Fortinet white logo
Fortinet white logo

Handbook

6.0.0

Dynamic routing terminology

Dynamic routing terminology

Dynamic routing is a complex subject. There are many routers on different networks and all of them can be configured differently. It's more complicated by the fact that each routing protocol has different names for similar features, as well as many features that you can configure for each protocol.

To better understand dynamic routing, the following sections provide explanations on common dynamic routing terms.

For more details about a term, as it applies to a dynamic routing protocol, see BGP, RIP, and OSPF.

Aggregated routes and addresses

Just as an aggregate interface combines multiple interfaces into one virtual interface, an aggregate route combines multiple routes into one route. This reduces the amount of space those routes require in the routing tables of the routers along that route. The trade-off is a small amount of processing to aggregate and de-aggregate the routes at either end.

The benefit of this method is that you can combine many addresses into one, potentially reducing the routing table size immensely. The weakness of this method is if there are holes in the address range you are aggregating, you need to decide if it is better to break it into multiple ranges, or accept the possibility of failed routes to the missing addresses.

For information about aggregated routes in BGP, see BGP.

To manually aggregate the range of IP addresses from 192.168.1.100 to 192.168.1.103:
  1. Convert the addresses to binary:
  2. 192.168.1.100 = 11000000 10101000 00000001 01100100

    192.168.1.101 = 11000000 10101000 00000001 01100101

    192.168.1.102 = 11000000 10101000 00000001 01100110

    192.168.1.103 = 11000000 10101000 00000001 01100111

  3. Determine the maximum number of matching bits common to the addresses.
  4. There are 30 bits in common, with only the last 2 bits being different.

  5. Record the common part of the address:
  6. 11000000 10101000 00000001 0110010X = 192.168.1.100

  7. For the netmask, assume all the bits in the netmask are 1, except those that are different (which are 0):
  8. 11111111 11111111 11111111 11111100 = 255.255.255.252

  9. Combine the common address bits and the netmask:
  10. 192.168.1.100/255.255.255.252

    Alternately, the IP mask may be written as a single number:

    192.168.1.100/2

  11. As required, set variables and attributes to declare that the routes have been aggregated, and which router did the aggregating.

Autonomous system

An Autonomous System (AS) is one or more connected networks that use the same routing protocol, and appear to be a single unit to any externally connected networks. For example, an ISP may have a number of customer networks connected to it, but to any networks connected externally to the ISP, it appears as one system or AS. An AS may also be referred to as a routing domain.

It should be noted that while OSPF routing takes place within one AS, the only part of OSPF that deals with the AS is the AS border router (ASBR).

There are multiple types of ASs, which are defined by how they are connected to other ASs. A multihomed AS is connected to at least two other ASs and has the benefit of redundancy. If one of those ASs goes down, your AS can still reach the Internet through its other connection. A stub AS has only one connection and can be useful in specific configurations where limited access is desirable.

Each AS has a number assigned to it, known as an ASN. In an internal network, you can assign any ASN you like (a private AS number), but for networks connected to the Internet (public AS), you need to have an officially registered ASN from the Internet Assigned Numbers Authority (IANA). ASNs from 1 to 64,511 are designated for public use.

NAs of January 2010, AS numbers are 4 bytes long, instead of the former 2 bytes. RFC 4893 introduced 32-bit ASNs, which FortiGate support for BGP and OSPF.

Do you need your own AS?

The main factors in deciding if you need your own AS, or if you should be part of someone else’s are:

  • Exchanging external routing information
  • Many prefixes should exist in one AS as long as they use the same routing policy
  • When you use a different routing protocol than your border gateway peers. For example, your ISP uses BGP and you use OSPF.
  • Connected to many other ASs (multihomed)

You shouldn't create an AS for each prefix on your network. You also shouldn't be forced into an AS just so someone else can make AS-based policy decisions on your traffic.

There can be only one AS for any prefix on the Internet. This is to prevent routing issues.

What AS number should you use?

In addition to overseeing IP address allocation and Domain Name Systems (DNS), the Internet Assigned Numbers Authority (IANA) assigns public AS numbers. The public AS numbers range from 1 to 64,511. The ASNs 0, 54272 to 64511, and 65535 are reserved by the IANA and shouldn't be used.

ASNs are assigned in blocks by the Internet Assigned Numbers Authority (IANA) to Regional Internet Registries (RIR), who then assign ASNs to companies within the geographic area of the RIR. These companies are usually ISPs, and to receive an ASN you must complete the application process of the local RIR and be approved before being assigned an ASN. The following table shows the names and regions of the RIRs:

AFRINIC

Serves the African continent

APNIC

Asia-Pacific, including China, India, and Japan

ARIN

American registry, including Canada and United States

LACNIC

Latin America, including Mexico, Caribbean, Central and South America

RIPE NCC

Europe, the Middle East,the former USSR, and parts of Central Asia

AS numbers from 64512 to 65534 are reserved for private use. Private AS numbers can be used for any internal networks with no outside connections to the Internet, such as test networks, classroom labs, and other internal-only networks that don't access the outside world. You can also configure border routers to filter out any private ASNs before routing traffic to the outside world. If you must use private ASNs with public networks, this is the only way to configure them. However, it's risky because many other private networks could be using the same ASNs and conflicts could happen. It would be like your local 192.168.0.0 network being made public and the resulting problems would be widespread.

In 1996, when RFC 1930 was written, only 5,100 ASs had been allocated and a little under 600 ASs were actively routed in the global Internet. Since that time, many more public ASNs have been assigned, leaving only a small number. For this reason 32-bit ASNs (four-octet ASNs) were defined to provide more public ASNs. RFC 4893 defines 32-bit ASNs, and a FortiGate supports these larger ASNs.

Area border router

Routers within an AS advertise updates internally and only to each other. However, routers on the edge of the AS must communicate both with routers inside their AS and routers external to their AS, which are often running a different routing protocol. These routers are called Area Border Routers (ABRs) or edge routers. ABRs often run multiple routing protocols in order to redistribute traffic between different ASs that are running different protocols, such as the edge between an ISP’s IS-IS routing network and a large company’s OSPF network.

OSPF defines ABRs differently from other routers. In OSPF, an ABR is an OSPF router that connects another AS to the backbone AS, and is a member of all the areas it connects to. An OSPF ABR maintains an LSA database for each area that it's connected to. The concept of the edge router is present, but it's the edge of the backbone instead of the edge of the OSPF supported ASs.

Neighbor routers

Routing involves routers communicating with each other. To do this, routers need to know information about each other. These routers are called neighbor routers and are configured in each routing protocol. Each neighbor has custom settings since some routers may have functionality that other routers lack. Neighbor routers are sometimes called peers.

Generally, neighbor routers must be configured and discovered by the rest of the network before they can be integrated into the routing calculations. This is a combination of the network administrator configuring the new router with its neighbor router addresses, and the routing network discovering the new router, such as the hello packets in OSPF. That discovery initiates communication between the new router and the rest of the network.

Route maps

Route maps are a way for a FortiGate to evaluate optimum routes for forwarding packets or suppressing the routing of packets to particular destinations. Compared to access lists, route maps support enhanced packet-matching criteria. In addition, route maps can be configured to permit or deny the addition of routes to the FortiGate routing table and make changes to routing information dynamically as defined through route-map rules.

Route maps can be used for limiting both received route updates and sent route updates. This can include the redistribution of routes learned from other types of routing. For example, if you don't want to advertise local static routes to external networks, you could use a route map to accomplish this.

The FortiGate compares the rules in a route map to the attributes of a route. The rules are examined in ascending order until one or more of the rules in the route map are found to match one or more of the route attributes.

As an administrator, route maps allow you to group a set of addresses together and assign them a meaningful name. During your configuration, you can use these route-maps to speed up configuration. The meaningful names also ensure that fewer mistakes are made during configuration.

The default rule in the route map, which the FortiGate applies last, denies all routes. For a route map to take effect, it must be called by a FortiGate routing process.

The syntax for route maps are:

config router route-map

edit <route-map-name>

set comments <comment>

config rule

edit <route-map-rule-id>

set action {permit | deny}

set match-*

set set-*

...

next

next

end

The match-* commands allow you to match various parts of a route. The set-* commands allow you to set routing information once a route is matched.

For an example of how route maps can be used to create receiving or sending “groups” in routing, see BGP.

Access lists

Use this command to add, edit, or delete access lists. Access lists are filters used by FortiGate routing processes. For an access list to take effect, it must be called by a FortiGate routing process (for example, a process that supports RIP or OSPF). Use access-list6 for IPv6 routing.

Access lists can be used to filter which updates are passed between routers or which routes are redistributed to different networks and routing protocols. You can create lists of rules that will match all routes for a specific router or group of routers.

Each rule in an access list consists of a prefix (IP address and netmask), the action to take for this prefix (permit or deny), and whether to match the prefix exactly or match the prefix and a more specific prefix.

If you're setting a prefix of 128.0.0.0, use the format 128.0.0.0/1. The default route, 0.0.0.0/0 can't be exactly matched with an access-list. A prefix-list must be used for this purpose.

A FortiGate attempts to match a packet against the rules in an access list, starting at the top of the list. If it finds a match for the prefix, it takes the action specified for that prefix. If no match is found, the default action is deny.

The syntax for access lists is:

config router {access-list | access-list6}

edit <access-list-name>

set comments <comment>

config rule

edit <access-list-id>

set action {permit | deny}

set exact-match {enable | disable}

set {prefix | prefix6} <prefix>

set wildcard <wildcard>

next

next

end

For an example of how access lists can be used to create receiving or sending “groups” in routing, see BGP.

BFD

Bidirectional Forwarding Detection (BFD) is a protocol that you can use to quickly locate hardware failures in the network. Routers running BFD send packets to each other at a negotiated rate. If packets from a BFD-protected router fail to arrive, that router is declared to be down. BFD communicates this information to the routing protocol and the routing information is updated.

BFD can run on an entire FortiGate, selected interfaces, or on a protocol, such as BGP, for all configured interfaces. The configuration hierarchy allows each lower level to override the BFD setting of the upper level. For example, if you enable BFD for an entire FortiGate, you can disable BFD for an interface or for BGP.

BFD neighbors establish if BFD is enabled in Open Shortest Path First (OSPF) or if BFD routers establish as neighbors.

The config system command allows you to configure whether BFD is enabled in a particular device or VDOM or individual interface, and how often the interface requires the sending and receiving of BFD information.

To configure BFD for an entire FortiGate - CLI:

config system settings

set bfd {enable | disable}

set bfd-desired-min-tx <ms>

set bfd-required-min-rx <ms>

set bfd-detect-mult <multiplier>

set bfd-dont-enforce-src-port {enable | disable}

end

To configure BFD for an interface - CLI:

config system interface

edit <interface-name>

set bfd {global | enable | disable}

set bfd-desired-min-tx <ms>

set bfd-required-min-rx <ms>

set bfd-detect-mult <multiplier>

next

end

To show BFD neighbors - CLI:

get router {info | info6} bfd neighbor

To show BFD requests - CLI:

get router {info | info6} bfd requests

To configure BFD - CLI:

config router {bfd | bfd6}

config neighbor

edit <IP-address>

set interface <interface-name>

next

end

BFD and static routes

BFD for static routes allows you to configure routing failover based on remote path failure detection. BFD removes a static route from the routing table if the FortiGate can't reach the route's destination and returns the route to the routing table if the route's destination is restored.

For example, you can add two static routes with BFD enabled. If one of the routes has a higher priority, all matching traffic uses that route. If BFD determines that the link to the gateway of the route with the higher priority is down, the higher priority route is removed from the routing table and all matching traffic uses the lower priority route. If the link to the gateway for the higher priority route comes back up, BFD adds the route back into the routing table and all matching traffic switches to use the higher priority route.

You can configure BFD for IPv4 and IPv6 static routes.

To configure BFD for static routes - CLI:

config router {static | static6}

edit <sequence-number>

set bfd {enable | disable}

next

end

BFD and OSPF

You can configure BFD for Open Shortest Path First (OSPF) on a FortiGate. FortiGate supports BFD for OSPF for both IPv4 and IPv6.

To configure BFD for OSPF - CLI:

config router {ospf | ospf6}

set bfd {enable | disable}

end

To enable BFD on a specific OSPF interface - CLI:

config router {ospf | ospf6}

set bfd enable

config {ospf-interface | ospf6-interface}

edit <ID>

set bfd {global | enable | disable}

next

end

end

BFD and BGP

While BGP can detect route failures, BFD can be configured to detect these failures more quickly, which allows for faster responses and improved convergence. This can be balanced with the bandwidth BFD uses in its frequent route checking.

The config router bgp commands allow you to set the addresses of the neighbor units that are also running BFD. Both units must be configured with BFD in order to use it.

To configure BFD for BGP - CLI:

config router bgp

config neighbor

edit <neighbor-IP-address>

set bfd {enable | disable}

next

end

Dynamic routing terminology

Dynamic routing terminology

Dynamic routing is a complex subject. There are many routers on different networks and all of them can be configured differently. It's more complicated by the fact that each routing protocol has different names for similar features, as well as many features that you can configure for each protocol.

To better understand dynamic routing, the following sections provide explanations on common dynamic routing terms.

For more details about a term, as it applies to a dynamic routing protocol, see BGP, RIP, and OSPF.

Aggregated routes and addresses

Just as an aggregate interface combines multiple interfaces into one virtual interface, an aggregate route combines multiple routes into one route. This reduces the amount of space those routes require in the routing tables of the routers along that route. The trade-off is a small amount of processing to aggregate and de-aggregate the routes at either end.

The benefit of this method is that you can combine many addresses into one, potentially reducing the routing table size immensely. The weakness of this method is if there are holes in the address range you are aggregating, you need to decide if it is better to break it into multiple ranges, or accept the possibility of failed routes to the missing addresses.

For information about aggregated routes in BGP, see BGP.

To manually aggregate the range of IP addresses from 192.168.1.100 to 192.168.1.103:
  1. Convert the addresses to binary:
  2. 192.168.1.100 = 11000000 10101000 00000001 01100100

    192.168.1.101 = 11000000 10101000 00000001 01100101

    192.168.1.102 = 11000000 10101000 00000001 01100110

    192.168.1.103 = 11000000 10101000 00000001 01100111

  3. Determine the maximum number of matching bits common to the addresses.
  4. There are 30 bits in common, with only the last 2 bits being different.

  5. Record the common part of the address:
  6. 11000000 10101000 00000001 0110010X = 192.168.1.100

  7. For the netmask, assume all the bits in the netmask are 1, except those that are different (which are 0):
  8. 11111111 11111111 11111111 11111100 = 255.255.255.252

  9. Combine the common address bits and the netmask:
  10. 192.168.1.100/255.255.255.252

    Alternately, the IP mask may be written as a single number:

    192.168.1.100/2

  11. As required, set variables and attributes to declare that the routes have been aggregated, and which router did the aggregating.

Autonomous system

An Autonomous System (AS) is one or more connected networks that use the same routing protocol, and appear to be a single unit to any externally connected networks. For example, an ISP may have a number of customer networks connected to it, but to any networks connected externally to the ISP, it appears as one system or AS. An AS may also be referred to as a routing domain.

It should be noted that while OSPF routing takes place within one AS, the only part of OSPF that deals with the AS is the AS border router (ASBR).

There are multiple types of ASs, which are defined by how they are connected to other ASs. A multihomed AS is connected to at least two other ASs and has the benefit of redundancy. If one of those ASs goes down, your AS can still reach the Internet through its other connection. A stub AS has only one connection and can be useful in specific configurations where limited access is desirable.

Each AS has a number assigned to it, known as an ASN. In an internal network, you can assign any ASN you like (a private AS number), but for networks connected to the Internet (public AS), you need to have an officially registered ASN from the Internet Assigned Numbers Authority (IANA). ASNs from 1 to 64,511 are designated for public use.

NAs of January 2010, AS numbers are 4 bytes long, instead of the former 2 bytes. RFC 4893 introduced 32-bit ASNs, which FortiGate support for BGP and OSPF.

Do you need your own AS?

The main factors in deciding if you need your own AS, or if you should be part of someone else’s are:

  • Exchanging external routing information
  • Many prefixes should exist in one AS as long as they use the same routing policy
  • When you use a different routing protocol than your border gateway peers. For example, your ISP uses BGP and you use OSPF.
  • Connected to many other ASs (multihomed)

You shouldn't create an AS for each prefix on your network. You also shouldn't be forced into an AS just so someone else can make AS-based policy decisions on your traffic.

There can be only one AS for any prefix on the Internet. This is to prevent routing issues.

What AS number should you use?

In addition to overseeing IP address allocation and Domain Name Systems (DNS), the Internet Assigned Numbers Authority (IANA) assigns public AS numbers. The public AS numbers range from 1 to 64,511. The ASNs 0, 54272 to 64511, and 65535 are reserved by the IANA and shouldn't be used.

ASNs are assigned in blocks by the Internet Assigned Numbers Authority (IANA) to Regional Internet Registries (RIR), who then assign ASNs to companies within the geographic area of the RIR. These companies are usually ISPs, and to receive an ASN you must complete the application process of the local RIR and be approved before being assigned an ASN. The following table shows the names and regions of the RIRs:

AFRINIC

Serves the African continent

APNIC

Asia-Pacific, including China, India, and Japan

ARIN

American registry, including Canada and United States

LACNIC

Latin America, including Mexico, Caribbean, Central and South America

RIPE NCC

Europe, the Middle East,the former USSR, and parts of Central Asia

AS numbers from 64512 to 65534 are reserved for private use. Private AS numbers can be used for any internal networks with no outside connections to the Internet, such as test networks, classroom labs, and other internal-only networks that don't access the outside world. You can also configure border routers to filter out any private ASNs before routing traffic to the outside world. If you must use private ASNs with public networks, this is the only way to configure them. However, it's risky because many other private networks could be using the same ASNs and conflicts could happen. It would be like your local 192.168.0.0 network being made public and the resulting problems would be widespread.

In 1996, when RFC 1930 was written, only 5,100 ASs had been allocated and a little under 600 ASs were actively routed in the global Internet. Since that time, many more public ASNs have been assigned, leaving only a small number. For this reason 32-bit ASNs (four-octet ASNs) were defined to provide more public ASNs. RFC 4893 defines 32-bit ASNs, and a FortiGate supports these larger ASNs.

Area border router

Routers within an AS advertise updates internally and only to each other. However, routers on the edge of the AS must communicate both with routers inside their AS and routers external to their AS, which are often running a different routing protocol. These routers are called Area Border Routers (ABRs) or edge routers. ABRs often run multiple routing protocols in order to redistribute traffic between different ASs that are running different protocols, such as the edge between an ISP’s IS-IS routing network and a large company’s OSPF network.

OSPF defines ABRs differently from other routers. In OSPF, an ABR is an OSPF router that connects another AS to the backbone AS, and is a member of all the areas it connects to. An OSPF ABR maintains an LSA database for each area that it's connected to. The concept of the edge router is present, but it's the edge of the backbone instead of the edge of the OSPF supported ASs.

Neighbor routers

Routing involves routers communicating with each other. To do this, routers need to know information about each other. These routers are called neighbor routers and are configured in each routing protocol. Each neighbor has custom settings since some routers may have functionality that other routers lack. Neighbor routers are sometimes called peers.

Generally, neighbor routers must be configured and discovered by the rest of the network before they can be integrated into the routing calculations. This is a combination of the network administrator configuring the new router with its neighbor router addresses, and the routing network discovering the new router, such as the hello packets in OSPF. That discovery initiates communication between the new router and the rest of the network.

Route maps

Route maps are a way for a FortiGate to evaluate optimum routes for forwarding packets or suppressing the routing of packets to particular destinations. Compared to access lists, route maps support enhanced packet-matching criteria. In addition, route maps can be configured to permit or deny the addition of routes to the FortiGate routing table and make changes to routing information dynamically as defined through route-map rules.

Route maps can be used for limiting both received route updates and sent route updates. This can include the redistribution of routes learned from other types of routing. For example, if you don't want to advertise local static routes to external networks, you could use a route map to accomplish this.

The FortiGate compares the rules in a route map to the attributes of a route. The rules are examined in ascending order until one or more of the rules in the route map are found to match one or more of the route attributes.

As an administrator, route maps allow you to group a set of addresses together and assign them a meaningful name. During your configuration, you can use these route-maps to speed up configuration. The meaningful names also ensure that fewer mistakes are made during configuration.

The default rule in the route map, which the FortiGate applies last, denies all routes. For a route map to take effect, it must be called by a FortiGate routing process.

The syntax for route maps are:

config router route-map

edit <route-map-name>

set comments <comment>

config rule

edit <route-map-rule-id>

set action {permit | deny}

set match-*

set set-*

...

next

next

end

The match-* commands allow you to match various parts of a route. The set-* commands allow you to set routing information once a route is matched.

For an example of how route maps can be used to create receiving or sending “groups” in routing, see BGP.

Access lists

Use this command to add, edit, or delete access lists. Access lists are filters used by FortiGate routing processes. For an access list to take effect, it must be called by a FortiGate routing process (for example, a process that supports RIP or OSPF). Use access-list6 for IPv6 routing.

Access lists can be used to filter which updates are passed between routers or which routes are redistributed to different networks and routing protocols. You can create lists of rules that will match all routes for a specific router or group of routers.

Each rule in an access list consists of a prefix (IP address and netmask), the action to take for this prefix (permit or deny), and whether to match the prefix exactly or match the prefix and a more specific prefix.

If you're setting a prefix of 128.0.0.0, use the format 128.0.0.0/1. The default route, 0.0.0.0/0 can't be exactly matched with an access-list. A prefix-list must be used for this purpose.

A FortiGate attempts to match a packet against the rules in an access list, starting at the top of the list. If it finds a match for the prefix, it takes the action specified for that prefix. If no match is found, the default action is deny.

The syntax for access lists is:

config router {access-list | access-list6}

edit <access-list-name>

set comments <comment>

config rule

edit <access-list-id>

set action {permit | deny}

set exact-match {enable | disable}

set {prefix | prefix6} <prefix>

set wildcard <wildcard>

next

next

end

For an example of how access lists can be used to create receiving or sending “groups” in routing, see BGP.

BFD

Bidirectional Forwarding Detection (BFD) is a protocol that you can use to quickly locate hardware failures in the network. Routers running BFD send packets to each other at a negotiated rate. If packets from a BFD-protected router fail to arrive, that router is declared to be down. BFD communicates this information to the routing protocol and the routing information is updated.

BFD can run on an entire FortiGate, selected interfaces, or on a protocol, such as BGP, for all configured interfaces. The configuration hierarchy allows each lower level to override the BFD setting of the upper level. For example, if you enable BFD for an entire FortiGate, you can disable BFD for an interface or for BGP.

BFD neighbors establish if BFD is enabled in Open Shortest Path First (OSPF) or if BFD routers establish as neighbors.

The config system command allows you to configure whether BFD is enabled in a particular device or VDOM or individual interface, and how often the interface requires the sending and receiving of BFD information.

To configure BFD for an entire FortiGate - CLI:

config system settings

set bfd {enable | disable}

set bfd-desired-min-tx <ms>

set bfd-required-min-rx <ms>

set bfd-detect-mult <multiplier>

set bfd-dont-enforce-src-port {enable | disable}

end

To configure BFD for an interface - CLI:

config system interface

edit <interface-name>

set bfd {global | enable | disable}

set bfd-desired-min-tx <ms>

set bfd-required-min-rx <ms>

set bfd-detect-mult <multiplier>

next

end

To show BFD neighbors - CLI:

get router {info | info6} bfd neighbor

To show BFD requests - CLI:

get router {info | info6} bfd requests

To configure BFD - CLI:

config router {bfd | bfd6}

config neighbor

edit <IP-address>

set interface <interface-name>

next

end

BFD and static routes

BFD for static routes allows you to configure routing failover based on remote path failure detection. BFD removes a static route from the routing table if the FortiGate can't reach the route's destination and returns the route to the routing table if the route's destination is restored.

For example, you can add two static routes with BFD enabled. If one of the routes has a higher priority, all matching traffic uses that route. If BFD determines that the link to the gateway of the route with the higher priority is down, the higher priority route is removed from the routing table and all matching traffic uses the lower priority route. If the link to the gateway for the higher priority route comes back up, BFD adds the route back into the routing table and all matching traffic switches to use the higher priority route.

You can configure BFD for IPv4 and IPv6 static routes.

To configure BFD for static routes - CLI:

config router {static | static6}

edit <sequence-number>

set bfd {enable | disable}

next

end

BFD and OSPF

You can configure BFD for Open Shortest Path First (OSPF) on a FortiGate. FortiGate supports BFD for OSPF for both IPv4 and IPv6.

To configure BFD for OSPF - CLI:

config router {ospf | ospf6}

set bfd {enable | disable}

end

To enable BFD on a specific OSPF interface - CLI:

config router {ospf | ospf6}

set bfd enable

config {ospf-interface | ospf6-interface}

edit <ID>

set bfd {global | enable | disable}

next

end

end

BFD and BGP

While BGP can detect route failures, BFD can be configured to detect these failures more quickly, which allows for faster responses and improved convergence. This can be balanced with the bandwidth BFD uses in its frequent route checking.

The config router bgp commands allow you to set the addresses of the neighbor units that are also running BFD. Both units must be configured with BFD in order to use it.

To configure BFD for BGP - CLI:

config router bgp

config neighbor

edit <neighbor-IP-address>

set bfd {enable | disable}

next

end