Technical Tip: Using multihop bidirectional forwarding detection (BFD)
| Description | FortiOS supports multi-hop BFD from firmware 7.2 onwards. This article shows the multi-hop BGP configuration on Fortigate. Earlier BFD was supported for peers directly connected on same network. Not to be confused with BGP multi-hop, that is a feature to enable BGP peering over multiple hops. Multihop traffic will be UDP 4784. |
| Scope | FortiOS, BFD. |
| Solution | BFD is UDP based protocol that helps in detecting faults in the bidirectional path between two devices. It is defined in RFC 5880.
After detecting the link fault through BFD, the upper-layer protocol (here BGP) can take measures to promptly rectify the fault.
   Multihop-template config is required to make BFD work over multiple hops.
FGT-A.
config router bfd config multihop-template edit 1 set src 10.0.0.0 255.255.192.0 set dst 10.156.0.0 255.255.192.0 set auth-mode md5 set md5-key set md5-key <key> next end end
config router bgp set as 65050 set router-id 2.2.2.2 config neighbor edit "10.156.18.30" set bfd enable set ebgp-enforce-multihop enable set soft-reconfiguration enable set remote-as 65412 next end
FGT-B.
config router bfd config multihop-template edit 1 set src 10.156.0.0 255.255.192.0 set dst 10.0.0.0 255.255.192.0 set auth-mode md5 set md5-key <key> next end end
config router bgp set as 65412 set router-id 1.1.1.1 config neighbor edit "10.0.18.10" set bfd enable set ebgp-enforce-multihop enable set soft-reconfiguration enable set remote-as 65050 next end
BFD neighborship can be verified using the following commands.
FGT-B # get router info bfd neighbor
OurAddress NeighAddress State Interface LDesc/RDesc 10.156.18.30 10.0.18.10 UP port3 2/2/M
FGT-A # get router info bfd neighbor
OurAddress NeighAddress State Interface LDesc/RDesc 10.0.18.10 10.156.18.30 UP port4 2/2/M
Note:
For BFD troubleshooting, refer to Technical Tip: Bi-directional Forwarding Detection failure detection timer. BFD Multihop traffic may drop by the local-in policy. |