Bidirectional Forwarding Detection (BFD)


	NOTE: BFD is intended for use only on v3 modules.

Bidirectional Forwarding Detection (BFD) is a low-overhead, short-duration method for detection of failures in the path between adjacent forwarding engines, including the interfaces, data link(s), and, to the extent possible, the forwarding engines themselves. It also provides a single mechanism that can be used for liveness detection between a pair of devices over any media, at any protocol layer, with a wide range of Detection Times and overhead, to avoid proliferation of different methods.

Asynchronous mode:In Asynchronous mode, an operating device periodically sends BFD control packets. If the device does not receive BFD control packet from the peer within the specified interval, it tears down the BFD session.

Echo mode: In Echo mode, an operating device periodically sends BFD echo packets. The peer device returns the received BFD echo packets back without processing them. If the sending device does not receive BFD echo packet from the peer within the specified interval, the session is considered down.

Commands

Per-session command VLAN

All configuration commands described in this section belong to VLAN context. That is, the configuration will be applied to all the sessions under the VLAN identified by the VLAN ID.

Set intervals

This command helps to assign the minimum transmit interval and minimum receive interval in the range 1 to 20 seconds. Detect multiplier value is assigned as a number between 1 and 5. By default, the minimum transmit and receive interval is 3 seconds and multiplier value is 5.

Syntax

bfd authentication | min-echo-receive-interval | min-transmit-interval

Description

Configure Bidirectional Forwarding Detection (BFD) for the VLAN.

Options

min-transmit-interval	Update the minimum transmit interval of the BFD session.
min-echo-receive-interval	Update the minimum echo receive interval of the BFD session.
authentication	Configure authentication mode and key for all BFD sessions under the current VLAN.

Syntax

bfd min-transmit-interval TXSECONDS min-receive-interval RXSECONDS detect-multiplierMULTIPLIER

Description

Update BFD timer intervals for all the sessions under the current VLAN.

Options

min-transmit-interval	Update the minimum transmit interval of the BFD session.
min-receive-interval	Update the minimum receive interval of the BFD session.
detect-multiplier	Update the detect multiplier count of the BFD session.
txseconds	The time interval, in the range 1 to 20 seconds, between the transmission of two BFD hello packets.
rxseconds	The time interval, in the range 0 to 20 seconds, between the reception of two BFD hello packets. 0 indicates the local end is not interested in receiving hello packets from the peer.
multiplier	Number of BFD packets, in the range 1 to 5, that are allowed to be missed before BFD session times out.


	NOTE: If `min-transmit-interval` or `min-receive-interval` value is configured as 1 sec, the value of detect multiplier should be at least 3. If detect multiplier value is 1, the value of `min-transmit-interval` and `min-receive-interval` should be at least 3 sec.

Set intervals configuration

; J9850A Configuration Editor; Created on release #KB.16.02.0000x
; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d
hostname "HP-5406Rzl2"
module A type j9989a
module C type j9550a
module F type j9987a
snmp-server community "public" unrestricted
oobm
     ip address dhcp-bootp
     exit
vlan 1
    name "DEFAULT_VLAN"
    untagged A2-A24,C1-C24,F1-F24
    ip address dhcp-bootp
    exit
ip routing
router ospf
    area 0.0.0.2
    area 0.0.0.3
    area backbone
    enable
    exit
bfd enable
bfd echo-src-ip-address 2.2.2.2
vlan 20
  untagged A1
    bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3
    ip address 100.100.100.100 255.255.255.0
    ip ospf 100.100.100.100 area backbone
    ip ospf 100.100.100.100 bfd
    exit

Show BFD session

Switch# show bfd-session 1

BFD Session Information – Session 1

   Min Tx Interval (sec)       : 10                 
   Min Rx Interval (sec)       : 10
   Min Echo Rx Interval (msec) : 500               
   Detect Multiplier           : 3                 
   Authentication Mode         : NONE                     
   Password                    : ""                    
   Application                 : OSPF       
   Local Discriminator         : 1          
   Remote Discriminator        : 1          
   Echo                        : Enabled  
   Local Diagnostic            : No diagnostics configured.        

   VLAN Source IP    Destination IP  State Pkt In Pkt Drop Pkt Out 
   ---- ------------ ---------------  ------ ------ ------- ------
   20   100.100.100.100 100.100.100.101 Up  322      0      320

Echo intervals

This command helps to assign the minimum receive interval of echo session, either 0 or in the range 50 to 1000 milliseconds. The default interval is 500 milliseconds. Zero indicates that the local end is not interested in receiving echo packets from the peer.

Syntax

bfd min-echo-receive-interval MILLISECONDS

Description

Update the minimum receive interval for echo packets of all the sessions under the current VLAN. When minimum echo receive interval is set to 0 milliseconds for the BFD session under OSPF, incoming BFD echo packets are not processed. When minimum echo receive interval is set to 0 milliseconds for the BFD session under VRRP, the default interval 500 milliseconds is considered.

Options

min-echo-receive-interval	Update minimum echo interval of the BFD session.
milliseconds	The time interval, either 0 or in the range 50 to 1000 milliseconds, between the reception of two BFD echo packets. 0 indicates that the local end is not interested in receiving echo packets from the peer.

Echo intervals configuration

; J9850A Configuration Editor; Created on release #KB.16.02.0000x
; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d
hostname "HP-5406Rzl2"
module A type j9989a
module C type j9550a
module F type j9987a
snmp-server community "public" unrestricted
oobm
  ip address dhcp-bootp
    exit
vlan 1
  name "DEFAULT_VLAN"
    untagged A2-A24,C1-C24,F1-F24
    ip address dhcp-bootp
    exit
ip routing
router ospf
  area 0.0.0.2
    area 0.0.0.3
    area backbone
    enable
    exit
bfd enable
bfd echo-src-ip-address 2.2.2.2
vlan 20
  untagged A1
    bfd min-echo-receive-interval 700
    ip address 100.100.100.100 255.255.255.0
    ip ospf 100.100.100.100 area backbone
    ip ospf 100.100.100.100 bfd
    exit

Show BFD-session

Switch# show bfd-session 1

BFD Session Information – Session 1

 Min Tx Interval (sec)       : 3                 
 Min Rx Interval (sec)       : 3                 
 Min Echo Rx Interval (msec) : 700               
 Detect Multiplier           : 5                 
 Authentication Mode         : NONE                     
 Password                    : ""                    
 Application                 : OSPF       
 Local Discriminator         : 1          
 Remote Discriminator        : 1          
 Echo                        : Enabled  
 Local Diagnostic            : No diagnostics configured.

VLAN Source IP     Destination IP  State Pkt In Pkt Drop Pkt Out
---- ------------ ---------------   ----- ------ ------- -------
20    100.100.100.100 100.100.100.101 Up    322      0        320

Enable BFD under OSPF

This command helps to enable BFD under Open Shortest Path First (OSPF) for a particular IP (VLAN specific). When OSPF adjacency with a neighbor attains state FULL, BFD is informed to create a session in asynchronous mode. After the BFD session is UP, echo is enabled for the session.

Syntax

[no] ip ospf IP-ADDR bfd

Description

Enable BFD in OSPF for VLAN specific IP address.

Options

IP-ADDR	Specify the IP address of VLAN for which BFD has to be enabled.
BFD	Configure Bidirectional Forwarding Detection (BFD) for the VLAN.


	NOTE: Both end-points hosting the BFD sessions must be on the same network segment and in the same area.

Enable BFD under OSPF configuration

; J9850A Configuration Editor; Created on release #KB.16.02.0000x
; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d
hostname "HP-5406Rzl2"
module A type j9989a
module C type j9550a
module F type j9987a
snmp-server community "public" unrestricted
oobm
   ip address dhcp-bootp
   exit
vlan 1
 name "DEFAULT_VLAN"
 untagged A2-A24,C1-C24,F1-F24
 ip address dhcp-bootp
 exit
ip routing
router ospf
 area 0.0.0.2
 area 0.0.0.3
 area backbone
 enable
 exit
bfd enable
bfd echo-src-ip-address 2.2.2.2
vlan 20
 untagged A1
 bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3
 bfd min-echo-receive-interval 700
 ip address 100.100.100.100 255.255.255.0
 ip ospf 100.100.100.100 area backbone
 ip ospf 100.100.100.100 bfd
 exit

Show BFD-session

Switch# show bfd-session 1

BFD Session Information – Session 1
  
  Min Tx Interval (sec)       : 10                 
  Min Rx Interval (sec)       : 10                 
  Min Echo Rx Interval (msec) : 700               
  Detect Multiplier           : 3                 
  Authentication Mode         : NONE                     
  Password                    : ""                    
  Application                 : OSPF       
  Local Discriminator         : 1          
  Remote Discriminator        : 1          
  Echo                        : Enabled  
  Local Diagnostic            : No diagnostics configured.        
  
  VLAN Source IP    Destination IP  State Pkt In Pkt Drop Pkt Out 
  ---- ------------ ---------------   ----- ------ ------- -------
  20    100.100.100.100 100.100.100.101 Up    322      0   320

Enable BFD under VRRP

This command allows the user to enable BFD under Virtual Router Redundancy Protocol (VRRP). BFD asynchronous mode is not supported for VRRP. Only an echo session will be initiated from VRRP backup to the VRRP master for a given VR instance in a given VLAN.

Syntax

[no] vrrp vrid VR-ID bfd IP-ADDR

Description

Enable BFD in VRRP for VLAN specific IP address.

Options

BFD	Configure Bidirectional Forwarding Detection (BFD) for the VLAN.
IP-ADDR	Configure the IP address of the peer to enable BFD for the VR.


	NOTE: BFD for VRRP is applicable only for two-router redundant systems. Only one BFD-VRRP session will be maintained for the multiple VRIDs configured on any specific VLAN. BFD-VRRP session is unique for multiple VRIDs enabled with BFD.

Enable BFD under VRRP Configuration

; J9850A Configuration Editor; Created on release #KB.16.02.0000x
; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d
hostname "HP-5406Rzl2"
module A type j9989a
module C type j9550a
module F type j9987a
snmp-server community "public" unrestricted
oobm
 ip address dhcp-bootp
 exit
vlan 1
 name "DEFAULT_VLAN"
 untagged A2-A24,C1-C24,F1-F24
 ip address dhcp-bootp
 exit
ip routing
router vrrp
 ipv4 enable
 exit
bfd enable
bfd echo-src-ip-address 2.2.2.2
vlan 10
 untagged A2
 bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3
 bfd min-echo-receive-interval 700
 ip address 100.100.100.100 255.255.255.0
 vrrp vrid 7
  virtual-ip-address 100.100.100.102
  priority 255
  bfd 100.100.100.102
  enable
  exit
  exit

Show BFD

HP-5412Rzl2# sh bfd

Bidirectional Forwarding Detection (BFD) Information

 Admin Status   : Enabled
  Echo source IP : 2.2.2.2

 Global Statistics:
  Total Number of Control Packets Transmitted  : 5
  Total Number of Control Packets Received     : 5
  Total Number of Control Packets Dropped      : 0

Session VLAN SourceIP       DestIP          Echo  State Application
------ ----- -------------- --------------  ----- ----- -----------
1        10  100.100.100.100 100.100.100.102 Enabled Up  VRRP

HP-Switch-5412Rzl2# show bfd 1                                                        

 BFD Session Information

  Min Echo Rx(in msecs) : 700               

  Session VLAN Source IP       Destination IP  Echo     State      Application
  ------- ---- --------------- --------------- -------- ---------- -----------
  1        10  100.100.100.100  100.100.100.102    Enabled  Up         VRRP

Set BFD authentication mode and password

This command allows to specify authentication mode and key to be shared with BFD peer for all sessions under VLAN context.

Syntax

[no] bfd authentication keyed-sha1 | meticulous-Keyed-sha1 KEY-ID key simple | encrypted password

Description

Configure authentication mode and key for all BFD sessions under the current VLAN.

Options

BFD	Configure Bidirectional Forwarding Detection (BFD) for the VLAN.
authentication	Configure authentication mode and key for all BFD sessions under the current VLAN.
Keyed-sha1	Use authentication mode SHA-1.
Meticulous keyed-sha1	Use authentication mode meticulous SHA-1.
Key-id	Specify the ID, in the range 0 to 255, to uniquely recognize a key.
key	Enter the password to be shared between BFD peers.
simple	Configure the authentication password using a plaintext string.
encrypted	Configure the authentication password using a pre-encrypted string copied from a compatible HP networking device.

Password will be prompted interactively as above and set the entered value in the configuration.

Simple password

HP-5406Rzl2(vlan-10)# bfd authentication keyed-sha1 1 key simple
Enter password#: ******
Re-enter password#: ******

Without include or encrypt credentials:

; J9850A Configuration Editor; Created on release #KB.16.02.0000x
; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d
hostname "HP-5406Rzl2"
module A type j9989a
module C type j9550a
module F type j9987a
snmp-server community "public" unrestricted
oobm
  ip address dhcp-bootp
  exit
vlan 1
  name "DEFAULT_VLAN"
  untagged A2-A24,C1-C24,F1-F24
  ip address dhcp-bootp
  exit
ip routing
router ospf
  area 0.0.0.2
  area 0.0.0.3
  area backbone
  enable
  exit
bfd enable
bfd echo-src-ip-address 2.2.2.2
vlan 20
  untagged A1
    bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3
    bfd min-echo-receive-interval 700
    bfd authentication meticulous-Keyed-sha1 1 key simple
   ip address 100.100.100.100 255.255.255.0
    ip ospf 100.100.100.100 area backbone
    ip ospf 100.100.100.100 bfd
    exit

With include credentials:

; J9850A Configuration Editor; Created on release #KB.16.02.0000x
; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d
hostname "HP-5406Rzl2"
module A type j9989a
module C type j9550a
module F type j9987a
include-credentials
snmp-server community "public" unrestricted
oobm
  ip address dhcp-bootp
  exit
vlan 1
  name "DEFAULT_VLAN"
  untagged A2-A24,C1-C24,F1-F24
  ip address dhcp-bootp
  exit
ip routing
router ospf
  area 0.0.0.2
  area 0.0.0.3
  area backbone
  enable
  exit
bfd enable
bfd echo-src-ip-address 2.2.2.2
vlan 20
  untagged A1
    bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3
   bfd min-echo-receive-interval 700
    bfd authentication meticulous-Keyed-sha1 1 key simple “hp1234”
    ip address 100.100.100.100 255.255.255.0
    ip ospf 100.100.100.100 area backbone
    ip ospf 100.100.100.100 bfd
    exit

With Include and Encrypt credentials:

; J9850A Configuration Editor; Created on release #KB.16.02.0000x
; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d
hostname "HP-5406Rzl2"
module A type j9989a
module C type j9550a
module F type j9987a
encrypt-credentials
include-credentials
snmp-server community "public" unrestricted
oobm
  ip address dhcp-bootp
  exit
vlan 1
  name "DEFAULT_VLAN"
  untagged A2-A24,C1-C24,F1-F24
  ip address dhcp-bootp
  exit
ip routing
router ospf
  area 0.0.0.2
  area 0.0.0.3
  area backbone
  enable
  exit
bfd enable
bfd echo-src-ip-address 2.2.2.2
vlan 20
  untagged A1
    bfd min-transmit-interval 10 min-receive-interval 10 
   detect-multiplier 3
   bfd min-echo-receive-interval 700
    bfd authentication meticulous-Keyed-sha1 1 key simple
   aH4ihIbkKOGNXpHneZEJqVRuqiqYDxOhLCh0TDtPjUA="
    ip address 100.100.100.100 255.255.255.0
    ip ospf 100.100.100.100 area backbone
    ip ospf 100.100.100.100 bfd
    exit

How to input encrypted password

HP-5406Rzl2(vlan-20)# bfd authentication keyed-sha1 2 key encrypted 
aH4ihIbkKOGNXpHneZEJqVRuqiqYDxOhLCh0TDtPjUA=
HP-5406Rzl2(vlan-20)# exit

; J9850A Configuration Editor; Created on release #KB.16.02.0000x
; Ver #0b:fc.59.f4.7b.ff.ff.fc.ff.ff.3f.ef:0d
hostname "HP-5406Rzl2
module A type j9989a
module C type j9550a
module F type j9987a
include-credentials
snmp-server community "public" unrestricted
oobm
  ip address dhcp-bootp
  exit
vlan 1
  name "DEFAULT_VLAN"
  untagged A2-A24,C1-C24,F1-F24
  ip address dhcp-bootp
  exit
ip routing
router ospf
  area 0.0.0.2
  area 0.0.0.3
  area backbone
  enable
  exit
bfd enable
bfd echo-src-ip-address 2.2.2.2
vlan 20
  untagged A1
    bfd min-transmit-interval 10 min-receive-interval 10 detect-multiplier 3
   bfd min-echo-receive-interval 700
    bfd authentication meticulous-Keyed-sha1 1 key simple 
   "aH4ihIbkKOGNXpHneZEJqVRuqiqYDxOhLCh0TDtPjUA="
    ip address 100.100.100.100 255.255.255.0
    ip ospf 100.100.100.100 area backbone
    ip ospf 100.100.100.100 bfd
    exit

Design considerations for BFD authentication

Supported BFD authentication modes

As per section 6.7 of RFC 5880, “implementations supporting authentication MUST support both types of SHA1 authentication. Other forms of authentication are optional.” For the first release, only Keyed SHA1 and Meticulous Keyed SHA1 authentication schemes will be supported as per the RFC requirement.

Multiple authentication keys on a specific VLAN can not be configured. Each VLAN can have only one Authentication key to be configured.

prev		next
Troubleshooting BGP	home	Configuration Requirements