Description
This article describes how FortiGate calculates the BFD Transmit Interval and Detection Time in a BFD peering connection.
Scope
FortiGate v5.6 and above.
Solution
The Bidirectional Forwarding Detection (BFD) is a network protocol used to detect faults between two routers connected by a link. BFD in a FortiGate is often used in conjunction with other routing protocols such as BGP or OSPF.
This article describes how FortiGate calculates the Transmit Interval and the Detection Time for each BFD peering relationship.
The Transmit Interval is the minimum amount of time interval that a FortiGate waits in a specific BFD peering connection before sending a new BFD packet to the remote BFD peer. FortiGate does not send BFD packets more frequently than that interval.
The Detection Time is the maximum amount of time that a FortiGate waits before considering a BFD link 'broken' and then setting the BFD connection to 'DOWN' status (local_diag=0x01).
They are both indicated in milliseconds.
In this example, a FortiGate-6000F series (BFD_test1) and a FortiGate-VM (BFD_test2) have been configured and the BFD settings have been configured only under the system interface section (not globally).
A BGP peering connection between the two FortiGates has also been previously configured and it is up and running.
The BFD times in a FortiGate can be configured globally or under a specific interface, once BFD has been enabled. Default MinTxInt/MinRxInt timers in a FortiGate are the following:
set bfd-desired-min-tx 250
set bfd-detect-mult 3
set bfd-required-min-rx 250
The BFD configuration used in this example is as shown below:
FortiGate 'BFD_test1':
show full system interface LAN_353 | grep bfd
set bfd enable
set bfd-desired-min-tx 750
set bfd-detect-mult 10
set bfd-required-min-rx 750
FortiGate 'BFD_test2':
show full system interface port3 | grep bfd
set bfd enable
set bfd-desired-min-tx 50
set bfd-detect-mult 2
set bfd-required-min-rx 50
Once both FortiGate BFD configurations are in place, the peers constantly exchange BFD packets to agree on which timers to be used and check if the BFD connection is up. Once timers have been exchanged, FortiGate makes a decision to calculate the Transmit Interval and the Detection Time:
Transmit_Interval = max(bfd-desired-min-tx locally configured, MinRxInt received by peer) <- The highest value (slowest) will be chosen.
Detection_Time = max(bfd-required-min-rx locally configured, MinTxInt received by peer) x Multiplier value received by peer.
Important note:
The Multiplier value used for the 'Detection Time' calculation is the one received by the FortiGate and not the one configured in the local BFD configuration.
In this example:
BFD_test1 has chosen the following timers:
- Transmit Interval: Z50 (ms)
- Detection Time: 1500 (ms)
BFD_test2 has chosen the following timers:
- Transmit Interval: 750 (ms)
- Detection Time: 7500 (ms)
To verify it, use the command below:
get router info bfd neighbor detail
From BFD_test1 output:
From BFD_test2 output:
For a better understanding of how to configure BFD, read the related article Technical Tip: Bi-directional Forwarding Detection failure
Best practices:
- To avoid any confusion is advisable to configure the same Tx/Rx/Multiplier values on both local and remote BFD peers.
- BFD values need to be adjusted/amended on each peer in case the number of BFD peers increases on a loaded FortiGate.
- Using BFD timers too aggressively is not recommended.
Related articles:
Technical Tip: FortiGate BDF implementation and examples.
Technical Tip: Configuring Bidirectional Forwarding Detection (BFD).
Technical Tip: Bi-directional forwarding detection diag code 0x03.
