|
|
![]() |
NOTE: BFD is intended for use only on v3 modules. |
|
Bidirectional Forwarding Detection (BFD) is a low-overhead, short-duration method for detection of failures in the path between adjacent forwarding engines, including the interfaces, data link(s), and, to the extent possible, the forwarding engines themselves. It also provides a single mechanism that can be used for liveness detection between a pair of devices over any media, at any protocol layer, with a wide range of Detection Times and overhead, to avoid proliferation of different methods.
Asynchronous mode:In Asynchronous mode, an operating device periodically sends BFD control packets. If the device does not receive BFD control packet from the peer within the specified interval, it tears down the BFD session.
Echo mode: In Echo mode, an operating device periodically sends BFD echo packets. The peer device returns the received BFD echo packets back without processing them. If the sending device does not receive BFD echo packet from the peer within the specified interval, the session is considered down.
All configuration commands described in this section belong to VLAN context. That is, the configuration will be applied to all the sessions under the VLAN identified by the VLAN ID.
This command helps to assign the minimum transmit interval and minimum receive interval in the range 1 to 20 seconds. Detect multiplier value is assigned as a number between 1 and 5. By default, the minimum transmit and receive interval is 3 seconds and multiplier value is 5.
Syntax
Description
Configure Bidirectional Forwarding Detection (BFD) for the VLAN.
Options
Update the minimum echo receive interval of the BFD session. |
|
Configure authentication mode and key for all BFD sessions under the current VLAN. |
Syntax
Description
Update BFD timer intervals for all the sessions under the current VLAN.
Options
|
|
![]() |
NOTE:
|
|
Set intervals configuration
; J9850A Configuration Editor; Created on release #KB.16.02.0000x ; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d hostname "HP-5406Rzl2" module A type j9989a module C type j9550a module F type j9987a snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A2-A24,C1-C24,F1-F24 ip address dhcp-bootp exit ip routing router ospf area 0.0.0.2 area 0.0.0.3 area backbone enable exit bfd enable bfd echo-src-ip-address 2.2.2.2 vlan 20 untagged A1 bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3 ip address 100.100.100.100 255.255.255.0 ip ospf 100.100.100.100 area backbone ip ospf 100.100.100.100 bfd exit
Switch# show bfd-session 1 BFD Session Information – Session 1 Min Tx Interval (sec) : 10 Min Rx Interval (sec) : 10 Min Echo Rx Interval (msec) : 500 Detect Multiplier : 3 Authentication Mode : NONE Password : "" Application : OSPF Local Discriminator : 1 Remote Discriminator : 1 Echo : Enabled Local Diagnostic : No diagnostics configured. VLAN Source IP Destination IP State Pkt In Pkt Drop Pkt Out ---- ------------ --------------- ------ ------ ------- ------ 20 100.100.100.100 100.100.100.101 Up 322 0 320
This command helps to assign the minimum receive interval of echo session, either 0 or in the range 50 to 1000 milliseconds. The default interval is 500 milliseconds. Zero indicates that the local end is not interested in receiving echo packets from the peer.
Syntax
Description
Update the minimum receive interval for echo packets of all the sessions under the current VLAN. When minimum echo receive interval is set to 0 milliseconds for the BFD session under OSPF, incoming BFD echo packets are not processed. When minimum echo receive interval is set to 0 milliseconds for the BFD session under VRRP, the default interval 500 milliseconds is considered.
Options
Echo intervals configuration
; J9850A Configuration Editor; Created on release #KB.16.02.0000x ; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d hostname "HP-5406Rzl2" module A type j9989a module C type j9550a module F type j9987a snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A2-A24,C1-C24,F1-F24 ip address dhcp-bootp exit ip routing router ospf area 0.0.0.2 area 0.0.0.3 area backbone enable exit bfd enable bfd echo-src-ip-address 2.2.2.2 vlan 20 untagged A1 bfd min-echo-receive-interval 700 ip address 100.100.100.100 255.255.255.0 ip ospf 100.100.100.100 area backbone ip ospf 100.100.100.100 bfd exit
Switch# show bfd-session 1 BFD Session Information – Session 1 Min Tx Interval (sec) : 3 Min Rx Interval (sec) : 3 Min Echo Rx Interval (msec) : 700 Detect Multiplier : 5 Authentication Mode : NONE Password : "" Application : OSPF Local Discriminator : 1 Remote Discriminator : 1 Echo : Enabled Local Diagnostic : No diagnostics configured. VLAN Source IP Destination IP State Pkt In Pkt Drop Pkt Out ---- ------------ --------------- ----- ------ ------- ------- 20 100.100.100.100 100.100.100.101 Up 322 0 320
This command helps to enable BFD under Open Shortest Path First (OSPF) for a particular IP (VLAN specific). When OSPF adjacency with a neighbor attains state FULL, BFD is informed to create a session in asynchronous mode. After the BFD session is UP, echo is enabled for the session.
Syntax
Description
Enable BFD in OSPF for VLAN specific IP address.
Options
Specify the IP address of VLAN for which BFD has to be enabled. |
|
Configure Bidirectional Forwarding Detection (BFD) for the VLAN. |
|
|
![]() |
NOTE: Both end-points hosting the BFD sessions must be on the same network segment and in the same area. |
|
Enable BFD under OSPF configuration
; J9850A Configuration Editor; Created on release #KB.16.02.0000x ; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d hostname "HP-5406Rzl2" module A type j9989a module C type j9550a module F type j9987a snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A2-A24,C1-C24,F1-F24 ip address dhcp-bootp exit ip routing router ospf area 0.0.0.2 area 0.0.0.3 area backbone enable exit bfd enable bfd echo-src-ip-address 2.2.2.2 vlan 20 untagged A1 bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3 bfd min-echo-receive-interval 700 ip address 100.100.100.100 255.255.255.0 ip ospf 100.100.100.100 area backbone ip ospf 100.100.100.100 bfd exit
Switch# show bfd-session 1 BFD Session Information – Session 1 Min Tx Interval (sec) : 10 Min Rx Interval (sec) : 10 Min Echo Rx Interval (msec) : 700 Detect Multiplier : 3 Authentication Mode : NONE Password : "" Application : OSPF Local Discriminator : 1 Remote Discriminator : 1 Echo : Enabled Local Diagnostic : No diagnostics configured. VLAN Source IP Destination IP State Pkt In Pkt Drop Pkt Out ---- ------------ --------------- ----- ------ ------- ------- 20 100.100.100.100 100.100.100.101 Up 322 0 320
This command allows the user to enable BFD under Virtual Router Redundancy Protocol (VRRP). BFD asynchronous mode is not supported for VRRP. Only an echo session will be initiated from VRRP backup to the VRRP master for a given VR instance in a given VLAN.
Syntax
Description
Enable BFD in VRRP for VLAN specific IP address.
Options
Configure Bidirectional Forwarding Detection (BFD) for the VLAN. |
|
Configure the IP address of the peer to enable BFD for the VR. |
|
|
![]() |
NOTE: BFD for VRRP is applicable only for two-router redundant systems. Only one BFD-VRRP session will be maintained for the multiple VRIDs configured on any specific VLAN. BFD-VRRP session is unique for multiple VRIDs enabled with BFD. |
|
Enable BFD under VRRP Configuration
; J9850A Configuration Editor; Created on release #KB.16.02.0000x ; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d hostname "HP-5406Rzl2" module A type j9989a module C type j9550a module F type j9987a snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A2-A24,C1-C24,F1-F24 ip address dhcp-bootp exit ip routing router vrrp ipv4 enable exit bfd enable bfd echo-src-ip-address 2.2.2.2 vlan 10 untagged A2 bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3 bfd min-echo-receive-interval 700 ip address 100.100.100.100 255.255.255.0 vrrp vrid 7 virtual-ip-address 100.100.100.102 priority 255 bfd 100.100.100.102 enable exit exit
HP-5412Rzl2# sh bfd Bidirectional Forwarding Detection (BFD) Information Admin Status : Enabled Echo source IP : 2.2.2.2 Global Statistics: Total Number of Control Packets Transmitted : 5 Total Number of Control Packets Received : 5 Total Number of Control Packets Dropped : 0 Session VLAN SourceIP DestIP Echo State Application ------ ----- -------------- -------------- ----- ----- ----------- 1 10 100.100.100.100 100.100.100.102 Enabled Up VRRP
This command allows to specify authentication mode and key to be shared with BFD peer for all sessions under VLAN context.
Syntax
Description
Configure authentication mode and key for all BFD sessions under the current VLAN.
Options
Password will be prompted interactively as above and set the entered value in the configuration.
Simple password
HP-5406Rzl2(vlan-10)# bfd authentication keyed-sha1 1 key simple Enter password#: ****** Re-enter password#: ******
Without include or encrypt credentials:
; J9850A Configuration Editor; Created on release #KB.16.02.0000x ; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d hostname "HP-5406Rzl2" module A type j9989a module C type j9550a module F type j9987a snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A2-A24,C1-C24,F1-F24 ip address dhcp-bootp exit ip routing router ospf area 0.0.0.2 area 0.0.0.3 area backbone enable exit bfd enable bfd echo-src-ip-address 2.2.2.2 vlan 20 untagged A1 bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3 bfd min-echo-receive-interval 700 bfd authentication meticulous-Keyed-sha1 1 key simple ip address 100.100.100.100 255.255.255.0 ip ospf 100.100.100.100 area backbone ip ospf 100.100.100.100 bfd exit
; J9850A Configuration Editor; Created on release #KB.16.02.0000x ; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d hostname "HP-5406Rzl2" module A type j9989a module C type j9550a module F type j9987a include-credentials snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A2-A24,C1-C24,F1-F24 ip address dhcp-bootp exit ip routing router ospf area 0.0.0.2 area 0.0.0.3 area backbone enable exit bfd enable bfd echo-src-ip-address 2.2.2.2 vlan 20 untagged A1 bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3 bfd min-echo-receive-interval 700 bfd authentication meticulous-Keyed-sha1 1 key simple “hp1234” ip address 100.100.100.100 255.255.255.0 ip ospf 100.100.100.100 area backbone ip ospf 100.100.100.100 bfd exit
With Include and Encrypt credentials:
; J9850A Configuration Editor; Created on release #KB.16.02.0000x ; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d hostname "HP-5406Rzl2" module A type j9989a module C type j9550a module F type j9987a encrypt-credentials include-credentials snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A2-A24,C1-C24,F1-F24 ip address dhcp-bootp exit ip routing router ospf area 0.0.0.2 area 0.0.0.3 area backbone enable exit bfd enable bfd echo-src-ip-address 2.2.2.2 vlan 20 untagged A1 bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3 bfd min-echo-receive-interval 700 bfd authentication meticulous-Keyed-sha1 1 key simple aH4ihIbkKOGNXpHneZEJqVRuqiqYDxOhLCh0TDtPjUA=" ip address 100.100.100.100 255.255.255.0 ip ospf 100.100.100.100 area backbone ip ospf 100.100.100.100 bfd exit
How to input encrypted password
HP-5406Rzl2(vlan-20)# bfd authentication keyed-sha1 2 key encrypted aH4ihIbkKOGNXpHneZEJqVRuqiqYDxOhLCh0TDtPjUA= HP-5406Rzl2(vlan-20)# exit ; J9850A Configuration Editor; Created on release #KB.16.02.0000x ; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d hostname "HP-5406Rzl2 module A type j9989a module C type j9550a module F type j9987a include-credentials snmp-server community "public" unrestricted oobm ip address dhcp-bootp exit vlan 1 name "DEFAULT_VLAN" untagged A2-A24,C1-C24,F1-F24 ip address dhcp-bootp exit ip routing router ospf area 0.0.0.2 area 0.0.0.3 area backbone enable exit bfd enable bfd echo-src-ip-address 2.2.2.2 vlan 20 untagged A1 bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3 bfd min-echo-receive-interval 700 bfd authentication meticulous-Keyed-sha1 1 key simple "aH4ihIbkKOGNXpHneZEJqVRuqiqYDxOhLCh0TDtPjUA=" ip address 100.100.100.100 255.255.255.0 ip ospf 100.100.100.100 area backbone ip ospf 100.100.100.100 bfd exit
Supported BFD authentication modes
As per section 6.7 of RFC 5880, “implementations supporting authentication MUST support both types of SHA1 authentication. Other forms of authentication are optional.” For the first release, only Keyed SHA1 and Meticulous Keyed SHA1 authentication schemes will be supported as per the RFC requirement.
Multiple authentication keys on a specific VLAN can not be configured. Each VLAN can have only one Authentication key to be configured.