Description
This article describes how to configure BFD for static routes on a FortiGate.
Scope
FortiGate.
Solution
To configure BFD for static routes, the first step is to set up BFD configuration.
In this example, two FortiGates have been considered.
| FortiGate 1 |
FortiGate 2 |
config system interface
edit "port1"
set vdom "root"
set ip 10.180.6.237 255.255.240.0
set allowaccess ping
set bfd enable
next
end
config router bfd
config neighbor
edit 10.180.4.136
set interface "port1"
next
end
end |
config system interface
edit "port1"
set vdom "root"
set ip 10.180.4.136 255.255.240.0
set allowaccess ping
set bfd enable
next
end
config router bfd
config neighbor
edit 10.180.6.237
set interface "port1"
next
end
end |
Consider a host behind FortiGate 2 which has an IP address of 1.1.1.1. FortiGate 1 has multiple paths to reach that host.
Two static routes have been configured on FortiGate 1, one via gateway 10.180.4.136 and the other via 10.180.2.44 with a higher distance of 20 (a lower distance is preferred).
config router static
edit 2
set dst 1.1.1.1 255.255.255.255
set gateway 10.180.4.136 via FGT-II
set device "port1"
set bfd enable
next
edit 3
set dst 1.1.1.1 255.255.255.255
set gateway 10.180.2.44 via another device
set distance 20
set device "port1"
next
end
Once the above configuration has been applied, it is possible to see that the BFD neighborship is established between the two FortiGates.
get router info bfd neighbor
OurAddress NeighAddress State Interface LDesc/RDesc
10.180.6.237 10.180.4.136 UP port1 1/1
In the routing table, the route with a lower distance is preferred.
get router info routing-table all
S 1.1.1.1/32 [10/0] via 10.180.4.136, port1
C 10.180.0.0/20 is directly connected, port1
If port1 on FortiGate 2 goes down or FortiGate 1 cannot reach 10.180.4.136, the BFD neighborship will go down.
get router info bfd neighbor
OurAddress NeighAddress State Interface LDesc/RDesc
10.180.6.237 10.180.4.136 DOWN port1 1/1
As BFD neighborship is down, FortiGate is unable to reach 1.1.1.1/32 from route entry 2 (via gateway 10.180.4.136).
The routing table is updated and route entry 3 (via gateway 10.180.2.44) is active in the routing table.
get router info routing-table all
S 1.1.1.1/32 [20/0] via 10.180.2.44, port1
C 10.180.0.0/20 is directly connected, port1
BFD removes a static route from the routing table if FortiGate cannot reach the route's destination and returns the route to the routing table if the route's destination is restored.
BFD Troubleshooting commands for IPv4 and IPv6 (CLI):
get router info bfd neighbor
get router info bfd neighbor detail
get router info bfd requests
diagnose test application bfd 1
get router info6 bfd neighbor
get router info6 bfd neighbor detail
get router info6 bfd requests
Packet Sniffer(CLI):
diagnose sniffer packet any "port 3784" 4 0 1
diagnose sniffer packet any "port 3784" 6 0 1
BFD debug(CLI):
diagnose debug reset
diagnose ip router bfd all enable
diagnose debug app bfdd -1
diagnose debug console timestamp enable
diagnose debug enable
Disable debug:
diagnose ip router bfd all disable
diagnose debug application bfd 0
diagnose debug reset
Related article:
Technical Tip: How FortiGate calculates BFD timers (Transmit Interval, Detection Time)
