Bidirectional Forwarding Detection
BFD stands for Bidirectional Forwarding Detection and it is described and extended by the following RFCs:
BFDd Commands
- bfd
Opens the BFD daemon configuration node.
- peer <A.B.C.D|X:X::X:X> [{multihop|local-address <A.B.C.D|X:X::X:X>|interface IFNAME|vrf NAME}]
Creates and configures a new BFD peer to listen and talk to.
multihop tells the BFD daemon that we should expect packets with TTL less than 254 (because it will take more than one hop) and to listen on the multihop port (4784). When using multi-hop mode echo-mode will not work (see RFC 5883 section 3).
local-address provides a local address that we should bind our peer listener to and the address we should use to send the packets. This option is mandatory for IPv6.
interface selects which interface we should use.
vrf selects which domain we want to use.
- profile WORD
Creates a peer profile that can be configured in multiple peers.
Deleting the profile will cause all peers using it to reset to the default values.
- show bfd [vrf NAME] peers [json]
Show all configured BFD peers information and current status.
- show bfd [vrf NAME] peer <WORD|<A.B.C.D|X:X::X:X> [{multihop|local-address <A.B.C.D|X:X::X:X>|interface IFNAME}]> [json]
Show status for a specific BFD peer.
- show bfd [vrf NAME] peers brief [json]
Show all configured BFD peers information and current status in brief.
- show bfd distributed
Show the BFD data plane (distributed BFD) statistics.
Peer / Profile Configuration
BFD peers and profiles share the same BFD session configuration commands.
- detect-multiplier (2-255)
Configures the detection multiplier to determine packet loss. The remote transmission interval will be multiplied by this value to determine the connection loss detection timer. The default value is 3.
Example: when the local system has detect-multiplier 3 and the remote system has transmission interval 300, the local system will detect failures only after 900 milliseconds without receiving packets.
- receive-interval (10-60000)
Configures the minimum interval that this system is capable of receiving control packets. The default value is 300 milliseconds.
- transmit-interval (10-60000)
The minimum transmission interval (less jitter) that this system wants to use to send BFD control packets. Defaults to 300ms.
- echo receive-interval <disabled|(10-60000)>
Configures the minimum interval that this system is capable of receiving echo packets. Disabled means that this system doesn’t want to receive echo packets. The default value is 50 milliseconds.
- echo transmit-interval (10-60000)
The minimum transmission interval (less jitter) that this system wants to use to send BFD echo packets. Defaults to 50ms.
- echo-mode
Enables or disables the echo transmission mode. This mode is disabled by default. If you are not using distributed BFD then echo mode works only when the peer is also Soodar.
It is recommended that the transmission interval of control packets to be increased after enabling echo-mode to reduce bandwidth usage. For example: transmit-interval 2000.
Echo mode is not supported on multi-hop setups (see RFC 5883 section 3).
- shutdown
Enables or disables the peer. When the peer is disabled an ‘administrative down’ message is sent to the remote peer.
- passive-mode
Mark session as passive: a passive session will not attempt to start the connection and will wait for control packets from peer before it begins replying.
This feature is useful when you have a router that acts as the central node of a star network and you want to avoid sending BFD control packets you don’t need to.
The default is active-mode (or
no passive-mode
).
- minimum-ttl (1-254)
For multi hop sessions only: configure the minimum expected TTL for an incoming BFD control packet.
This feature serves the purpose of thightening the packet validation requirements to avoid receiving BFD control packets from other sessions.
The default value is 254 (which means we only expect one hop between this system and the peer).
BFD Peer Specific Commands
- label WORD
Labels a peer with the provided word. This word can be referenced later on other daemons to refer to a specific peer.
- profile BFDPROF
Configure peer to use the profile configurations.
Notes:
Profile configurations can be overridden on a peer basis by specifying non-default parameters in peer configuration node.
Non existing profiles can be configured and they will only be applied once they start to exist.
If the profile gets updated the new configuration will be applied to all peers with the profile without interruptions.
BGP BFD Configuration
The following commands are available inside the BGP configuration node.
- neighbor <A.B.C.D|X:X::X:X|WORD> bfd
Listen for BFD events registered on the same target as this BGP neighbor. When BFD peer goes down it immediately asks BGP to shutdown the connection with its neighbor and, when it goes back up, notify BGP to try to connect to it.
- neighbor <A.B.C.D|X:X::X:X|WORD> bfd check-control-plane-failure
Allow to write CBIT independence in BFD outgoing packets. Also allow to read both C-BIT value of BFD and lookup BGP peer status. This command is useful when a BFD down event is caught, while the BGP peer requested that local BGP keeps the remote BGP entries as staled if such issue is detected. This is the case when graceful restart is enabled, and it is wished to ignore the BD event while waiting for the remote router to restart.
Disabling this disables presence of CBIT independence in BFD outgoing packets and pays attention to BFD down notifications. This is the default.
- neighbor <A.B.C.D|X:X::X:X|WORD> bfd profile BFDPROF
Same as command
neighbor <A.B.C.D|X:X::X:X|WORD> bfd
, but applies the BFD profile to the sessions it creates or that already exist.
IS-IS BFD Configuration
The following commands are available inside the interface configuration node.
- isis bfd
Listen for BFD events on peers created on the interface. Every time a new neighbor is found a BFD peer is created to monitor the link status for fast convergence.
Note that there will be just one BFD session per interface. In case both IPv4 and IPv6 support are configured then just a IPv6 based session is created.
- isis bfd profile BFDPROF
Use a BFD profile BFDPROF as provided in the BFD configuration.
OSPF BFD Configuration
The following commands are available inside the interface configuration node.
- ip ospf bfd
Listen for BFD events on peers created on the interface. Every time a new neighbor is found a BFD peer is created to monitor the link status for fast convergence.
- ip ospf bfd profile BFDPROF
Same as command
ip ospf bfd
, but applies the BFD profile to the sessions it creates or that already exist.
OSPF6 BFD Configuration
The following commands are available inside the interface configuration node.
- ipv6 ospf6 bfd [profile BFDPROF]
Listen for BFD events on peers created on the interface. Every time a new neighbor is found a BFD peer is created to monitor the link status for fast convergence.
Optionally uses the BFD profile
BFDPROF
in the created sessions under that interface.
PIM BFD Configuration
The following commands are available inside the interface configuration node.
- ip pim bfd [profile BFDPROF]
Listen for BFD events on peers created on the interface. Every time a new neighbor is found a BFD peer is created to monitor the link status for fast convergence.
Optionally uses the BFD profile
BFDPROF
in the created sessions under that interface.
RIP BFD configuration
The following commands are available inside the interface configuration node:
- ip rip bfd
Automatically create BFD session for each RIP peer discovered in this interface. When the BFD session monitor signalize that the link is down the RIP peer is removed and all the learned routes associated with that peer are removed.
- ip rip bfd profile BFD_PROFILE_NAME
Selects a BFD profile for the BFD sessions created in this interface.
The following command is available in the RIP router configuration node:
- bfd default-profile BFD_PROFILE_NAME
Selects a default BFD profile for all sessions without a profile specified.
BFD Static Route Monitoring Configuration
A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB.
The following commands are available inside the configuration node:
- ip route A.B.C.D/M A.B.C.D bfd [{multi-hop|source A.B.C.D|profile BFDPROF}]
Configure a static route for
A.B.C.D/M
using gatewayA.B.C.D
and use the gateway address as BFD peer destination address.
- ipv6 route X:X::X:X/M [from X:X::X:X/M] X:X::X:X bfd [{multi-hop|source X:X::X:X|profile BFDPROF}]
Configure a static route for
X:X::X:X/M
using gatewayX:X::X:X
and use the gateway address as BFD peer destination address.
The static routes when uninstalled will no longer show up in the output of
the command show ip route
or show ipv6 route
, instead we must use the
BFD static route show command to see these monitored route status.
- show bfd static route [json]
Show all monitored static routes and their status.
Example output:
Showing BFD monitored static routes: Route groups: rtg1 peer 172.16.0.1 (status: uninstalled): 2001:db8::100/128 Next hops: VRF default IPv4 Unicast: 192.168.100.0/24 peer 172.16.0.1 (status: uninstalled) VRF default IPv4 Multicast: VRF default IPv6 Unicast:
Note
It is advised to use IP SLA feature.
Configuration
Before applying bfdd
rules to integrated daemons (like BGPd), we must
create the corresponding peers inside the bfd
configuration node.
Here is an example of BFD configuration:
bfd
peer 192.168.0.1
label home-peer
no shutdown
!
!
router bgp 65530
neighbor 192.168.0.1 remote-as 65531
neighbor 192.168.0.1 bfd
neighbor 192.168.0.2 remote-as 65530
neighbor 192.168.0.2 bfd
neighbor 192.168.0.3 remote-as 65532
neighbor 192.168.0.3 bfd
!
Peers can be identified by its address (use multihop
when you need
to specify a multi hop peer) or can be specified manually by a label.
Here are the available peer configurations:
bfd
! Configure a fast profile
profile fast
receive-interval 150
transmit-interval 150
!
! Configure peer with fast profile
peer 192.168.0.6
profile fast
no shutdown
!
! Configure peer with fast profile and override receive speed.
peer 192.168.0.7
profile fast
receive-interval 500
no shutdown
!
! configure a peer on an specific interface
peer 192.168.0.1 interface ge0
no shutdown
!
! configure a multihop peer
peer 192.168.0.2 multihop local-address 192.168.0.3
shutdown
!
! configure a peer in a different vrf
peer 192.168.0.3 vrf foo
shutdown
!
! configure a peer with every option possible
peer 192.168.0.4
label peer-label
detect-multiplier 50
receive-interval 60000
transmit-interval 3000
shutdown
!
! configure a peer on an interface from a separate vrf
peer 192.168.0.5 interface ge1 vrf vrf2
no shutdown
!
! remove a peer
no peer 192.168.0.3 vrf foo
Status
You can inspect the current BFD peer status with the following commands:
soodar# show bfd peers
BFD Peers:
peer 192.168.0.1
ID: 1
Remote ID: 1
Status: up
Uptime: 1 minute(s), 51 second(s)
Diagnostics: ok
Remote diagnostics: ok
Peer Type: dynamic
Local timers:
Detect-multiplier: 3
Receive interval: 300ms
Transmission interval: 300ms
Echo receive interval: 50ms
Echo transmission interval: disabled
Remote timers:
Detect-multiplier: 3
Receive interval: 300ms
Transmission interval: 300ms
Echo receive interval: 50ms
peer 192.168.1.1
label: router3-peer
ID: 2
Remote ID: 2
Status: up
Uptime: 1 minute(s), 53 second(s)
Diagnostics: ok
Remote diagnostics: ok
Peer Type: configured
Local timers:
Detect-multiplier: 3
Receive interval: 300ms
Transmission interval: 300ms
Echo receive interval: 50ms
Echo transmission interval: disabled
Remote timers:
Detect-multiplier: 3
Receive interval: 300ms
Transmission interval: 300ms
Echo receive interval: 50ms
soodar# show bfd peer 192.168.1.1
BFD Peer:
peer 192.168.1.1
label: router3-peer
ID: 2
Remote ID: 2
Status: up
Uptime: 3 minute(s), 4 second(s)
Diagnostics: ok
Remote diagnostics: ok
Peer Type: dynamic
Local timers:
Detect-multiplier: 3
Receive interval: 300ms
Transmission interval: 300ms
Echo receive interval: 50ms
Echo transmission interval: disabled
Remote timers:
Detect-multiplier: 3
Receive interval: 300ms
Transmission interval: 300ms
Echo receive interval: 50ms
soodar# show bfd peer 192.168.0.1 json
{"multihop":false,"peer":"192.168.0.1","id":1,"remote-id":1,"status":"up","uptime":161,"diagnostic":"ok","remote-diagnostic":"ok","receive-interval":300,"transmit-interval":300,"echo-receive-interval":50,"echo-transmit-interval":0,"detect-multiplier":3,"remote-receive-interval":300,"remote-transmit-interval":300,"remote-echo-receive-interval":50,"remote-detect-multiplier":3,"peer-type":"dynamic"}
You can inspect the current BFD peer status in brief with the following commands:
soodar# show bfd peers brief
Session count: 1
SessionId LocalAddress PeerAddress Status
========= ============ =========== ======
1 192.168.0.1 192.168.0.2 up
You can also inspect peer session counters with the following commands:
soodar# show bfd peers counters
BFD Peers:
peer 192.168.2.1 interface ge2
Control packet input: 28 packets
Control packet output: 28 packets
Echo packet input: 0 packets
Echo packet output: 0 packets
Session up events: 1
Session down events: 0
Zebra notifications: 2
peer 192.168.0.1
Control packet input: 54 packets
Control packet output: 103 packets
Echo packet input: 965 packets
Echo packet output: 966 packets
Session up events: 1
Session down events: 0
Zebra notifications: 4
soodar# show bfd peer 192.168.0.1 counters
peer 192.168.0.1
Control packet input: 126 packets
Control packet output: 247 packets
Echo packet input: 2409 packets
Echo packet output: 2410 packets
Session up events: 1
Session down events: 0
Zebra notifications: 4
soodar# show bfd peer 192.168.0.1 counters json
{"multihop":false,"peer":"192.168.0.1","control-packet-input":348,"control-packet-output":685,"echo-packet-input":6815,"echo-packet-output":6816,"session-up":1,"session-down":0,"zebra-notifications":4}
You can also clear packet counters per session with the following commands, only the packet counters will be reset:
soodar# clear bfd peers counters
soodar# show bfd peers counters
BFD Peers:
peer 192.168.2.1 interface ge2
Control packet input: 0 packets
Control packet output: 0 packets
Echo packet input: 0 packets
Echo packet output: 0 packets
Session up events: 1
Session down events: 0
Zebra notifications: 2
peer 192.168.0.1
Control packet input: 0 packets
Control packet output: 0 packets
Echo packet input: 0 packets
Echo packet output: 0 packets
Session up events: 1
Session down events: 0
Zebra notifications: 4
Debugging
By default only informational, warning and errors messages are going to be displayed. If you want to get debug messages and other diagnostics then make sure you have debugging level enabled:
config
log syslog debugging
You may also fine tune the debug messages by selecting one or more of the debug levels:
- debug bfd network
Toggle network events: show messages about socket failures and unexpected BFD messages that may not belong to registered peers.
- debug bfd peer
Toggle peer event log messages: show messages about peer creation/removal and state changes.
- debug bfd zebra
Toggle zebra message events: show messages about interfaces, local addresses, VRF and daemon peer registrations.