Bidirectional Forwarding Detection

This section describes Bidirectional Forwarding Detection (BFD) and how it is configured in relation to various protocols. Topics in this section include:

Introduction

In networks without data link signaling, connection failures are usually detected by the hello mechanisms of routing protocols. Detection can take over a second, and reducing detection time by increasing the rate at which hello packets are exchanged can create an excessive burden on the participating CPUs.

Bidirectional Forwarding Detection (BFD) is a low-overhead, protocol-independent mechanism which adjacent systems can use instead for faster detection of faults in the path between them. BFD is strictly a failure-detection mechanism, and does not discover neighbors or reroute traffic.

BFD is a simple mechanism which detects the liveness of a connection between adjacent systems, allowing it to quickly detect failure of any element in the connection. It does not operate independently, but only as an adjunct to routing protocols. The routing protocols are responsible for neighbor detection, and create BFD sessions with neighbors by requesting failure monitoring from BFD.

Once a BFD session is established with a neighbor, BFD exchanges control packets to verify connectivity and informs the requesting protocol of failure if a specified number of successive packets are not received. The requesting protocol is then responsible for responding to the loss of connectivity.

Routing protocols using BFD for failure detection continue to operate normally when BFD is enabled, including the exchange of hello packets.

The basic behavior of BFD is defined in RFC 5880.

BFD Modes

BFD functions in asynchronous or demand mode, and also offers an echo function. EOS supports asynchronous mode and the echo function.

Asynchronous Mode

In asynchronous mode, BFD control packets are exchanged by neighboring systems at regular intervals. If a specified number of sequential packets are not received, BFD declares the session to be down.

Demand Mode

In demand mode, once the BFD session is established, the participating systems can request that BFD packets not be sent, then request an exchange of packets only when needed to verify connectivity. EOS does not support demand mode.

Echo Function

When the echo function is in use, echo packets are looped back through the hardware forwarding path of the neighbor system without involving the CPU. Failure is detected by an interruption in the stream of echoed packets. The minimum reception rate for BFD control packets from the neighbor is also changed automatically when the echo function is operational, because liveness detection is supplied by the echo packets.

While BFD control messages are transmitted to port 3784, BFD echo messages use UDP port 3785 for both source and destination.

BFD on Port Channels

On port channels, the BFD per-link feature can be used to add resiliency to the port channel's BFD sessions. When BFD per-link is enabled, BFD considers the port channel "up" as long as any link in the port channel is functioning properly.

BFD per-link can be configured in full compliance with RFC 7130, causing member ports to be removed from the port channel when their BFD micro sessions are down, or in legacy mode, which relies on the LAG itself to detect and remove unresponsive member ports. By default, BFD per-link operates in legacy mode, which allows the switch to inter-operate more effectively with older equipment, but which may drop traffic if downed links are not detected by other means. RFC7130 mode allows for faster detection and removal of downed links within the port channel and can be used in situations where LACP is not supported. For the BFD session to come up, both peers must be configured in the same way.

BFD Configuration

Configuring BFD on an Interface

The transmission rate for BFD control packets, the minimum rate at which control packets are expected from the peer, and the multiplier (the number of packets that must be missed in succession before BFD declares the session to be down) can all be configured per interface. The values configured apply to all BFD sessions that pass through the interface.

The default values for these parameters are:
  • transmission rate 300 milliseconds
  • minimum receive rate 300 milliseconds
  • multiplier 3

To configure different values for these parameters on an interface, use the bfd interval command.

For BFD to function as a failure detection mechanism, it must be enabled for each participating protocol.

Example

These commands set the transmit and receive intervals to 200 milliseconds and the multiplier to 3 for all BFD sessions passing through interface ethernet 3/20.

switch(config)# interface ethernet 3/20
switch(config-if-Et3/20)# bfd interval 200 min-rx 200 multiplier 3
switch(config-if-Et3/20)#

Configuring BFD on a Port Channel

Basic BFD parameters are configured on a port channel as described in Configuring BFD on an Interface above.

Additionally, BFD can be configured in per-link mode on a port channel so that the port channel will be considered up as long as any link in the channel is up. BFD per-link can be configured in compliance with RFC 7130 (causing member ports to be removed from the port channel when their BFD micro session is down), or in legacy mode for interoperability with older equipment. For the BFD session to come up, both peers must be configured in the same way (either RFC 7130 or legacy mode).

Note: In RFC 7130 mode, if multiple IP addresses are configured for a member of a port channel (e.g., one IPv4 address and one IPv6 address), the member will be removed from the port channel if the micro session associated with either IP address goes down.

Enabling BFD Per-link

To enable BFD per-link on a port channel, use the bfd per-link command.

Example

These commands enabled BFD per-link on port channel 5.
switch(config)# interface port-channel 5
switch(config-if-Po5)# bfd per-link
switch(config-if-Po5)#

Configuring BFD Per-link in RFC 7130 Mode

By default, BFD per-link operates in legacy mode. To enable RFC 7130 mode (in which a member port is removed from the port channel when its BFD micro session is down), configure the switch as follows.

  1. If you are configuring an L2 interface, specify a local L3 BFD address for the switch using the bfd local-address command. This is not necessary when configuring an L3 interface with an IP address configured on the port channel.
  2. Enable BFD per-link on the port channel using the bfd per-link command.
  3. Specify the L3 address of the port channel’s BFD neighbor using the bfd neighbor command. For an L2 port channel, the address is the globally configured BFD local address on the peer switch. For an L3 port channel, the address is the IP address configured on the peer port channel.

    Examples
    • These commands configure BFD per-link in RFC 7130 mode over an L2 port channel.
      • Switch 1 configuration:
        switch1(config)# bfd local-address 10.0.0.5
        switch1(config)# interface port-channel 5
        switch1(config-if-Po5)# bfd per-link rfc-7130
        switch1(config-if-Po5)# bfd neighbor 10.0.0.4
        switch1(config-if-Po5)#

      • Switch 2 configuration:
        switch2(config)# bfd local-address 10.0.0.4
        switch2(config) #interface port-channel 5
        switch2(config-if-Po5)# bfd per-link rfc-7130
        switch2(config-if-Po5)# bfd neighbor 10.0.0.5
        switch2(config-if-Po5)#
        These commands configure BFD per-link in RFC 7130 mode over an L3 port channel.

      • Switch 1 configuration:
        switch1(config)# interface port-channel 5
        switch1(config-if-Po5)# no switchport
        switch1(config-if-Po5)# bfd per-link rfc-7130
        switch1(config-if-Po5)# ip address 10.0.0.5/24
        switch1(config-if-Po5)# bfd neighbor10.0.0.4
        switch1(config-if-Po5)#

      • Switch 2 configuration:
        switch2(config)# interface port-channel 5
        switch2(config-if-Po5)# no switchport
        switch2(config-if-Po5)# bfd per-link rfc-7130
        switch2(config-if-Po5)# ip address 10.0.0.4/24
        switch2(config-if-Po5)# bfd neighbor 10.0.0.5

Configuring the Echo Function

The echo function is disabled by default, and is enabled on an interface using the bfd echo command.

When the BFD echo function is enabled, a "slow-timer" value replaces the minimum receive interval value in BFD packets sent from the switch. The default value is 2000 milliseconds. To configure a different value for the slow-timer, use the bfd slow-timer command.

Examples

  • These commands enable the BFD echo function on interface ethernet 5. If a slow-timer value has been configured on the switch, the minimum receive rate expected from the BFD neighbor will be reset to that value; otherwise, the minimum receive rate will be set to 2000 milliseconds.
    switch(config)# interface ethernet 5
    switch(config-if-Et5)# bfd echo
    switch(config-if-Et5)#

  • This command configures BFD to expect control packets from the peer every 10000 milliseconds when the BFD echo function is enabled.
    switch(config)# bfd slow-timer 10000
    switch(config)#

Configuring BFD for PIM

The bfd (Router-PIM Sparse-mode) command enables or disables Bidirectional Forwarding Detection (BFD) globally for all Protocol-Independent Multicast (PIM) neighbors.

To enable or disable PIM BFD on a specific interface, use the pim ipv4 bfd command. The interface-level configuration supersedes the global setting.

Examples
  • These commands enable PIM BFD globally on the switch in the default VRF, enabling it on all PIM-SM interfaces where it is not explicitly disabled.
    switch(config)# router pim sparse-mode
    switch(config-router-pim-sparse)# ipv4
    switch(config-router-pim-sparse-ipv4)# bfd
    switch(config-router-pim-sparse-ipv4)#

  • These commands configure interface vlan 200 to use BFD for PIM-SM connection failure detection regardless of the global PIM BFD configuration.
    switch(config)# interface vlan 200
    switch(config-if-VL200)# pim ipv4 bfd
    switch(config-if-VL200)#

Configuring BFD for BGP

To enable or disable Bidirectional Forwarding Detection (BFD) for border gateway protocol (BGP) connections with a BGP neighbor or peer group, use the neighbor bfd command.

Example

These commands enable BFD failure detection for BGP connections with the neighbor at 10.13.64.1.
switch(config)# router bgp 300
switch(config-router-bgp)# neighbor 10.13.64.1 bfd
switch(config-router-bgp)#

Configuring BFD for VRRP

To enable or disable Bidirectional Forwarding Detection (BFD) for Virtual Router Redundancy Protocol (VRRP), use the vrrp bfd ip command.

When enabled, BFD provides failure detection for a 2-router VRRP system. When the master is configured with the physical IP address of the backup router, and the backup is configured with the address of the master, a BFD session is established between them. If the BFD session goes down, the backup router immediately assumes the master role.

VRRP master advertisement packets are still sent even when the BFD session is established to accommodate VRRP systems involving more than two routers.

Example

These commands enable BFD on interface ethernet 3/20 for VRRP ID 15 with a connection to a router at IP address 192.168.2.1.
switch(config)# interface ethernet 3/20
switch(config-if-Et3/20)# vrrp 15 bfd ip 192.168.2.1
switch(config-if-Et3/20)#

Configuring BFD for OSPF

To enable or disable BFD globally for all OSPF neighbors, use the bfd default (OSPF) command in OSPF configuration mode.

To enable or disable BFD for OSPF on a specific interface, use the ip ospf neighbor bfd command. The interface-level configuration supersedes the global setting.

Examples
  • These commands enable BFD in OSPF instance 100 for all OSPF neighbors on BFD-enabled interfaces except those connected to interfaces on which OSPF BFD has been explicitly disabled.
    switch(config)# router ospf 100
    switch(config-router-ospf)# bfd default
    switch(config-router-ospf)#

  • This command enables OSPF BFD on interface ethernet 3/21.

    switch(config)# interface ethernet 3/21
    switch(config-if-Et3/21)# ip ospf neighbor bfd
    switch(config-if-Et3/21)#

Configure BFD for IS-IS

The isis bfd and command configure Bidirectional Forwarding Detection (BFD), a low overhead protocol designed to provide rapid detection of failures at any protocol layer in the path between adjacent forwarding engines over any media. BFD is supported for IS-IS IPv4 routes.

Examples
  • These commands enable BFD for all the interfaces on which IS-IS is enabled. By default BFD is disabled on all the interfaces.
    switch(config)# router isis 1
    switch(config-router-isis)# address-family ipv4
    switch(config-router-af)# bfd default
    switch(config-router-af)#

  • These commands enable BFD on IS-IS interfaces.
    switch(config)# interface Ethernet 5/6
    switch(config-if-Et5/6)# isis bfd
    switch(config-if-Et5/6)#

Configuring BFD Session Telemetry

The BFD session telemetry automatically collects the per-session statistics and the rbfd kernel module statistics at a set interval and stores them in a shared memory where Cloud Vision Portal (CVP) or other applications may collect this information. Also, several new statistics have been added which are updated within the session-stats interval and provides a finer snapshot view of the session health. The BFD session telemetry supports both hardware-accelerated and software (kernel module) accelerated BFD sessions.

Use the session stats snapshot interval command to enable the BFD session telemetry. This command is configured under the router-bfd configuration mode. By default, this command is disabled and the telemetry interval is set to 0 seconds. A telemetry interval between 10 and 3600 seconds may be configured.

Use the no and default form of the command to disable the session stats snapshot interval command from the running configuration and sets the telemetry interval is set to .

Example

switch(config-router-bfd)# session stats snapshot interval 10

A telemetry interval may be configured to a value less than 10 seconds and as little as 1 second using an additional keyword dangerous, as follows:

switch(config-router-bfd)# session stats snapshot interval dangerous 1

However, note that, configurations including a telemetry interval of less than 10 seconds are not advised for systems with a large-scale BFD deployment as this may cause delays in the rbfd kernel module and result in BFD session instability.

Displaying BFD Neighbor Information

Use the show bfd hardware acceleration command to display information about Bidirectional Forwarding Detection (BFD) neighbors.

Examples
  • This command displays general information about BFD neighbors.
    switch> show bfd peers
    DstAddrMyDiscYoDiscIfLUpLDownLdiagState
    
    10.168.1.561613et52_1(81)17151450 0NoDiagnosticUp
    
    10.168.1.581714et52_2(65)17151883 0NoDiagnosticUp
    
    10.168.1.241815et51_1(73)17152175 0NoDiagnosticUp

  • This command displays detailed information about BFD neighbors.
    switch> show bfd peers detail
    Peer Addr 10.168.1.56, Intf Ethernet52/1, State Up
    VRF default, LAddr 10.168.1.57, LD/RD 16/13
    Last Up 17151450
    Last Down 0
    Last Diag: No Diagnostic
    TxInt: 300, RxInt: 300, Multiplier: 3
    Received RxInt: 300, Received Multiplier: 3
    Rx Count: 433987, Tx Count: 433829
    Detect Time: 900
    Registered protocols: bgp
    
    Peer Addr 10.168.1.58, Intf Ethernet52/2, State Up
    VRF default, LAddr 10.168.1.59, LD/RD 17/14
    Last Up 17151883
    Last Down 0
    Last Diag: No Diagnostic
    TxInt: 300, RxInt: 300, Multiplier: 3
    Received RxInt: 300, Received Multiplier: 3
    Rx Count: 434235, Tx Count: 434050
    Detect Time: 900
    Registered protocols: bgp

Hardware Accelerated BFD Transmit

Hardware Accelerated BFD Transmit adds support for offloading BFD Transmit path to hardware (ASIC) for specific types of BFD sessions.

Hardware Accelerated BFD Transmit improves accuracy of transmit timer implementations for BFD (especially with fast timers like 50 ms) and relieves pressure on the main CPU in scenarios of scale. The RX packet processing for all BFD sessions is still handled by the BFD agent on the main CPU. The feature does not add any additional timer interval or multiplier configurations.

On supported platforms, hardware acceleration-capable BFD sessions is offloaded by default. Memory resources are required on ASIC to offload sessions (one unit per discriminator). Currently, the number of session discriminators that can be offloaded is restricted to 200 per ASIC.

Only single-hop BFD sessions on front panel ports are capable of being offloaded. In EOS Release 4.23.0F, the following sessions types cannot be offloaded:
  • BFD sessions over Port-Channel Sub-Interfaces
  • BFD sessions over L3 Sub-Interfaces
  • BFD sessions over an entire Port-Channel (not per member BFD)
  • BFD sessions over a Switched Virtual Interface
  • BFD sessions over a Loopback interface
  • BFD sessions over Tunnel interfaces
  • Multi-hop BFD sessions
  • BFD sessions with Authentication configured

From EOS Release 4.23.1F onwards, the following additional session types can be offloaded:
  • BFD sessions over L3 Sub-Interfaces

From EOS Release 4.24.0F onwards, hardware acceleration is only supported on certain SSO redundancy protocol configured modular systems.

Note: For the purposes of memory management in hardware, each discriminator occupies one unit of memory. When echo mode is enabled on a session, both asynchronous mode and the echo function have separate discriminators and each take up a unit each amongst the 200 available per ASIC.

Configuration

The Hardware Accelerated BFD Transmit feature is enabled by default on supported platforms. No explicit configuration is required.

The feature may be disabled using the following command:
switch(config-router-bfd)# hardware acceleration disabled

Show Commands

Hardware Acceleration Information

To view whether hardware acceleration is running use the show bfd hardware acceleration command. In this example, hardware acceleration is running.

Example

switch(config)# show bfd hardware acceleration
Hardware acceleration is running

The following example displays when hardware acceleration is not enabled and the reasons why.

Example

switch# show bfd hardware acceleration
Hardware acceleration is not running: user disabled, no eligible sessions, not supported with SSO

The reasons listedfor when hardware acceleration could be a subset of the following:
  • User disabled: The feature was explicitly disabled in the CLI configuration.
  • No eligible sessions: There are no BFD sessions configured that could be hardware accelerated. For example, all current BFD sessions have authentication enabled.
  • Not supported with SSO: On certain modular systems, the feature is not supported when the redundancy protocol is configured to SSO.

The following example output of the command is when the hardware acceleration feature is not supported on a product:
Hardware acceleration is not supported

Session Information

Use the show bfd peers detail command to display whether an individual session is hardware accelerated or not. An additional line has been added to the command to display hardware acceleration as shown in the following example.
switch# show bfd peers detail
VRF name: default
-----------------
Peer Addr 10.0.0.2, Intf Ethernet3/1/1, Type normal, State Down
VRF default, LAddr 0.0.0.0, LD/RD 1157402594/0
Session state is Down and not using echo function
Hardware Acceleration: Async On, Echo On

Async On denotes the Asynchronous Transmit component of the session has been offloaded.

Echo On denotes the Echo Transmit function of the session has been offloaded.

Note: There is no guarantee that both the Asynchronous transmit component and the echo function will be offloaded together to the hardware.

Hardware Acceleration Summary

Use the show bfd hardware utilization command to display a summary of the number of offloaded discriminators per ASIC.

Example
switch# show bfd hardware utilization
Chip Name  Number Of Sessions  Maximum Number Of Sessions
---------- ------------------- --------------------------
Jericho0                   20                         200
Jericho1                    0                         200

Detailed Hardware Acceleration Information

Use the show bfd hardware utilization detail command to display a detailed list of the BFD discriminators whose transmit path is offloaded can be viewed per ASIC using:

Example
switch# show bfd hardware utilization detail
sh bfd hardware utilization detail
Chip: Jericho0
Dst Addr  My Disc    Interface    VRF      Type
--------- ---------- ------------ -------- ------
1.1.6.2   3175653802 Ethernet1/1  default  normal
1.1.3.2   1151992021 Ethernet2/1  default  normal

Chip: Jericho1
Dst Addr   My Disc    Interface    VRF      Type
---------- ---------- ------------ -------- -----

Limitations

The following limitations are associated with the Hardware Accelerated BFD Transmit feature.
  • Hardware acceleration is not supported on certain modular systems configured with SSO redundancy protocol.
  • Before EOS Release 4.24.0F, on 7500 series modular systems with both 7500E series and 7500R series line cards, hardware acceleration is not supported if the systems Forwarding Mode is Arad, as shown by show platform sand compatibility command display output. From the EOS Release 4.24.0F onwards, this does not apply because the 7500E series line cards are deprecated.
  • Hardware acceleration is not supported on Port-Channel Sub-Interfaces.
  • In the EOS Release 4.23.0F, hardware acceleration is not supported on L3 Sub-Interfaces.
  • Hardware acceleration is not supported on Switched Virtual Interfaces.
  • Hardware acceleration is not supported on Port-Channel interfaces (non-per-link BFD).
  • Hardware acceleration is not supported on Loopback interfaces.
  • Hardware acceleration is not supported on Tunnel interfaces.
  • Hardware acceleration is not supported on front-panel or Port-Channel sub-interfaces.
  • Hardware acceleration is not supported with Multi-hop BFD.
  • Hardware acceleration is not supported when Authentication is enabled.
  • Configuring authentication on an already offloaded session results in the session being migrated back to software. Similarly, deconfiguring authentication migrates the session to hardware if the session is hardware acceleration capable and if resources are available on the ASIC in question.
  • Hardware acceleration limits the number of accelerated transmit discriminators to 200 per ASIC.
  • Configuring more than 200 session discriminators on interfaces attached to an ASIC results in the additional session discriminators falling back to the default software transmit implementation, where the accuracy of transmit timers are dependent on the host CPU load.
  • When enabling hardware acceleration with a high enough number of existing offload-capable software sessions, a flap in some sessions may be observed once at the time of migration from software to hardware.
  • When disabling hardware acceleration with a high enough number of existing offloaded sessions, a flap in some sessions may be observed once at the time of migration from hardware to software.
  • Sessions are offloaded to hardware in a first-come, first-served fashion. Currently, in an overflow scenario with more than 200 session discriminators per chip, there is no guarantee that shorter intervals are always offloaded.

BFD Commands

bfd (Router-PIM Sparse-mode)

The bfd (Router-PIM Sparse-mode) command enables Bidirectional Forwarding Detection (BFD) globally for use as a failure-detection mechanism for Protocol-Independent Multicast Sparse-Mode (PIM-SM) on the switch. To override the global configuration for a specific interface, use the pim ipv4 bfd command. All PIM-SM interfaces will use the global setting if they are not individually configured.

When PIM BFD is enabled, a BFD session is created for each PIM-SM neighbor and used to detect a loss of connectivity with the neighbor. PIM hello packets are still exchanged with PIM-SM neighbors when BFD is enabled.

The no bfd and default bfd commands disable PIM BFD globally by deleting the bfd statement from running-config. When this is done, only interfaces with PIM BFD explicitly enabled will use PIM BFD.

Command Mode

Router-PIM Sparse-mode IPv4 Configuration

Router-PIM Sparse-mode VRF IPv4 Configuration

Command Syntax

bfd

no bfd

default bfd

Example

These commands enable PIM BFD globally on the switch in the default VRF, enabling it on all PIM-SM interfaces where it is not explicitly disabled.
switch(config)# router pim sparse-mode
switch(config-router-pim-sparse)# ipv4
switch(config-router-pim-sparse-ipv4)# bfd
switch(config-router-pim-sparse-ipv4)#

bfd default (ISIS)

The bfd default command places the switch in address-family configuration mode.

The bfd default and isis bfd commands configure Bidirectional Forwarding Detection (BFD), a low overhead protocol designed to provide rapid detection of failures at any protocol layer in the path between adjacent forwarding engines over any media. BFD is supported for IS-IS IPv4 routes.

Command Mode

Router-Address-Family Configuration

Command Syntax

bfd default

Example

These commands enable BFD for all the interfaces on which IS-IS is enabled. By default BFD is disabled on all the interfaces.
switch(config)# router isis 1
switch(config-router-isis)# address-family ipv4
switch(config-router-af)# bfd default
switch(config-router-af)#

bfd default (OSPF)

The bfd default command globally configures OSPF to use Bidirectional Forwarding Detection (BFD). When this command is issued, BFD sessions will be established with all OSPF neighbors connected to BFD-enabled interfaces unless OSPF BFD has been disabled on a participating interface using the ip ospf neighbor bfd command. BFD is globally disabled in OSPF by default.

For OSPF BFD to function on an interface, BFD must also be enabled and configured on that interface using the bfd interval command.

The no bfd default and default bfd default commands disable OSPF BFD on all interfaces except those where it has been explicitly enabled using the ip ospf neighbor bfd command.

Command Mode

Router-OSPF Configuration

Command Syntax

bfd default

no bfd default

default bfd default

Examples

These commands enable BFD for OSPF instance 100 on all interfaces except those on which OSPF BFD has been explicitly disabled.

switch(config)# router ospf 100
switch(config-router-ospf)# bfd default
switch(config-router-ospf)#

bfd echo

The bfd echo command enables the BFD echo function on the configuration mode interface.

The no bfd echo and default bfd echo commands disable the BFD echo function by removing the corresponding bfd echo command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

bfd echo

no bfd echo

default bfd echo

Example

These commands enable the BFD echo function on interface ethernet 5. If a slow-timer value has been configured on the switch, the minimum receive rate expected from the BFD neighbor will be reset to that value; otherwise, the minimum receive rate will be set to 2000 milliseconds.
switch(config)# interface ethernet 5
switch(config-if-Et5)# bfd echo
switch(config-if-Et5)#

bfd interval

The bfd interval command configures the BFD control packet transmission rate, minimum control packet receive rate, and the number of missed packets that will signal that the session is down. These parameters can be configured globally for the switch or for the configuration mode interface. If a parameter is configured both globally and on the interface, the value configured on the interface takes precedence.

Note: For a BFD session to be established, BFD must be enabled for any routing protocol using BFD for failure detection.

The no bfd interval and default bfd interval commands return the BFD parameters on the configuration mode interface to default values by removing the corresponding bfd interval command from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Loopback Configuration

Interface-Management Configuration

Interface-Port-channel Configuration

Interface-VLAN Configuration

Command Syntax

bfd interval transmit_rate min-rx receive_minimum multiplier factor

no bfd interval

default bfd interval

Parameters
  • transmit_rate rate in milliseconds at which control packets will be sent. Values range from 50 to 60000; the default value is 300.
  • receive_minimum rate in milliseconds at which control packets will be expected. Values range from 50 to 60000.
  • factor number of consecutive missed BFD control packets after which BFD will declare the session as down. Values range from 3 to 50.

Example

These commands configure BFD on interface ethernet 5 to expect packets from the peer every 200 milliseconds and declare the session down after failing to receive 5 consecutive packets. This configuration overrides any values configured globally.
switch(config)# interface ethernet 5
switch(config-if-Et5)# bfd interval 200 min-rx 200 multiplier 5
switch(config-if-Et5)#

bfd local-address

The bfd local-address command specifies the local L3 address for use in Bidirectional Forwarding Detection (BFD). When configuring an L2 interface, specification of a local L3 address is required in order to run BFD per-link in RFC 7130 mode. (This is not necessary when configuring an L3 interface with an IP address configured on the port channel.)

The no bfd local-address and default bfd local-address commands remove the local L3 address by removing the corresponding bfd local-address command from running-config.

Command Mode

Global Configuration

Command Syntax

bfd local-address [address

no bfd local-address [address]

default bfd local-address [address]

Parameter

address local IPv4 or IPv6 address for BFD.

Example

This command specifies the local L3 address for BFD.
switch(config)# bfd local-address 10.0.0.4
switch(config#

bfd neighbor

The bfd neighbor command specifies the L3 address of the BFD neighbor of the port channel being configured. This is required to run BFD per-link in RFC 7130 mode. For an L2 port channel, this address should be the BFD per-link "local address" globally configured on the peer switch. For an L3 port channel, this address should be the IP address configured on the peer port channel.

The no bfd neighbor and default bfd neighbor commands remove the BFD neighbor address by removing the corresponding bfd neighbor command from running-config.

Command Mode

Interface-Port-channel Configuration

Command Syntax

bfd neighbor address ]

no bfd neighbor [address]

default bfd neighbor [address]

Parameter

address IPv4 or IPv6 address of the port channel's BFD neighbor.

Example

These commands specify the L3 address of the port channel's BFD neighbor.
switch(config)# interface port-channel 5
switch(config-if-Po5)# bfd neighbor 10.0.0.5
switch(config-if-Po5)#

bfd per-link

The bfd per-link command enables the BFD per-link function on the port channel being configured. When BFD per-link is enabled, BFD sub-sessions are run on each link of the port channel; BFD considers the port-channel to be up as long as any one of the links is live.

BFD per-link runs by default in legacy mode, which allows downed links to remain members of the port channel and relies on LACP or other means to prune the dead links. Legacy mode is provided for interoperability with older switches.

RFC 7130 mode runs BFD per-link in full compliance with RFC 7130, and automatically removes links in down state from the port-channel, then adds them back again when they come up. Use the rfc-7130 keyword to enable per-link in RFC 7130 mode. You must also configure an L3 BFD neighbor address for each port-channel running RFC 7130 per-link using the bfd neighbor command. When configuring an L2 interface, you must also globally configure a local L3 BFD address on the switch using the bfd local-address command.

For the BFD session to come up, both peers must be configured in the same way (either rfc-7130 or legacy mode).

The no bfd per-link and default bfd per-link commands disable the BFD per-link function by removing the corresponding bfd per-link command from running-config.

Command Mode

Interface-Port-channel Configuration

Command Syntax

bfd per-link [rfc-7130]

no bfd per-link [rfc-7130]

default bfd per-link [rfc-7130]

Examples
  • These commands enable the BFD per-link function in legacy mode on port-channel 5.
    switch(config)# interface port-channel 5
    switch(config-if-Po5)# bfd per-link
    switch(config-if-Po5)#

  • These commands globally specify a local L3 BFD address for the switch, enable the BFD per-link function in the rfc-7130 mode on port-channel 5, and specify the L3 address of the port channel's BFD neighbor.
    switch(config)# bfd local-address 10.0.0.5
    switch(config)# interface port-channel 5
    switch(config-if-Po5)# bfd per-link rfc-7130
    switch(config-if-Po5)# bfd neighbor 10.0.0.4
    switch(config-if-Po5)#

bfd slow-timer

The bfd slow-timer command configures the minimum reception rate for BFD control packets which will be used if the BFD echo function is enabled. The default value is 2000 milliseconds.

Note: For a BFD session to be established, BFD must be enabled for any routing protocol using BFD for failure detection.

The no bfd slow-timer and default bfd slow-timer commands return the BFD slow-timer to the default value of 2000 milliseconds by removing the corresponding bfd interval command from running-config.

Command Mode

Global Configuration

Command Syntax

bfd slow-timer receive_minimum

no bfd slow-timer

default bfd slow-timer

Parameters

receive_minimum rate in milliseconds at which control packets will be expected when the BFD echo function is enabled. Values range from 2000 to 60000; default value is 2000.

Examples

This command configures BFD to expect control packets from the peer every 10000 milliseconds when the BFD echo function is enabled.
switch(config)# bfd slow-timer 10000
switch(config)#

bfd qos dscp

The bfd qos dscp allows the configuration of the Differentiated Services Code Point (DSCP) for BFD traffic originating from the local switch to take advantage of Quality of Service (QoS) on the network. The no bfd qos dscp and the default bfd qos dscp commands remove the feature from the running-config.

Command Mode

BFD Router Configuration Mode

Command Syntax

qos dscp DSCP_value

Parameter

DSCP_value - Configure a DSCP value from 0 to 63 or the default value of 48.

Example

Use the following commands to set the DSCP value to 25:

switch(config)#router bfd
 switch(config-router-bfd)#qos dscp 25

hardware acceleration disabled

Hardware acceleration is enabled by default on supported platforms and no explicit configuration is needed. Use the hardware acceleration disabled command to disable hardware acceleration.

Command Mode

BFD configuration mode

Command Syntax

hardware acceleration disabled

Example
switch(config-router-bfd)# hardware acceleration disabled

ip ospf neighbor bfd

The ip ospf neighbor bfd command enables Bidirectional Forwarding Detection (BFD) for the Open Shortest Path First protocol (OSPF) on the configuration mode interface regardless of the global settings for the OSPF instance. All OSPF neighbors associated with the interface become BFD peers, and OSPF uses BFD for failure detection.

For OSPF BFD to function on an interface, BFD must also be enabled and configured on that interface using the bfd interval command.

The no ip ospf neighbor bfd command disables OSPF BFD on the interface and terminates all BFD sessions with the interface OSPF peers. The default ip ospf neighbor bfd command causes the interface to follow global OSPF BFD settings configured by the bfd default (OSPF) command.

Command Mode

Interface-Ethernet Configuration

Interface-Port-Channel Configuration

Interface-VLAN Configuration

Command Syntax

ip ospf neighbor bfd

no ip ospf neighbor bfd

default ip ospf neighbor bfd

Examples
  • These commands enable BFD on interface ethernet 3/20.
    switch(config)# interface ethernet 3/20
    switch(config-if-Et3/20)# ip ospf neighbor bfd
    switch(config-if-Et3/20)#

  • These commands cause interface ethernet 3/20 to follow the global OSPF BFD configuration.

    switch(config)# interface ethernet 3/20
    switch(config-if-Et3/20)# default ip ospf neighbor bfd
    switch(config-if-Et3/20)#

isis bfd

The isis bfd command activates the corresponding IS-IS routing instance on the configuration mode interface. By default, the IS-IS routing instance is not enabled on an interface.

The no isis enable and default isis enable commands disable IS-IS on the configuration mode interface by removing the corresponding isis enable command from running-config.

Command Mode

Interface-Ethernet Configuration

Command Syntax

isis bfd

no isis bfd

default isis bfd

Example

These commands enable BFD on IS-IS interfaces.
switch(config)# interface Ethernet 5/6
switch(config-if-Et5/6)# isis bfd
switch(config-if-Et5/6)#

neighbor bfd

The neighbor bfd command enables Bidirectional Forwarding Detection (BFD) for use as a failure detection mechanism for Border Gateway Protocol (BGP) connections to the specified BGP neighbor or peer group.

Once a BFD session is established with a BGP neighbor, if the BFD session goes down the status of the BGP session is changed to down as well.

The no neighbor bfd and default neighbor bfd commands disable BFD for BGP connections to the specified neighbor or peer group by removing the corresponding neighbor bfd command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor NEIGHBOR_ID bfd

no neighbor NEIGHBOR_ID bfd

default neighbor NEIGHBOR_ID bfd

Parameters

NEIGHBOR_ID IP address or peer group name. Values include:
  • ipv4_addr neighbor IPv4 address.
  • ipv6_addr neighbor IPv6 address.
  • group_name peer group name.

Example

These commands enable BFD failure detection for BGP connections with the neighbor at 10.13.64.1.
switch(config)# router bgp 300
switch(config-router-bgp)# neighbor 10.13.64.1 bfd
switch(config-router-bgp)#

pim ipv4 bfd

The pim ipv4 bfd command enables Bidirectional Forwarding Detection (BFD) on the configuration mode interface as a failure detection mechanism for Protocol-Independent Multicast Sparse-Mode (PIM-SM). To enable PIM BFD globally on the switch, use the bfd (Router-PIM Sparse-mode) command. Interface-level settings override the global setting.

When PIM BFD is enabled, a BFD session is created for each PIM-SM neighbor and used to detect a loss of connectivity with the neighbor. PIM-SM hello packets are still exchanged with PIM-SM neighbors when BFD is enabled.

The no pim ipv4 bfd disables PIM BFD on the configuration mode interface regardless of global settings. The default pim ipv4 bfd command causes the configuration mode interface to follow the global setting for PIM BFD by removing the corresponding pim ipv4 bfd statement from running-config.

Command Mode

Interface-Ethernet Configuration

Interface-Port-Channel Configuration I

nterface-VLAN Configuration

Command Syntax

pim ipv4 bfd

no pim ipv4 bfd

default pim ipv4 bfd

Example

These commands configure interface vlan 200 to use BFD for PIM-SM connection failure detection regardless of the global PIM BFD configuration.
switch(config)# interface vlan 200
switch(config-if-VL200)# pim ipv4 bfd
switch(config-if-VL200)#

show bfd hardware acceleration

The show bfd hardware acceleration command displays the status of hardware acceleration on the switch for Bidirectional Forwarding Detection (BFD) session. The show bfd peers detail command displays the status of hardware acceleration.

Command Mode

EXEC

Command Syntax

show bfd hardware acceleration

Examples
  • This command displays the status for hardware acceleration for BFD.
    switch# show bfd hardware acceleration
    Output when hardware acceleration is enabled(default) and running
    Hardware acceleration is running

  • Output when hardware acceleration is disabled with explanation.
    Hardware acceleration is not running: 
    user disabled, no eligible sessions, not supported with SSO

  • Output when hardware acceleration is not supported by switch.
    Hardware acceleration is not supported

show bfd hardware utilization

The show bfd hardware utilization command displays the status of hardware acceleration on the switch for Bidirectional Forwarding Detection (BFD) session.

Command Mode

EXEC

Command Syntax

show bfd hardware utlization [INFO_LEVEL]

Parameters

INFO_LEVEL amount of information that is displayed. Options include:
  • no parameter command displays a summary of offloaded discriminators per ASIC.
  • detail command displays details of the BFD discriminators whose transmit path is offloaded per ASIC.

Examples
  • This command displays a summary of offloaded discriminators per ASIC for BFD.
    switch# show bfd hardware utilization
    Chip Name          Number Of Sessions    Maximum Number Of Sessions
    --------------- ------------------------ --------------------------
    Jericho0                           20                           200
    Jericho1                            0                           200

  • This command displays a details list of offloaded discriminators per ASIC for BFD.
    switch# show bfd hardware utilization detail
    sh bfd hardware utilization detail
    Chip: Jericho0
    Dst Addr             My Disc    Interface           VRF           Type
    -------------- ---------------- ------------------- ------------- ------
    1.1.6.2           3175653802    Ethernet1/1         default       normal
    1.1.3.2           1151992021    Ethernet2/1         default       normal
    
    Chip: Jericho1
    Dst Addr          My Disc    Interface       VRF       Type
    -------------- ------------- --------------- --------- ----

show bfd peers

The show bfd peers command displays information about the neighbors with which the switch currently has a Bidirectional Forwarding Detection (BFD) session.

Command Mode

EXEC

Command Syntax

show bfd peers [INFO_LEVEL]

Parameters

INFO_LEVEL amount of information that is displayed. Options include:
  • no parameter command displays data block for each specified interface.
  • detail command displays table that summarizes interface data.
  • summary displays the summary of the interface.

Display Values
  • DstAddr IP address of the BFD neighbor.
  • MyDisc Local discriminator value of the BFD session.
  • YoDisc Neighbor’s discriminator value for the BFD session.
  • If Interface to which the neighbor is connected.
  • LUp Last up.
  • LDown Last down.
  • Ldiag Diagnostic for the last change in session state.
  • State State of the BFD session.
  • TxInt Transmit interval of the local interface.
  • RxInt Minimum receive interval set on the local interface.
  • Multiplier Local multiplier (number of packets that must be missed to declare session down).
  • Received RxInt Minimum receive interval set on the neighbor interface.
  • Received Multiplier Neighbor’s multiplier (number of packets that must be missed to declare session down).
  • Rx Count BFD control packets transmitted.
  • Tx Count BFD control packets received.
  • Detect Time Total time in milliseconds it takes for BFD to detect connection failure.
  • Registered Protocols Protocols using BFD with this neighbor.

Examples
  • This command displays general information about BFD neighbors.
    switch> show bfd peers
    DstAddr MyDisc YoDisc If LUp LDown Ldiag S
    tate
    10.168.1.56 16 13 et52_1(81) 17151450 0 No
    Diagnostic Up
    10.168.1.58 17 14 et52_2(65) 17151883 0 No
    Diagnostic Up
    10.168.1.24 18 15 et51_1(73) 17152175 0 No
    Diagnostic Up
    10.168.254.6 19 12 vlan4094(26) 17152336 0 No
    Diagnostic Up
    10.168.1.26 20 16 et51_2(57) 17152523 0 No
    Diagnostic Up
    10.168.1.40 21 12 et50_1(77) 17152966 0 No
    Diagnostic Up
    10.168.1.42 22 13 et50_2(61) 17153488 0 No
    Diagnostic Up
    10.168.1.8 27 55 et49_1(69) 26710447 0 No
    Diagnostic Up
    10.168.1.10 28 56 et49_2(53) 26710847 0 No
    Diagnostic Up

  • This command displays detailed information about BFD neighbors.
    switch> show bfd peers detail
    Peer Addr 10.168.1.56, Intf Ethernet52/1, State Up
    VRF default, LAddr 10.168.1.57, LD/RD 16/13
    Last Up 17151450
    Last Down 0
    Last Diag: No Diagnostic
    TxInt: 300, RxInt: 300, Multiplier: 3
    Received RxInt: 300, Received Multiplier: 3
    Rx Count: 433987, Tx Count: 433829
    Detect Time: 900
    Registered protocols: bgp
    
    Peer Addr 10.168.1.58, Intf Ethernet52/2, State Up
    VRF default, LAddr 10.168.1.59, LD/RD 17/14
    Last Up 17151883
    Last Down 0
    Last Diag: No Diagnostic
    TxInt: 300, RxInt: 300, Multiplier: 3
    Received RxInt: 300, Received Multiplier: 3
    Rx Count: 434235, Tx Count: 434050
    Detect Time: 900
    Registered protocols: bgp
    switch>

  • This command displays the currently-configured BFD telemetry interval.
    switch# show bfd peers summary
    Global administrative shutdown:  No
    Configured session stats snapshot interval 10s
    BFD:
    Configured global single hop interval 300ms min_rx 300ms multiplier 3
    Configured global multiple hop interval 300ms min_rx 300ms multiplier 3
    Slow timer: 2000ms
    SBFD:
    IPv4 operational state: globally disabled (Local interface is not configured)
    Configured global initiator tx interval 300ms multiplier 3
    Configured reflector rx interval 300ms
    
    
    Legend:
    *: pseudo LAG session (not counted in total sessions)
    <N>[<M>]:  Number of sessions [ Number of sessions with echo enabled ]
    
    Addressing    Type              Up     Init     Down   AdminDown
    ------------- ----------------- ------ -------- ------ ---------
    All           All               1 [0]   0 [0]   0 [0]  0 [0]
    IPv4          All               1 [0]   0 [0]   0 [0]  0 [0]
     single hop   All               1 [0]   0 [0]   0 [0]  0 [0]
                  normal            1 [0]   0 [0]   0 [0]  0 [0]
                  LAG RFC7130 *     0 [0]   0 [0]   0 [0]  0 [0]
                  micro RFC7130     0 [0]   0 [0]   0 [0]  0 [0]
                  LAG per-link *    0 [0]   0 [0]   0 [0]  0 [0]
                  micro per-link    0 [0]   0 [0]   0 [0]  0 [0]
     multi-hop    multi-hop         0 [0]   0 [0]   0 [0]  0 [0]
    IPv6          All               0 [0]   0 [0]   0 [0]  0 [0]
     single hop   All               0 [0]   0 [0]   0 [0]  0 [0]
                  normal            0 [0]   0 [0]   0 [0]  0 [0]
                  LAG RFC7130 *     0 [0]   0 [0]   0 [0]  0 [0]
                  micro RFC7130     0 [0]   0 [0]   0 [0]  0 [0]
                  LAG per-link *    0 [0]   0 [0]   0 [0]  0 [0]
                  micro per-link    0 [0]   0 [0]   0 [0]  0 [0]
     multi-hop    multi-hop         0 [0]   0 [0]   0 [0]  0 [0]
    Tunnel        VXLAN             0 [0]   0 [0]   0 [0]  0 [0]
    L2            LAG RFC7130 *     0 [0]   0 [0]   0 [0]  0 [0]
                  micro RFC7130     0 [0]   0 [0]   0 [0]  0 [0]
    SR-TE Tunnel  All                  0       0       0      0
      IPv4        nitiator             0       0       0      0
                  Reflector            0       0       0      0
    
      IPv6        Initiator            0       0       0      0
                  Reflector            0       0       0      0

show bfd peers detail

Use the show bfd peers detail to display whether an individual session is hardware accelerated or not.An extra line has been added to to highlight hardware acceleration.

Command Mode

EXEC

Command Syntax

show bfd peers detail

Parameter

detailDisplays a comprehansive view of the individual session.

Guidelines
  • Async On Denotes the Asynchronous Transmit component of the session has been offloaded.
  • Echo On Denotes the Echo Transmit function of the session has been offloaded.

Note: There is no guarantee that both the Asynchronous transmit component and the echo function are offloaded to hardware together.

Example

switch# show bfd peers detail
VRF name: default
-----------------
Peer Addr 10.0.0.2, Intf Ethernet3/1/1, Type normal, State Down
VRF default, LAddr 0.0.0.0, LD/RD 1157402594/0
Session state is Down and not using echo function
Hardware Acceleration: Async On, Echo On

session stats snapshot interval (BFD)

The session stats snapshot interval enables the BFD session telemetry on a switch. By default, this command is disabled and the telemetry interval is set to 0 seconds. A telemetry interval between 10 and 3600 seconds may be configured. A telemetry interval may be configured to a value less than 10 seconds and as small as 1 second using an additional keyword dangerous.

Note: Configurations including a telemetry interval of less than 10 seconds are not advised for systems with a large-scale BFD deployment as this may cause delays in the rbfd kernel module and result in BFD session instability.

The no session stats snapshot interval and default session stats snapshot interval commands disbales the BFD telemetery command from the running-config and sets the telemetry interval is set to 0.

Command Mode

Router BFD Configuration

Command Syntax

session stats snapshot interval timer_interval dangerous

no session stats snapshot interval

default session stats snapshot interval

Parameters

  • timer_interval Session statistics timer interval in seconds between 10-3600.
  • dangerous Set session statistics timer interval less than 10 seconds.

Examples

  • The following commands places the switch in router BFD mode and enables the BFD session telemetry. In this example a BFD telemetry session with a time interval of 10 seconds is configured.
    switch(config)# router bfd 
    switch(config-router-bfd)# session stats snapshot interval 10

  • In this example a BFD telemetry session with a time interval of 1 second is configured using a keyword dangerous.
    switch(config-router-bfd)# session stats snapshot interval dangerous 1

vrrp bfd ip

The vrrp bfd ip command enables and configures Bidirectional Forwarding Detection (BFD) for Virtual Router Redundancy Protocol (VRRP) on the configuration mode interface.

When enabled, BFD provides failure detection for a 2-router VRRP system. When the master is configured with the physical IP address of the backup router, and the backup is configured with the address of the master, a BFD session is established between them. If the BFD session goes down, the backup router immediately assumes the master role.

VRRP master advertisement packets are still sent even when the BFD session is established to accommodate VRRP systems involving more than two routers.

The no vrrp bfd ip and default vrrp bfd ipcommands disable BFD for VRRP on the configuration mode interface by removing the corresponding vrrp bfd ip statement from running-config. The no vrrp command also removes the vrrp bfd ip command for the specified virtual router.

Command Mode

Interface-Ethernet Configuration

Interface-Port-Channel Configuration

Interface-VLAN Configuration

Command Syntax

vrrp group bfd ip ipv4_address

no vrrp group bfd ip

default vrrp group bfd ip

Parameters

  • group virtual router identifier (VRID). Values range from 1 to 255.
  • ipv4_address IPv4 address of the other VRRP router. On the master router, enter the physical IP address of the backup; on the backup, enter the physical IP address of the master.

Example

These commands enable BFD on interface ethernet 3/20 for VRRP ID 15 with a connection to a router at IP address 192.168.2.1.
switch(config)# interface ethernet 3/20
switch(config-if-Et3/20)# vrrp 15 bfd ip 192.168.2.1
switch(config-if-Et3/20)#