Technical Tip: Bi-directional Forwarding Detection failure detection timer

The BFD timer variables are only available when BFD is enabled. They can be configured at global or interface level:

• Preferred minimum transmit interval for BFD packets: bfd-desired-min-tx. (Enter an integer value from <1> to <100000> (default = <250>)).
  
• Required minimum receive interval for BFD packets: bfd-required-min-rx. The FortiGate unit will not transmit BFD packets at a slower rate than this, or in other words at a higher value than this. (Enter an integer value from <1> to <100000> (default = <250>)).
• The number of times not detected before setting BFD status down: bfd-detect-mult. (Enter an integer value from <1> to <50> (default = <3>)).
  

Note:

While BFD is designed for rapid failure detection, overly aggressive timers are not always suitable across all hardware or software platforms. Vendors often recommend more conservative values in scaled environments to maintain system responsiveness and avoid CPU spikes. For large-scale networks with many BFD sessions, set the minimum interval to at least 500 ms and the multiplier to 3. An interval of 750 ms or 1000 ms is generally recommended to ensure stability and avoid session flaps during peak load.

Example configured on two FortiGates running firmware version 5.4:

FortiGate_A.

config system settings
    set bfd-desired-min-tx 1000
    set bfd-required-min-rx 50000
    set bfd-detect-mult 2

FortiGate_B.

config system settings
    set bfd-desired-min-tx 10000
    set bfd-required-min-rx 50000
    set bfd-detect-mult 2

Both bfd-desired-min-tx values satisfies bfd-required-min-rx of 50000ms.

Enable debugging:

diagnose debug console timestamp enable

diagnose ip router bfd all enable

diagnose debug application bfdd -1
diagnose debug enable

Filter for a specific BFD neighbor:

diagnose ip router bfd filter x.x.x.x

Disable BFD debugs:

diagnose ip router bfd all disable

diagnose ip router bfd filter clear

diagnose debug application bfd 0

diagnose debug disable

Example of debug output:

2018-01-30 11:14:19 id=20301 logdesc="Routing log" msg="NSM: Session[10.151.1.44:10.151.1.75,port2,28]: Sending BFD packet"
2018-01-30 11:14:38 id=20301 logdesc="Routing log" msg="NSM: Session[10.151.1.44:10.151.1.75,port2,28]: Inactivity timer expired"
2018-01-30 11:14:38 id=20301 logdesc="Routing log" msg="NSM: Session[10.151.1.44:10.151.1.75,port2,28]: state UP -> DOWN local_diag=0x01"
2018-01-30 11:14:38 id=20301 logdesc="Routing log" msg="NSM: BFD session[10.151.1.44:10.151.1.75,port2,28]: state UP -> DOWN local_diag=0x01"
2018-01-30 11:14:38 id=20301 logdesc="Routing log" msg="NSM: Session[10.151.1.44:10.151.1.75,port2,28]: bfd_session_send_packet_now"
2018-01-30 11:14:38 id=20301 logdesc="Routing log" msg="NSM: BFD: Sending notification to protocol-id 4 client-type 8"
2018-01-30 11:14:38 id=20301 logdesc="Routing log" msg="NSM: BFD register message"
2018-01-30 11:14:38 id=20301 logdesc="Routing log" msg="NSM:  Source Address: 10.151.1.44"
2018-01-30 11:14:38 id=20301 logdesc="Routing log" msg="NSM:  Destination Address: 10.151.1.75"
2018-01-30 11:14:38 id=20301 logdesc="Routing log" msg="NSM:  Interface index: 4"
2018-01-30 11:14:38 id=20301 logdesc="Routing log" msg="NSM:  Flags: Delete"
2018-01-30 11:14:38 id=20301 logdesc="Routing log" msg="NSM:  Client: OSPF"

Sample of FortiGate router log:

 

To sniff BFD packets:

diagnose sniffer packet any "udp port 3784" 6 0 a

Sample BFD packets seen with packet decoder: