceful restart message that identifies the NSF-capable device as having restarted.
At this point, the routing information is exchanged between the two BGP peers. Once this exchange is complete, the NSF-capable device uses the routing information to update the RIB and the FIB with the new forwarding information. The NSF-aware device uses the network information to remove stale routes from its BGP table. Following that, the BGP protocol is fully converged.
If a BGP peer does not support the graceful restart capability, it will ignore the graceful-restart capability in an OPEN message but will establish a BGP session with the NSF-capable device. This function will allow interoperability with non-NSF-aware BGP peers (and without NSF functionality), but the BGP session with non-NSF-aware BGP peers will not be graceful restart-capable.
BGP support in NSF requires that neighbor networking devices be NSF-aware; that is, the devices must have the graceful restart capability and advertise that capability in their OPEN message during session establishment. If an NSF-capable device discovers that a particular BGP neighbor does not have graceful restart capability, it will not establish an NSF-capable session with that neighbor. All other neighbors that have graceful restart capability will continue to have NSF-capable sessions with this NSF-capable networking device.
EIGRP NSF Operations
Cisco NSF is supported by the EIGRP protocol for routing and by CEF for forwarding. EIGRP depends on CEF to continue forwarding packets during switchover while the routing protocols rebuild the Routing Information Base (RIB) tables. Once the routing protocols have converged, CEF updates the FIB table and removes stale route entries. CEF, in turn, updates the line cards with the new FIB information.
EIGRP nonstop forwarding (NSF) capabilities are exchanged by EIGRP peers in hello packets. The NSF-capable device notifies its neighbors that an NSF restart operation has started by setting the restart (RS) bit in a hello packet. When an NSF-aware device receives notification from an NSF-capable neighbor that an NSF-restart operation is in progress, the NSF-capable and NSF-aware devices immediately exchange their topology tables. The NSF-aware device sends an end-of-table (EOT) update packet when the transmission of its topology table is complete. The NSF-aware device then performs the following actions to assist the NSF-capable device:
When the switchover operation is complete, the NSF-capable device notifies its neighbors that it has reconverged and has received all of their topology tables by sending an EOT update packet to the assisting devices. The NSF-capable device then returns to normal operation. The NSF-aware device will look for alternate paths (go active) for any routes that are not refreshed by the NSF-capable (restarting device). The NSF-aware device will then return to normal operation. If all paths are refreshed by the NSF-capable device, the NSF-aware device will immediately return to normal operation.
NSF-aware devices are completely compatible with non-NSF-aware or non-NSF-capable neighbors in an EIGRP network. A non-NSF-aware neighbor will ignore NSF capabilities and reset adjacencies and otherwise maintain the peering sessions normally.
IPv6 support for NSF Operations
Nonstop Forwarding and Graceful Restart for MP-BGP IPv6 Address Family
The graceful restart capability is supported for IPv6 BGP unicast, multicast, and VPNv6 address families, enabling Cisco NSF functionality for BGP IPv6. The BGP graceful restart capability allows the BGP routing table to be recovered from peers without keeping the TCP state.
NSF continues forwarding packets while routing protocols converge, therefore avoiding a route flap on switchover. Forwarding is maintained by synchronizing the FIB between the active and standby RP. On switchover, forwarding is maintained using the FIB. The RIB is not kept synchronized; therefore, the RIB is empty on switchover. The RIB is repopulated by the routing protocols and subsequently informs the FIB about RIB convergence by using the NSF_RIB_CONVERGED registry call. The FIB tables are updated from the RIB, removing any stale entries. The RIB starts a fail-safe timer during RP switchover, in case the routing protocols fail to notify the RIB of convergence.
The Cisco BGP address family identifier (AFI) model is modular and scalable, and supports multiple AFIs and subsequent address family identifier (SAFI) configurations.
Nonstop Forwarding for IPv6 RIP
RIP registers as an IPv6 NSF client. Doing so has the benefit of using RIP routes installed in the Cisco Express Forwarding table until RIP has converged on the standby.
IS-IS NSF Operations
When an IS-IS NSF-capable device performs an RP switchover, it must perform two tasks in order to resynchronize its Link State Database with its IS-IS neighbors. First, it must relearn the available IS-IS neighbors on the network without causing a reset of the neighbor relationship. Second, it must reacquire the contents of the Link State Database for the network.
The IS-IS NSF feature offers two options when configuring NSF:
If neighbor devices on a network segment are NSF-aware, meaning that neighbor devices are running a software version that supports the IETF Internet draft for device restartability, they will assist an IETF NSF device that is restarting. With IETF, neighbor devices provide adjacency and link-state information to help rebuild the routing information following a switchover. A benefit of IETF IS-IS configuration is operation between peer devices based on a proposed standard.
If you configure IETF on the networking device, but neighbor devices are not IETF-compatible, NSF will abort following a switchover.
If the neighbor devices on a network segment are not NSF-aware, you must use the Cisco configuration option. The Cisco IS-IS configuration transfers both protocol adjacency and link-state information from the active to the standby RP. A benefit of Cisco configuration is that it does not rely on NSF-aware neighbors.
IETF IS-IS Configuration
With the IETF IS-IS configuration, the NSF-capable device sends IS-IS NSF restart requests to neighboring NSF-aware devices as quickly as possible after an RP switchover. Neighbor networking devices recognize this restart request as a cue that the neighbor relationship with this device should not be reset, but that they should initiate database resynchronization with the restarting device. As the restarting device receives restart request responses from devices on the network, it can begin to rebuild its neighbor list.
Once this exchange is complete, the NSF-capable device uses the link-state information to remove stale routes, update the RIB, and update the FIB with the new forwarding information. IS-IS is then fully converged.
The switchover from one RP to the other happens within seconds. IS-IS reestablishes its routing table and resynchronizes with the network within a few additional seconds. At this point, IS-IS waits for a specified interval before it will attempt a second NSF restart. During this time, the new standby RP will boot up and synchronize its configuration with the active RP. The IS-IS NSF operation waits for a specified interval to ensure that connections are stable before attempting another restart of IS-IS NSF. This functionality prevents IS-IS from attempting back-to-back NSF restarts with stale information.
Cisco IS-IS Configuration
With the Cisco configuration option, full adjacency and link-state packet (LSP) information is saved, or "checkpointed," to the standby RP. Following a switchover, the newly active RP maintains its adjacencies using the checkpointed data, and can quickly rebuild its routing tables.
The switchover from one RP to the other happens within seconds. IS-IS reestablishes its routing table and resynchronizes with the network within a few additional seconds. At this point, IS-IS waits for a specified interval before it will attempt a second NSF restart. During this time, the new standby RP will boot up and synchronize its configuration with the active RP. Once this synchronization is completed, IS-IS adjacency and LSP data is checkpointed to the standby RP; however, a new NSF restart will not be attempted by IS-IS until the interval time expires. This functionality prevents IS-IS from attempting back-to-back NSF restarts. IS-IS NSF provides a command to extend the wait time for interfaces that, for whatever reason, do not come up in a timely fashion.
Following a switchover, Cisco IS-IS NSF has complete neighbor adjacency and LSP information; however, it must wait for all interfaces that had adjacencies prior to the switchover to come up. If an interface does not come up within the allocated interface wait time, the routes learned from these neighbor devices are not considered in routing table recalculation.
For Cisco Nonstop Forwarding (NSF), the Open Shortest Path First (OSPF) routing protocol has been enhanced to support high availability (HA) features in Stateful Switchover (SSO). Before an OSPF NSF-capable device can perform a Route Processor (RP) switchover, the device must be aware of the available OSPF neighbors on the network without resetting the neighbor relationship, and the device must acquire the contents of the link state database for the network. The NSF-capable device sends an OSPF NSF signal to neighboring NSF-aware devices to notify the devices that the neighbor relationship with the sending device must not be reset. The NSF-capable device uses the signals that it receives from other devices on the network to rebuild its neighbor list.
The NSF-capable device synchronizes its database with all the NSF-aware neighbors on its neighbor list. After all neighbors exchange routing information, the NSF-capable device uses the routing information to remove stale routes and update the routing information base (RIB) and the forwarding information base (FIB) with the new forwarding information. The OSPF protocols are then fully converged.
Prior to RFC 3623, Cisco implemented the proprietary Cisco NSF. The RFC 3623 Graceful OSPF Restart feature supports IETF NSF for OSPF processes in multivendor networks. The following are NSF device modes of operation common to Cisco and IETF NSF implementations:
The strict link state advertisement (LSA) checking feature allows a helper device to terminate the graceful restart process if the device detects a changed LSA that would cause flooding during the graceful restart process. Strict LSA checking is disabled by default. You can enable strict LSA checking when there is a change to an LSA that would be flooded to the restarting device.
How to Configure Nonstop Forwarding
Configuring and Verifying BGP NSF
Configuring and Verifying EIGRP NSF
2. configure terminal
3. router eigrp as-number
5. timers nsf converge seconds
6. timers nsf signal seconds
7. timers nsf route-hold seconds
8. timers graceful-restart purge-time seconds
10. show ip protocols
Perform only one of the following tasks:
Configuring Cisco NSF-OSPF
Configuring IETF NSF-OSPF
Configuring and Verifying IS-IS NSF
Troubleshooting Nonstop Forwarding
Configuration Examples for Nonstop Forwarding
Example NSF-Capable CEF
The CEF NSF feature operates by default while the networking device is running in SSO mode. No configuration is necessary. The following sample output shows that CEF is NSF capable:
Router# show cef state CEF Status [RP] CEF enabled/running dCEF enabled/running CEF switching enabled/running CEF default capabilities: Always FIB switching: yes Default CEF switching: yes Default dCEF switching: yes Update HWIDB counters: no Drop multicast packets: no CEF NSF capable: yes IPC delayed func on SSO: no RRP state: I am standby RRP: no My logical slot: 0 RF PeerComm: no
Example BGP NSF
The following partial output shows the BGP configuration on the SSO-enabled device:
Router# show running-config router bgp 120 bgp graceful-restart neighbor 10.2.2.2 remote-as 300
The following sample output shows that the graceful restart function is both advertised and received and that the address families have the graceful restart capability. If no address families were listed, then BGP NSF will not occur.
Router# show ip bgp neighbors 192.168.2.2 BGP neighbor is 192.168.2.2, remote AS YY, external link BGP version 4, remote router ID 192.168.2.2 BGP state = Established, up for 00:01:18 Last read 00:00:17, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh:advertised and received(new) Address family IPv4 Unicast:advertised and received Address family IPv4 Multicast:advertised and received Graceful Restart Capabilty:advertised and received Remote Restart timer is 120 seconds Address families preserved by peer: IPv4 Unicast, IPv4 Multicast Received 1539 messages, 0 notifications, 0 in queue Sent 1544 messages, 0 notifications, 0 in queue Default minimum time between advertisement runs is 30 seconds
Example: EIGRP NSF
The following sample output shows that EIGRP NSF support is present in the installed software image.
Device# show ip protocols Routing Protocol is "eigrp 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 100 EIGRP NSF-aware route hold timer is 240s EIGRP NSF enabled NSF signal timer is 20s NSF converge timer is 120s Automatic network summarization is in effect Maximum path: 4 Routing for Networks: 10.4.9.0/24 Routing Information Sources: Gateway Distance Last Update Distance: internal 90 external 170
Example: Configuring Cisco NSF-OSPF
The following example shows how to enable Cisco Nonstop Forwarding (NSF) helper support in the router configuration mode:
Device> enable Device# configure terminal Device(config)# router ospf 400 Device(config-router)# nsf cisco helper Device(config-router)# nsf ietf helper disable Device(config-router)# end
The following sample output from the show ip ospf nsf command shows that NSF is enabled for Open Shortest Path First (OSPF) process 400. NSF helper mode is enabled by default on devices running NSF-compatible software. In this configuration, IETF helper mode is disabled for process 400.
Device> show ip ospf nsf Routing Process "ospf 400" Non-Stop Forwarding enabled IETF NSF helper support disabled Cisco NSF helper support enabled OSPF restart state is NO_RESTART Handle 2162698, Router ID 192.168.2.155, checkpoint Router ID 0.0.0.0 Config wait timer interval 10, timer not running Dbase wait timer interval 120, timer not running
Example: Configuring IETF NSF-OSPF
The following example shows how to enable IETF Nonstop Forwarding (NSF) helper support in the router configuration mode:
Device> enable Device# configure terminal Device(config)# router ospf 500 Device(config-router)# nsf ietf helper strict-lsa-checking Device(config-router)# nsf cisco helper disable Device(config-router)# end
The following sample output from the show ip ospf nsf command shows that NSF is enabled for Open Shortest Path First (OSPF) process 500. NSF helper mode is enabled by default on devices running NSF-compatible software. In this configuration, Cisco helper mode is disabled.
Device> show ip ospf nsf Routing Process "ospf 500" Non-Stop Forwarding enabled IETF NSF helper support enabled Cisco NSF helper support disabled OSPF restart state is NO_RESTART Handle 1786466333, Router ID 10.1.1.1, checkpoint Router ID 0.0.0.0 Config wait timer interval 10, timer not running Dbase wait timer interval 120, timer not running
The following partial output shows that this device uses the Cisco implementation of IS-IS NSF. The display will show either Cisco IS-IS or IETF IS-IS configuration.
Router# show running-config router isis nsf cisco
In a Cisco NSF configuration, the display output is different on the active and the standby RPs.
The following sample output on the active RP shows that Cisco NSF is enabled on the device:
Router# show isis nsf NSF is ENABLED, mode 'cisco' RP is ACTIVE, standby ready, bulk sync complete NSF interval timer expired (NSF restart enabled) Checkpointing enabled, no errors Local state:ACTIVE, Peer state:STANDBY HOT, Mode:SSO
The following sample output on the standby RP shows that NSF is enabled on the device (NSF restart enabled):
Router# show isis nsf NSF enabled, mode 'cisco' RP is STANDBY, chkpt msg receive count:ADJ 2, LSP 7 NSF interval timer notification received (NSF restart enabled) Checkpointing enabled, no errors Local state:STANDBY HOT, Peer state:ACTIVE, Mode:SSO
The following sample output shows that IETF NSF is configured for the IS-IS networking device:
Router# show isis nsf NSF is ENABLED, mode IETF NSF pdb state:Inactive NSF L1 active interfaces:0 NSF L1 active LSPs:0 NSF interfaces awaiting L1 CSNP:0 Awaiting L1 LSPs: NSF L2 active interfaces:0 NSF L2 active LSPs:0 NSF interfaces awaiting L2 CSNP:0 Awaiting L2 LSPs: Interface:Serial3/0/2 NSF L1 Restart state:Running NSF p2p Restart retransmissions:0 Maximum L1 NSF Restart retransmissions:3 L1 NSF ACK requested:FALSE L1 NSF CSNP requested:FALSE NSF L2 Restart state:Running NSF p2p Restart retransmissions:0 Maximum L2 NSF Restart retransmissions:3 L2 NSF ACK requested:FALSE Interface:GigabitEthernet2/0/0 NSF L1 Restart state:Running NSF L1 Restart retransmissions:0 Maximum L1 NSF Restart retransmissions:3 L1 NSF ACK requested:FALSE L1 NSF CSNP requested:FALSE NSF L2 Restart state:Running NSF L2 Restart retransmissions:0 Maximum L2 NSF Restart retransmissions:3 L2 NSF ACK requested:FALSE L2 NSF CSNP requested:FALSE Interface:Loopback1 NSF L1 Restart state:Running NSF L1 Restart retransmissions:0 Maximum L1 NSF Restart retransmissions:3 L1 NSF ACK requested:FALSE L1 NSF CSNP requested:FALSE NSF L2 Restart state:Running NSF L2 Restart retransmissions:0 Maximum L2 NSF Restart retransmissions:3 L2 NSF ACK requested:FALSE L2 NSF CSNP requested:FALSE
Feature Information for Nonstop Forwarding
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2012 Cisco Systems, Inc. All rights reserved.