Fortinet black logo

Administration Guide

Bidirectional forwarding detection

Copy Link
Copy Doc ID 0f66c6af-cee6-11eb-97f7-00505692583a:626295
Download PDF

Bidirectional forwarding detection

FortiSwitchOS v3.4.2 and later supports static bidirectional forwarding detection (BFD), a point-to-point protocol to detect faults in the datapath between the endpoints of an IETF-defined tunnel (such as IP, IP-in-IP, GRE, and MPLS LSP/PW).

BFD defines demand mode and asynchronous mode operation. The FortiSwitch unit supports asynchronous mode. In this mode, the systems periodically send BFD control packets to one another, and if a number of those packets in a row are not received by the other system, the session is declared to be down.

BFD packets are transported using UDP/IP encapsulation and BFD control packets are identified using well-known UDP destination port 3784 (NOTE: BFD echo packets are identified using 3785).

BFD packets are not visible to the intermediate nodes and are generated and processed by the tunnel end systems only.

Configuring BFD

Use the following steps to configure BFD:

  1. Configure the following values in the system interface:
    • Enable BFD: Set to enable or set to global to inherit the global configuration value.
    • Desired min TX interval: This is the minimum interval that the local system would like to use between transmission of BFD control packets. Value range is 200 ms – 30,000 ms. Default value is 250.
    • Required min RX interval: This is the minimum interval that the local system can support between receipt of BFD control packets. If you set this value to zero, the remote system will not transmit BFD control packets. The value range is 200 ms – 30000 ms. The default value is 250.
    • Detect multi: This is the detection time multiplier. The negotiated transmit interval multiplied by this value is the Detection Time for the receiving system. The value range is 1 – 20. The default is 3.
  2. Enable BFD in the static router configuration.
Using the CLI:

config system interface

edit <system interface name>

set bfd {enable| disable | global}

set bfd–desired-min-tx <number of ms>

set bfd-required-min-rx <number of ms>

set bfd-detect-multi [1…20]

next

config router static

edit 1

set bfd enable

set status enable

Viewing the BFD configuration

Using the GUI:

Go to Router > Monitor > BFD Neighbor.

Using the CLI:

To display the status of BFD sessions:

get router info bfd neighbor [ <IP address of neighbor>]

OurAddr         NeighAddr       LD/RD   State   Int
192.168.15.2 192.168.15.1 1/4 UP vlan2000
192.168.16.2 192.168.16.1 2/2 UP vlan2001

To filter the command output:

get router info bfd neighbor [<BFD_local_IPv4_address>] [<BFD_peer_interface>]

Bidirectional forwarding detection

FortiSwitchOS v3.4.2 and later supports static bidirectional forwarding detection (BFD), a point-to-point protocol to detect faults in the datapath between the endpoints of an IETF-defined tunnel (such as IP, IP-in-IP, GRE, and MPLS LSP/PW).

BFD defines demand mode and asynchronous mode operation. The FortiSwitch unit supports asynchronous mode. In this mode, the systems periodically send BFD control packets to one another, and if a number of those packets in a row are not received by the other system, the session is declared to be down.

BFD packets are transported using UDP/IP encapsulation and BFD control packets are identified using well-known UDP destination port 3784 (NOTE: BFD echo packets are identified using 3785).

BFD packets are not visible to the intermediate nodes and are generated and processed by the tunnel end systems only.

Configuring BFD

Use the following steps to configure BFD:

  1. Configure the following values in the system interface:
    • Enable BFD: Set to enable or set to global to inherit the global configuration value.
    • Desired min TX interval: This is the minimum interval that the local system would like to use between transmission of BFD control packets. Value range is 200 ms – 30,000 ms. Default value is 250.
    • Required min RX interval: This is the minimum interval that the local system can support between receipt of BFD control packets. If you set this value to zero, the remote system will not transmit BFD control packets. The value range is 200 ms – 30000 ms. The default value is 250.
    • Detect multi: This is the detection time multiplier. The negotiated transmit interval multiplied by this value is the Detection Time for the receiving system. The value range is 1 – 20. The default is 3.
  2. Enable BFD in the static router configuration.
Using the CLI:

config system interface

edit <system interface name>

set bfd {enable| disable | global}

set bfd–desired-min-tx <number of ms>

set bfd-required-min-rx <number of ms>

set bfd-detect-multi [1…20]

next

config router static

edit 1

set bfd enable

set status enable

Viewing the BFD configuration

Using the GUI:

Go to Router > Monitor > BFD Neighbor.

Using the CLI:

To display the status of BFD sessions:

get router info bfd neighbor [ <IP address of neighbor>]

OurAddr         NeighAddr       LD/RD   State   Int
192.168.15.2 192.168.15.1 1/4 UP vlan2000
192.168.16.2 192.168.16.1 2/2 UP vlan2001

To filter the command output:

get router info bfd neighbor [<BFD_local_IPv4_address>] [<BFD_peer_interface>]