BFD – Bidirectional Forwarding Detection Explained & configuration
BFD is an efficient high speed keepalive mechanism that verifies connectivity between two systems. In the first phase of development, Cisco will support BFD Asynchronous mode, which depends on the transmission of BFD control packets between the two systems.
BFD payload control packets will be encapsulated in UDP packets, using destination port 3784 and a source port in the range of 49152 to 65535.
For BFD, mainly there is 2 type of packet exchanged between peers:
- Control packets are mandatory and processed by the CPU. They set up the initial BFD session, where parameters are negotiated, such as timers.
- Echo packets use UDP to send an echo to a peer and are not received by the CPU. The is because they contain the source and destination IP/MAC of the sender.
Contents
I- BFD Control Packet
BFD control packets are always sent as unicast packets to the BFD peer.
BFD session Initialization
The initial packets from either side will be very similar: Vers, Diag, the H, D, P, and F bits will all be set to zero. My Discriminator will be set to a value which is unique on the transmitting router; Your Discriminator is set to zero, because the BFD session has yet to be established.
The values of the TX and RX timers will be set to the values found in the configuration of the device.
After the remote router receives a BFD control packet during the session initiation phase, it will copy the value of the “My Discriminator” field into its own “Your Discriminator” field and set the H (“I Hear You”) bit for any subsequent BFD control packets it transmits.
Once both systems see their own Discriminators in each other’s control packets, the session is “officially” established. Both systems will continue to send at (at least) one-second intervals until they see the appropriate Discriminators in each other’s BFD control packets.
BFD Timer and Transmit Rate Negotiation
Once BFD has been enabled on the interfaces and on the appropriate protocols, Cisco NX-OS creates a BFD session, negotiates BFD session parameters, and begins to send BFD control packets to each BFD neighbor at the negotiated interval. The BFD session parameters include the following:
- Desired minimum transmit interval (Tx) : The interval at which this device wants to send BFD hello messages.
- Required minimum receive interval (Rx): The minimum interval at which this device can accept BFD hello messages from another BFD device.
- Detect multiplier: The number of missing BFD hello messages from another BFD device before this local device detects a fault in the forwarding path.
R1(config)# bfd interval 100 min_rx 50 multiplier 3Code language: PHP (php)R2(config)# bfd interval 40 min_rx 60 multiplier 3Code language: PHP (php)
- Neighbors continuously negotiate their desired transmit and receive rates in terms of microseconds.
➜ The device reporting the slower rate determines the transmission rate.
The setting of “Your Discriminator” and the H bit are sufficient to allow the local device to know that the remote device has seen its packets during initial timer exchange. Once these timers have been negotiated, they can be renegotiated at any time during the session without causing a session reset. The existing timers are maintained during the negotiation period, and the new timers do not take effect until they are acknowledge via a Poll bit and Final bit exchange.
II- BFD Echo Function
BFD Echo Mode – Echo mode is enabled by default, and runs with asynchronous BFD. It can be disabled on one side to run with asymmetry, or run on both sides of a neighborship. Echo packets are sent by the forward engine, and forwarded back along the same path. An echo packet is set with a source and destination address of the interface itself, and a destination UDP port of 3785.
The BFD echo function sends echo packets from the forwarding engine to the remote BFD neighbor. The BFD neighbor forwards the echo packet back along the same path in order to perform detection; the BFD neighbor does not participate in the actual forwarding of the echo packets. The echo function and the forwarding engine are responsible for the detection process.
BFD can use the slow timer to slow down the asynchronous session when the echo function is enabled and reduce the number of BFD control packets that are sent between two BFD neighbors. Also, the forwarding engine tests the forwarding path on the remote (neighbor) system without involving the remote system, so there is less interpacket delay variability and faster failure detection times.
The echo function is without asymmetry when both BFD neighbors are running echo function.
Cisco NX-OS uses the packet Time to Live (TTL) value to verify that the BFD packets came from an adjacent BFD peer. For all asynchronous and echo request packets, the BFD neighbor sets the TTL value to 255 and the local BFD process verifies the TTL value as 255 before processing the incoming packet. For the echo response packet, BFD sets the TTL value to 254.
III- BFD Parameters Configuration on NXOS
Enable BFD feature:
- configure terminal
- feature bfd
- show feature | include bfd
- copy running-config startup-config
Global level configuration:
You can configure the BFD session parameters for all BFD sessions on the device:
switch(config)# bfd interval <50-999> min_rx <1-999> multiplier <3-50>Code language: HTML, XML (xml)- interval (Desired Tx): determines how frequently (in milliseconds) BFD packets will be sent to BFD peers.
- min_rx: determines how frequently (in milliseconds) BFD packets will be expected to be received from BFD peers
- multiplier: The number of consecutive BFD packets which must be missed from a BFD peer before declaring that peer unavailable, and informing the higher-layer protocols of the failure
Interface level configuration:
You can configure the BFD session parameters for all BFD sessions on an interface:
switch(config)# interface ethernet 2/1
switch(config-if)# bfd interval 50 min_rx 50 multiplier 3Code language: PHP (php)BFD on a Port Channel
If per-link mode is used for Layer 3 port channels, BFD creates a session for each link in the port channel and provides an aggregate result to client protocols. For example, if the BFD session for one link on a port channel is up, BFD informs client protocols, such as OSPF, that the port channel is up.
The command “bfd per-link” under the port-channel interface configures the BFD sessions for each link in the port channel.
You can configure the BFD session parameters for all BFD sessions on a port channel.
switch(config)# interface port-channel 2
switch(config-if)# bfd per-link
switch(config-if)# bfd interval 50 min_rx 50 multiplier 3Code language: PHP (php)
BFD Echo function:
The following enables the echo function. The default is enabled:
switch(config)# interface ethernet 2/1
switch(config-if)# bfd echoCode language: PHP (php)
BFD slow timer:
- Configures the slow timer used in the echo function. This value determines how fast BFD starts up a new session and is used to slow down the asynchronous sessions when the BFD echo function is enabled.
- This value overwrites the required minimum receive interval when the echo function is enabled.
The range is from 1000 to 30000 milliseconds. The default is 2000.
Device(config)# bfd slow-timers 3000Code language: PHP (php)- If the BFD session is down, then the BFD control packets will be sent with the slow timer interval.
- If the BFD session is up then:
– If echo is enabled, then BFD control packets will be sent in negotiated slow timer interval and echo packets will be sent in negotiated configured BFD interval.
– If echo is not enabled, then BFD control packets will be sent in negotiated configured interval.
BFD Authentication:
On NXOS, you can configure SHA-1 authentication of BFD packets. The following command configures SHA-1 authentication for all BFD sessions on the interface:
switch(config)# interface ethernet 1/10
switch(config-if)# bfd authentication keyed-sha1 keyid 1 ascii_key cisco123Code language: PHP (php)- The ascii_key string is a secret key shared among BFD peers.
- The id value, a number between 0 and 255, is assigned to this particular ascii_key . BFD packets specify the key by id , allowing the use of multiple active keys.
IV- Configuring BFD Support for Protocols
BFD sends a failure detection notice to the BFD-enabled protocols when it detects a failure in the forwarding path. The local device can then initiate the protocol recalculation process and reduce the overall network convergence time.
BGP:
router bgp as-number
neighbor (ip-address | ipv6-address) remote-as as-number
bfdCode language: JavaScript (javascript)
OSPF:
router ospf instance
bfd [ipv4 | ipv6]
interface int-if
ip ospf bfdCode language: CSS (css)Example: configure BFD for OSPFv2 on Ethernet 2/1
feature bfd
feature ospf
router ospf Test1
interface ethernet 2/1
ip ospf bfd
no shutdownCode language: PHP (php)Example of configuration where BFD is enabled under a non-default VRF (OSPFv3 neighbors in vrf3).
configure terminal
router ospfv3 10
vrf vrf3
bfd
ISIS:
router isis instance-tag
bfd [ipv4 | ipv6]
interface int-if
isis bfdCode language: CSS (css)
HSRP:
You can configure BFD for the Hot Standby Router Protocol (HSRP). The active and standby HSRP routers track each other through BFD. If BFD on the standby HSRP router detects that the active HSRP router is down, the standby HSRP router treats this event as an active time expiry and takes over as the active HSRP router.
hsrp bfd all-interfaces
interface int-if
hsrp bfdCode language: PHP (php)
Static route (example):
switch(config)# vrf context Red
switch(config-vrf)# ip route 192.0.2.1 ethernet 2/1 192.0.2.4
switch(config-vrf)# ip route static bfd ethernet 2/1 192.0.2.4 Code language: PHP (php)PIM:
configure terminal
ip pim bfd
interface int-if
ip pim bfd-instanceCode language: PHP (php)
Verification:
show bfd neighbors [details]Code language: CSS (css)V- Configuration Example and verification
1- BFD Without Echo:
R1:
interface Vlan1202
bfd interval 150 min_rx 150 multiplier 3
no bfd echoCode language: PHP (php)
R2:
interface Vlan1202
bfd interval 250 min_rx 250 multiplier 3
no bfd echoCode language: PHP (php)Verification:
From R1″show bfd neighbors” output,
- We see the local configured parameters:
- MinTx Interval: 150
- MinRx Interval:150
- Multiplier: 3
- From the neighbor Parameters
- The received MinRx Interval: 250 ms
- The received Multiplier: 3
- (we will talk about echo later)
- Then, we can see the negotiated transmit timer for BFD control packets:
- Hello: 250 ms (R1will compare its own desired Tx Interval to the min Rx interval of the neighbor R2, that will comparing it own tx:150 to minRx:250)
The device reporting the slower rate determines the transmission rate.
So, the negotiated Transmit timer is 250 ms for BFD control packet from R1 to R2
- Hello: 250 ms (R1will compare its own desired Tx Interval to the min Rx interval of the neighbor R2, that will comparing it own tx:150 to minRx:250)
- Holdown: Negotiated Transmit timer x Received Multiplier
R1# show bfd neighbors
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int Type
172.16.11.1 172.16.11.2 1090519045/1090519041 Up 750(3) Up Vlan255 singlehop
Session state is Up and not using echo function
Local Diag: 0, Demand mode: 0, Poll bit: 0, Authentication: None
MinTxInt: 150000 us, MinRxInt: 150000 us, Multiplier: 3
Received MinRxInt: 250000 us, Received Multiplier: 3, Received MinEchoRx: 50000 us
Holdown (hits): 750 ms (0), Hello (hits): 250 ms (30767)
Rx Count: 236569, Rx Interval (ms) min/max/avg: 0/1689/149 last: 0 ms ago
Tx Count: 30767, Tx Interval (ms) min/max/avg: 248/248/248 last: 0 ms ago
Registered protocols: ospf
Uptime: 0 days 9 hrs 51 mins 0 secs
Last packet: Version: 1 - Diagnostic: 0
State bit: Up - Demand bit: 0
Poll bit: 0 - Final bit: 0
Multiplier: 3 - Length: 24
My Discr.: 1090519041 - Your Discr.: 1090519045
Min tx interval: 250000 - Min rx interval: 250000
Min Echo interval: 50000 - Authentication bit: 0
C-bit: 0
Hosting LC: 1, Down reason: None, Reason not-hosted: None
Code language: PHP (php)R2# show bfd neighbors vrf bameur_test3 details
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int
Type
172.16.11.2 172.16.11.1 1090519041/1090519045 Up 722(3) Up Vlan1202
SH
Session state is Up and not using echo function
Session type: Singlehop
Local Diag: 0, Demand mode: 0, Poll bit: 0, Authentication: None
MinTxInt: 250000 us, MinRxInt: 250000 us, Multiplier: 3
Received MinRxInt: 150000 us, Received Multiplier: 3
Holdown (hits): 750 ms (0), Hello (hits): 250 ms (265060)
Rx Count: 43784, Rx Interval (ms) min/max/avg: 65/1828/1573 last: 27 ms ago
Tx Count: 265060, Tx Interval (ms) min/max/avg: 247/247/247 last: 37 ms ago
Registered protocols: ospf
Uptime: 0 days 10 hrs 44 mins 53 secs, Upcount: 1
Last packet: Version: 1 - Diagnostic: 0
State bit: Up - Demand bit: 0
Poll bit: 0 - Final bit: 0
Multiplier: 3 - Length: 24
My Discr.: 1090519045 - Your Discr.: 1090519041
Min tx interval: 150000 - Min rx interval: 150000
Min Echo interval: 50000 - Authentication bit: 0
Hosting LC: 1, Down reason: None, Reason not-hosted: NoneCode language: PHP (php)2- Which Echo Function Enabled:
- If the BFD session is down, then the BFD control packets will be sent with the slow timer interval.
- If the BFD session is up then:
– If echo is enabled, then BFD control packets will be sent in negotiated slow timer interval and echo packets will be sent in negotiated configured BFD interval.
– If echo is not enabled, then BFD control packets will be sent in negotiated configured interval.
- BFD Echo packet is sent by R1 with 150 ms interval (the Min Tx Interval).
- BFD control packet is sent in the slow timer (default 2000 ms)
R1# show bfd neighbors
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int Type
172.16.11.1 172.16.11.2 1090519045/1090519041 Up 6000(3) Up Vlan255 singlehop
Session state is Up and using echo function with 150 ms interval
Local Diag: 0, Demand mode: 0, Poll bit: 0, Authentication: None
MinTxInt: 150000 us, MinRxInt: 2000000 us, Multiplier: 3
Received MinRxInt: 2000000 us, Received Multiplier: 3, Received MinEchoRx: 50000 us
Holdown (hits): 6000 ms (0), Hello (hits): 2000 ms (46650)
Rx Count: 250263, Rx Interval (ms) min/max/avg: 0/1701/166 last: 0 ms ago
Tx Count: 46650, Tx Interval (ms) min/max/avg: 1820/1820/1820 last: 0 ms ago
Registered protocols: ospf
Uptime: 0 days 11 hrs 33 mins 15 secs
Last packet: Version: 1 - Diagnostic: 0
State bit: Up - Demand bit: 0
Poll bit: 0 - Final bit: 0
Multiplier: 3 - Length: 24
My Discr.: 1090519041 - Your Discr.: 1090519045
Min tx interval: 250000 - Min rx interval: 2000000
Min Echo interval: 50000 - Authentication bit: 0
C-bit: 0
Hosting LC: 1, Down reason: None, Reason not-hosted: None
Code language: PHP (php)R2# show bfd neighbors
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int
Type
172.16.11.2 172.16.11.1 1090519041/1090519045 Up 5117(3) Up Vlan1202
SH
Session state is Up and using echo function with 250 ms interval
Session type: Singlehop
Local Diag: 0, Demand mode: 0, Poll bit: 0, Authentication: None
MinTxInt: 250000 us, MinRxInt: 2000000 us, Multiplier: 3
Received MinRxInt: 2000000 us, Received Multiplier: 3
Holdown (hits): 6000 ms (0), Hello (hits): 2000 ms (268012)
Rx Count: 46522, Rx Interval (ms) min/max/avg: 65/1828/1538 last: 882 ms ago
Tx Count: 268012, Tx Interval (ms) min/max/avg: 1700/1700/1700 last: 921 ms ago
Registered protocols: ospf
Uptime: 0 days 11 hrs 29 mins 21 secs, Upcount: 1
Last packet: Version: 1 - Diagnostic: 0
State bit: Up - Demand bit: 0
Poll bit: 0 - Final bit: 0
Multiplier: 3 - Length: 24
My Discr.: 1090519045 - Your Discr.: 1090519041
Min tx interval: 150000 - Min rx interval: 2000000
Min Echo interval: 50000 - Authentication bit: 0
Hosting LC: 1, Down reason: None, Reason not-hosted: NoneCode language: PHP (php)If we change the Slow timer (on R2 for example to 5s):
The hello packet from R1 are sent every 5s in such case:
bdsol-aci02-leaf1# show bfd neighbors vrf bameur_MC:VRF-33 details
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int Vrf Type
172.16.11.1 172.16.11.2 1090519045/1090519041 Up 6000(3) Up Vlan255 bameur_MC:VRF-33 singlehop
Session state is Up and using echo function with 150 ms interval
Local Diag: 0, Demand mode: 0, Poll bit: 0, Authentication: None
MinTxInt: 150000 us, MinRxInt: 2000000 us, Multiplier: 3
Received MinRxInt: 5000000 us, Received Multiplier: 3, Received MinEchoRx: 50000 us
Holdown (hits): 6000 ms (0), Hello (hits): 5000 ms (46888)
Rx Count: 250573, Rx Interval (ms) min/max/avg: 0/1701/168 last: 0 ms ago
Tx Count: 46888, Tx Interval (ms) min/max/avg: 4801/4801/4801 last: 0 ms ago
Registered protocols: ospf
Uptime: 0 days 11 hrs 42 mins 3 secs
Last packet: Version: 1 - Diagnostic: 0
State bit: Up - Demand bit: 0
Poll bit: 0 - Final bit: 0
Multiplier: 3 - Length: 24
My Discr.: 1090519041 - Your Discr.: 1090519045
Min tx interval: 250000 - Min rx interval: 5000000
Min Echo interval: 50000 - Authentication bit: 0
C-bit: 0
Hosting LC: 1, Down reason: None, Reason not-hosted: NoneCode language: PHP (php)Reference:
[1] https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/interfaces/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Interfaces_Configuration_Guide/b_Cisco_Nexus_9000_Series_NX-OS_Interfaces_Configuration_Guide_chapter_0101.html
[2] https://notes.networklessons.com/bfd-slow-timers
[3] https://www.packetcoders.io/what-is-bfd/
