Description

This article demonstrates BFD states in different situations.

BFD is configured between both peers to make faster the convergence of a routing protocol.
If the BFD communication fails, BFD communicates this info to the routing protocol which will update the routing status.

To determine whether a BGP session should be up even though BFD is down, consider the following two cases where the answer is yes:

• If BFD is configured on one peer only.
• If BFD is blocked by a firewall - BFD is based on UDP port 3784.
  
  

Scope

FortiGate.

Solution

Diagram:

Network diagram:

(vdom1) port10 ----port12 (TP vdom) port14 ------port16 (vdom2)

Expectations, Requirements:

OSPF, BGP, static routing protocol
BFD

Configuration:

3 VDOMs configured: vdom1, vdom2 and TP vdom.
BGP and BFD neighbors are configured in vdom1 and vdom2.
The TP VDOM allows to manage the BFD protocol communication via firewall policy on service port UDP 3784.

vdom1: IP on port10 is 10.130.0.139/22
vdom2: IP on port16 is 10.130.0.38/22

show system settings
config system settings
    set bfd enable
end
show router bfd
config router bfd
        config neighbor
            edit 10.130.0.38
                set interface "port10"
            next
        end
end
sh router bgp
config router bgp
    set as 65001
    set router-id 0.0.0.1
        config neighbor
            edit "10.130.0.38"
                set bfd enable
                set remote-as 65002
                set send-community6 disable
            next
        end
end

show sys settings
config system settings
    set bfd enable
end
show  ro bgp
config router bgp
    set as 65002
    set router-id 0.0.0.2
        config neighbor
            edit "10.130.0.139"
                set bfd enable
                set remote-as 65001
                set send-community6 disable
            next
        end
end
show router bfd
config router bfd
        config neighbor
            edit 10.130.0.139
                set interface "port16"
            next
        end
end

Verification:

BFD is configured on one peer only: BGP is up and BFD is down.

con sys settings

get
comments            :
opmode              : nat
firewall-session-dirty: check-all
bfd                 : disable    <===== BFD not activated yet
bfd-desired-min-tx  : 250
bfd-required-min-rx : 250
bfd-detect-mult     : 3
bfd-dont-enforce-src-port: disable
utf8-spam-tagging   : enable
.../...

get ro info bgp summary

BGP router identifier 0.0.0.1, local AS number 65001
BGP table version is 1
0 BGP AS-PATH entries
0 BGP community entries

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.130.0.38     4        65002   42367   42364        0        0      0       03:04:41        0

Total number of neighbors 1

get router info bfd neighbor detail

OurAddress      NeighAddress    State       Interface       LDesc/RDesc
10.130.0.139    10.130.0.38     DOWN        port10          2/1
Local Diag: 1, Demand mode: no, Poll bit: unset
MinTxInt: 250, MinRxInt: 250, Multiplier: 3
Received: MinRxInt: 250 (ms), MinTxInt: 250 (ms),Multiplier: 3
Transmit Interval: 250 (ms), Detection Time: 750 (ms)
Rx Count: 4532, Rx Interval (ms) min/max/avg 0/5000/190 last 1000000380 (ms) ago
Tx Count: 448861, Tx Interval (ms) min/max/avg 0/5010/247  last: 250 (ms) ago
Registered protocols: Static BGP

get ro info bgp summary
BGP router identifier 0.0.0.2, local AS number 65002
BGP table version is 1
0 BGP AS-PATH entries
0 BGP community entries

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.130.0.139    4      65001   42349   42366        0            0    0       02:57:48        0

Total number of neighbors 1

get router info bfd  neighbor detail

config system  settings

set bfd enable

end

BFD is configured on both peers: BGP remains up while BFD becomes up.

config system settings

set bfd enable

end

get router info bfd  neighbor detail

OurAddress      NeighAddress    State       Interface       LDesc/RDesc
10.130.0.38     10.130.0.139        UP          port16          3/2
Local Diag: 0, Demand mode: no, Poll bit: unset
MinTxInt: 250, MinRxInt: 250, Multiplier: 3
Received: MinRxInt: 250 (ms), MinTxInt: 250 (ms),Multiplier: 3
Transmit Interval: 250 (ms), Detection Time: 750 (ms)
Rx Count: 38, Rx Interval (ms) min/max/avg 0/250/203 last 50 (ms) ago
Tx Count: 37, Tx Interval (ms) min/max/avg 0/250/205  last: 110 (ms) ago
Registered protocols: Static BGP


get ro info bgp summary
BGP router identifier 0.0.0.2, local AS number 65002
BGP table version is 1
0 BGP AS-PATH entries
0 BGP community entries

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.130.0.139    4      65001   42357   42373        0          0    0        03:04:34        0

Total number of neighbors 1

get ro info bgp summary
BGP router identifier 0.0.0.1, local AS number 65001
BGP table version is 1
0 BGP AS-PATH entries
0 BGP community entries

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.130.0.38     4      65002   42367   42364        0           0    0         03:04:41        0

Total number of neighbors 1

get router info bfd neighbor detail

OurAddress      NeighAddress    State       Interface       LDesc/RDesc
10.130.0.139    10.130.0.38         UP          port10          2/3
Local Diag: 0, Demand mode: no, Poll bit: unset
MinTxInt: 250, MinRxInt: 250, Multiplier: 3
Received: MinRxInt: 250 (ms), MinTxInt: 250 (ms),Multiplier: 3
Transmit Interval: 250 (ms), Detection Time: 750 (ms)
Rx Count: 4806, Rx Interval (ms) min/max/avg 0/1000000890/208132 last 80 (ms) ago
Tx Count: 449160, Tx Interval (ms) min/max/avg 0/5010/196  last: 200 (ms) ago
Registered protocols: Static BGP

BFD is blocked by firewall between peers: BFD becomes down while BGP goes down and up.

get ro info bgp summary
BGP router identifier 0.0.0.1, local AS number 65001
BGP table version is 1
0 BGP AS-PATH entries
0 BGP community entries

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.130.0.38     4      65002   42402   42399        0           0    0         00:22:27        0

Total number of neighbors 1

get router info bfd neighbor detail

OurAddress      NeighAddress    State       Interface       LDesc/RDesc
10.130.0.139    10.130.0.38         UP          port10          2/3
Local Diag: 0, Demand mode: no, Poll bit: unset
MinTxInt: 250, MinRxInt: 250, Multiplier: 3
Received: MinRxInt: 250 (ms), MinTxInt: 250 (ms),Multiplier: 3
Transmit Interval: 250 (ms), Detection Time: 750 (ms)
Rx Count: 6414, Rx Interval (ms) min/max/avg 0/1000000890/155514 last 30 (ms) ago
Tx Count: 451035, Tx Interval (ms) min/max/avg 0/5010/188  last: 100 (ms) ago
Registered protocols: Static BGP

get ro info bgp summary
BGP router identifier 0.0.0.2, local AS number 65002
BGP table version is 1
0 BGP AS-PATH entries
0 BGP community entries

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.130.0.139    4      65001   42392   42408        0          0    0         00:22:31        0

Total number of neighbors 1

get router info bfd  neighbor detail

OurAddress      NeighAddress    State       Interface       LDesc/RDesc
10.130.0.38      10.130.0.139       UP          port16          3/2
Local Diag: 0, Demand mode: no, Poll bit: unset
MinTxInt: 250, MinRxInt: 250, Multiplier: 3
Received: MinRxInt: 250 (ms), MinTxInt: 250 (ms),Multiplier: 3
Transmit Interval: 250 (ms), Detection Time: 750 (ms)
Rx Count: 1905, Rx Interval (ms) min/max/avg 0/1135750/882 last 60 (ms) ago
Tx Count: 2305, Tx Interval (ms) min/max/avg 0/5000/514  last: 80 (ms) ago
Registered protocols: Static BGP

In all examples described above, BFD takes into account the previous state before communicating the state to the routing protocol.

When the Fortinet device stops receiving 3 BFD control packets (Multiplier: 3), the BFD neighborship will terminate.

2024-10-15 10:16:20 bfd_write:Session[10.130.0.38->10.130.0.139,58148,port16,2325]: Sending BFD packet

2024-10-15 10:16:20 bfd_write:Session[10.130.0.38->10.130.0.139,58148,port16,2325]: Sending BFD packet

2024-10-15 10:16:20 bfd_write:Session[10.130.0.38->10.130.0.139,58148,port16,2325]: Sending BFD packet

2024-10-15 10:16:20 bfd_session_change_state: Session[10.130.0.38->10.130.0.139,58148,port16,2325]: state UP -> DOWN local_diag=0x03

This event will be communicated to BGP, causing the BGP session to go down:

2024-10-15 10:16:20 id=20300 msg="BGP: %BGP-5-ADJCHANGE: VRF 0 neighbor 10.130.0.139 Down BFD Down; User reset added"
2024-10-15 10:16:20 id=20300 msg="BGP: %BGP-5-ADJCHANGE: VRF 0 neighbor 10.130.0.139 Down BGP Notification CEASE"