Merge pull request #292629 from sushantjrao/break-glass-setup

Stacyrch140 · web-flow · commit 01ae4c2a85bc · 2025-01-09T16:58:31.000-05:00
Update howto-enable-micro-bfd.md
diff --git a/articles/operator-nexus/howto-enable-micro-bfd.md b/articles/operator-nexus/howto-enable-micro-bfd.md
@@ -11,67 +11,155 @@ ms.custom: template-how-to, devx-track-azurecli
 
 # Enabling Micro-BFD
 
-Micro-BFD (Bidirectional Forwarding Detection) is a lightweight protocol designed to quickly detect failures between adjacent network devices, such as routers or switches, with minimal overhead. This guide provides step-by-step instructions to enable Micro-BFD on Customer Edge (CE) and Provider Edge (PE) devices.
+Micro-BFD (Bidirectional Forwarding Detection) is a lightweight protocol designed to rapidly detect failures between adjacent network devices, such as routers or switches, with minimal overhead. This guide provides step-by-step instructions to enable Micro-BFD on Customer Edge (CE) and Provider Edge (PE) devices.
 
 ## Prerequisites
 
-Before enabling Micro-BFD, perform the following steps:
+Ensure the following prerequisites are met before enabling Micro-BFD:
 
-- Both CE and PE devices are configured with the required Micro-BFD settings.
+- Both CE and PE devices are preconfigured with the required Micro-BFD settings.
 
 - The feature flag `MicroBFDEnabled` is turned off by default.
 
-> [!Note]
-> Contact Microsoft support through a support incident to enable the feature flag.
+>[!Note]
+> It is required to contact Microsoft support through a support incident to enable the feature flag once necessary configurations has been performed to devices as explained in this article.
 
-- It is necessary to [put the device in maintenance mode](.\howto-put-device-in-maintenance-mode.md) to apply below the configuration changes. 
+- It's necessary to [put the device in maintenance mode](.\howto-put-device-in-maintenance-mode.md) to apply below the configuration changes. 
 
-## Configuration steps
+## Configuration steps for enabling Micro-BFD
 
-### Step 1: Configure CE devices
+Follow these steps to enable Micro-BFD, starting with the secondary devices. Once verified, proceed with the primary devices using the instructions provided.
+ 
+### Step 1: Place CE2 in Maintenance Mode
 
-1. Access the CE device and enter the configuration mode.
+Run the following Azure CLI command to place the CE2 device in maintenance mode:
 
-2. Add the following configuration to enable Micro-BFD on the CE-PE interface:
+```Azure CLI
+az networkfabric device update-admin-state --resource-group <resource-group> --resource-name <resource-name> --state UnderMaintenance
+```
+
+>[!Note]
+> For new deployments, maintenance mode is not required.
+
+### Step 2: Configure Micro-BFD on CE2
+
+Use the following Azure CLI command to configure Micro-BFD under Port-Channel1 on CE2.
+
+```Azure CLI 
+az networkfabric device run-rw --ids /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/
+Microsoft.ManagedNetworkFabric/NetworkDevices/<device>-AggrRack-CE2 --rw-command "interface Port-Channel1
+    ip address 10.30.0.69/30
+    mtu 9124
+    no switchport
+    bfd neighbor 10.30.0.70
+    bfd interval 50 min-rx 50 multiplier 3
+    bfd per-link rfc-7130
+!"
+```
+
+```Example IP address allocation
+NFIPv4Addr: 10.30.0.0/19
+CE<->PE MicroBFD: 10.30.0.64/30
+CE1: 10.30.0.65/30 & PE1: 10.30.0.66/30
+CE2: 10.30.0.69/30 & PE2: 10.30.0.70/30
+NFIPv4Addr: 10.30.32.0/19
+CE<->PE MicroBFD: 10.30.32.64/30
+CE1: 10.30.32.65/30 & PE1: 10.30.32.66/30
+CE2: 10.30.32.69/30 & PE2: 10.30.32.70/30
+```
+
+Verify the changes using the following command and check that the configured IP address, BFD interval, and neighbor details match the intended configuration.
+
+```Example show output after configuring MicroBFD on CE2
+CE2#show running-config interfaces pox
+    interface pox
+        description "Port pox Connected to PE-02"
+        mtu 9124
+        no switchport
+        ip address 10.30.0.69/30
+        bfd interval 50 min-rx 50 multiplier 3
+        bfd neighbor 10.30.0.70
+        bfd per-link rfc-7130
+```
+
+### Step 3: Configure Micro-BFD on PE2
+
+Use the following command to configure PE2 with Micro-BFD: Consider min-links under the PE device for the respective port-channel.
+
+```Azure CLI 
+az networkfabric device run-rw --ids /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/
+Microsoft.ManagedNetworkFabric/NetworkDevices/<device>-AggrRack-PE2 --rw-command "interface Port-Channel1
+    ip address 10.30.0.70/30
+    mtu 9124
+    no switchport
+    bfd neighbor 10.30.0.69
+    bfd interval 50 min-rx 50 multiplier 3
+    bfd per-link rfc-7130
+```
+
+Verify the changes using the following command and check that the configured IP address, BFD interval, and neighbor details match the intended configuration.
+
+```Example Show Output After Configuring MicroBFD on PE2
+PE2#show running-config interfaces pox
+    interface pox
+        description "Port pox Connected to CE-02"
+        mtu 9124
+        no switchport
+        ip address 10.30.0.70/30
+        bfd interval 50 min-rx 50 multiplier 3
+        bfd neighbor 10.30.0.69
+        bfd per-link rfc-7130
+```
 
-   ```bash
-   ip address 10.30.0.65/30
-   bfd interval 50 min-rx 50 multiplier 3
-   bfd neighbor 10.30.0.66
-   bfd per-link rfc-7130
-   ```
+### Step 4: Move device CE2 into enabled state
 
-### Step 2: Configure PE devices
+Use the following command to re-enable the device and make it operational after configuration.
 
-1. Access the PE device and enter the configuration mode.
+```Azure CLI
+az networkfabric device update-admin-state --resource-group <resource-group> --resource-name <resource-name> --state Enable
+```
 
-2. Add the following configuration to enable Micro-BFD on the PE-CE interface:
+>[!Note]
+> For new deployments, this step is not required.
 
-   ```bash
-   ip address 10.30.0.66/30
-   bfd interval 50 min-rx 50 multiplier 3
-   bfd neighbor 10.30.0.65
-   bfd per-link rfc-7130
-   ```
+### Step 5: Verify BFD details
+
+Check BFD peer details using the following command:
+
+```Bash
+CE2#show bfd peers dest-ip <dest-bfd-peer-ip> detail
+```
 
-### Step 3: Enable feature flag
+>[!NOTE] 
+> After verifying the configuration on secondary devices, repeat steps 1 to 5 for primary devices (CE1 and PE1).
 
-1. Request the DE team to enable the `MicroBFDEnabled` feature flag.
+### Step 6: Ensure connectivity and BGP sessions
 
-2. Verify the configuration by checking the status of Micro-BFD sessions on both CE and PE devices.
+Ensure connectivity between CE and PE devices is stable, and BGP sessions are established with the appropriate routes.
 
-### Step 4: Validate configuration
+### Step 7: Enable Micro-BFD Flag
 
-Use the following command to check the status of Micro-BFD sessions on the PE device:
+Contact Microsoft support through a support incident to enable the Micro-BFD feature flag. After enabling the feature flag, a full reconciliation with the base configuration is required, ensuring the NPB property is set to true.
 
-```bash
-show bfd status dest-ip 10.30.0.65 detail
+### Step 8: Verify Connectivity and BGP Sessions
+
+After enabling the feature flag, confirm that connectivity and BGP sessions remain stable.
+
+### Step 9: Remove configuration from RW config
+
+After the BFD sessions are up, run the following Azure CLI command to remove BFD configurations. This process ensures that every full reconcile request avoids reapplying configurations to the devices.
+
+```Azure CLI 
+az networkfabric device run-rw --ids /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.ManagedNetworkFabric/NetworkDevices/<device-name>-AggrRack-CE1\PE1\CE2\PE2 --rw-command " "
 ```
-Ensure that the Micro-BFD sessions are established and operational.
+
+### Step 11: Ensure devices aren't disturbed
+
+Ensure that devices aren't disturbed for Micro-BFD configuration.
 
 ## Recovery steps if Micro-BFD is misconfigured
 
-In scenarios such as reconfiguration, where Micro-BFD is disabled by default, and the Provider Edge (PE) device is configured with Micro-BFD settings from a previous deployment, it is crucial to remove the Micro-BFD configuration from the PE device.
+In cases like reconfiguration, where Micro-BFD is disabled by default but the Provider Edge (PE) device still has settings from a previous deployment, it's important to remove the Micro-BFD configuration from the PE device.
 
 Follow these steps to ensure that Micro-BFD is disabled on your PE devices:
 
