About Bidirectional Forwarding Detection for BGP

This document describes Bidirectional Forwarding Detection (BFD) for BGP in Aviatrix.

Aviatrix’s Bidirectional Forwarding Detection (BFD) for BGP delivers fast, reliable detection of network link and node failures allowing for quick network recovery. By detecting failures rapidly and initiating prompt recovery, BFD helps maintain the high availability and performance standards required in network environments. This capability is essential for business-critical applications that depend on consistent network operation.

Supported Gateways

BFD is supported on all Aviatrix gateways that support external BGP connections.

What is Bidirectional Forwarding Detection?

Bidirectional Forwarding Detection (BFD) is a network protocol that enables fast detection of network failures between two nodes.

In Aviatrix, you can enable BFD to detect link or node failure between an Aviatrix gateway and its remote BGP peer. One of the benefits of BFD is that the BFD timer can be tuned more aggressively than the regular BGP timers to monitor the status of a BGP session.

How BFD Works in Aviatrix

BFD can be enabled at the connection-level for any Aviatrix gateway that supports external BGP connections for rapid failure detection and recovery.

When BFD is enabled:

  1. The Aviatrix gateway exchanges BFD control packets with the remote peer at the negotiated intervals.

  2. If the gateway stops receiving the control packets within the expected interval, the peer is considered down, indicating a network failure.

  3. The gateway terminates the BGP session.

  4. The gateway notifies the Aviatrix Controller, triggering network traffic to be rerouted to the backup link for network recovery and stability.

About BFD Configuration

Enabling BFD for an external BGP connection involves configuring these BGP options used in the network failure detection and recovery process:

BFD Timers

BFD timer defines how often BFD sends and receives control packets from the BGP peer to detect connection failure.

The following parameter are used to configure a BFD timer:

  • Transmit Interval is the minimum interval you want to send BFD control packets to the remote peer. The Aviatrix gateway sends BFD control packets to the remote peer based on the higher of this transmit interval and the peer’s receive interval. The default is 300 milliseconds (ms). You can change the default interval. The supported range is 10 to 60000 (ms).

  • Receive Interval is the minimum interval you want to receive BFD control packets from the remote peer. The remote peer sends BFD control packets to the Aviatrix gateway based on the higher of this receive interval and the peer’s transmit interval. The default is 300ms. You can change the default interval. The supported range is 10 to 60000 (ms).

  • Multiplier is used to determine the total time for failure detection. The negotiated transmit interval is multiplied by the multiplier. If a control packet is not received within that time, the peer is declared down. This correlates to the number of packets that must be lost for the peer to be considered down. The default is 3. You can change the default. The supported range is 2 to 255.

    For example, if the Aviatrix gateway’s Transit Interval is 150ms and the remote peer’s Receive Interval is 300ms, the remote peer will send to the Aviatrix gateway control packets every 300ms. If the Aviatrix gateway’s Multiplier is 3, then the total time for failure detection is 900ms. If a control packet is not received within 900ms, the BGP session is terminated.

See Enable Bidirectional Forwarding Detection.

BGP Neighbor Status Polling Time

BGP Neighbor Status Polling Time sets how often the gateway checks the BGP peer’s status. If the gateway determines a peer is down, the system re-routes network traffic to the backup path. BGP Neighbor Status Polling Time interval can be adjusted to change how quickly the system responds to BGP down events to reduce BGP convergence time after failures. By default, the gateway polls the BGP peer status every 5 seconds.

See Set BGP Neighbor Status Polling Time.

BGP Multihop

When the external BGP connection remote peer is not directly connected (separated by multiple hops) to the Aviatrix gateway, BGP Multihop mode must be enabled for the connection for the gateway to establish a BFD session.

The multihop setting must match the multihop setting on the remote peer for the gateway to establish the BFD session.

See Enable Bidirectional Forwarding Detection.

Enable Bidirectional Forwarding Detection

You can enable Bidirectional Forwarding Detection (BFD) for a BGP over IPsec, BGP over GRE, or BGP over LAN external connection to a remote peer. BFD is supported for Aviatrix gateways that support external BGP connections.

When enabling BFD, you must ensure that a backup path exists to reroute network traffic when a network failure is detected.
For existing BGP connections that were created prior to the availability of the BFD feature in Aviatrix, after you upgrade your Aviatrix Controller and Gateways, you will need to manually enable BFD on the BGP connection.

To enable BFD:

Enable BFD for an Existing BGP Connection

To enable BFD for an existing BGP connection:

  1. In Aviatrix CoPilot, go to Networking > Connectivity > External Connections (S2C) tab.

  2. From the list of BGP connections, select the connection for which you want to enable BFD.

    For quick access, you can use the Filter or Search option from the toolbar to find by name or matching condition.

  3. In the connection’s Settings page, expand the Border Gateway Protocol section.

  4. If the remote peer is directly connected to the gateway, locate BGP Multihop card and set BGP Multihop toggle to Off.

  5. Click Save.

  6. Locate the BFD card and set BFD toggle to On.

  7. Configure the BFD timer. Specify the following values:

    1. Transmit Interval: The minimum interval for sending the BFD control packets to the BGP peer. The default is 300 milliseconds(ms). The supported range is 10 to 60000 (ms).

    2. Receive Interval: The minimum interval for receiving the BFD control packets from the BGP peer. The default is 300 milliseconds(ms). The supported range is 10 to 60000 (ms).

    3. Detect Multiplier: The multiplier to calculate the total time for failure detection. The default is 3. The supported range is 2 to 255.

  8. Click Save.

    After enabling BFD, if you notice an increase in BGP session instability, consider raising the BFD timers and/or the detect multiplier to reduce BGP session instability. See Troubleshooting BGP Session Instability After Enabling BFD.

Set BGP Neighbor Status Polling Time

For all external BGP connections, the system checks for BGP connection failures every five seconds, by default. The polling time can be adjusted to change how quickly Aviatrix responds to BGP connection down.

Setting BGP Neighbor Status Polling Time to a low number of seconds generates additional load. Using short polling times on many gateways has the potential to cause instability, especially if your fabric has many BGP sessions and/or lots of BGP routes.

To adjust the polling time:

  1. In Aviatrix, go to the gateway’s Settings page.

    • For Transit or Spoke Gateway, go to Cloud Fabric > Gateways, then select Transit Gateways or Spoke Gateways tab.

    • For Edge Gateway, go to Cloud Fabric > Hybrid Cloud > Edge Gateways tab.

  2. From the gateways list, locate and select the gateway.

  3. In the gateway’s page, click the Settings tab.

  4. Expand the Border Gateway Protocol (BGP) section.

  5. Locate the BGP Neighbor Status Polling Time card and change the default polling time.

  6. Click Save to save your changes.

View BFD Status for a BGP Connection

When you enable BFD for an external BGP connection, you can view the BFD status.

To view BFD status:

  1. In Aviatrix CoPilot, go to Networking > Connectivity > External Connections (S2C) tab.

  2. From the list of BGP connections, select the connection for which you want to view BFD status.

    For quick access, you can use the Filter or Search option from the toolbar to find by name or matching condition.

  3. Click the Details tab.

  4. In the BGP Neighbor table, locate BFD Status to view the status.

    BFD status can be one of the following:

    • Initializing when BFD is first enabled for BGP a connection.

    • Up when BFD detects the BGP peer connection is up.

    • Down when BFD detects the BGP peer connection is down.

    • Disabled when BFD is not enabled for the BGP connection.

Troubleshooting BGP Session Instability After Enabling BFD

BFD is designed for rapid detection of network failures. It can cause flapping of BGP sessions or session termination if BFD timers are tuned too aggressively or there are issues with the network link between the two peers. By adjusting timers, increasing detect multipliers, and verifying peer configuration, you can maintain a stable and efficient network environment.

Recommendations for Resolving Instability

To address BGP session instability after enabling BFD, consider doing the following:

  1. Adjust BFD Timers

    BFD timers determine how often BFD sends and receives control packets from the BGP peer to detect connection failure. If sessions become unstable, raise the timers to decrease the detection intervals:

    • Transmit Interval: Increase this value to reduce the frequency of BFD packets sent.

    • Receive interval: Increase this value to decrease the rate of BFD packets received.

  2. Increase the Detect Multiplier

    The detect multiplier determines the number of missed BFD packets before considering the session as down. Increasing this value allows more time for network link issues to resolve without prematurely terminating the BGP session.

  3. Verify Peer Configuration

    Ensure that the BFD settings on both BGP peers align to avoid mismatched expectations. Differences in timer or multiplier settings can lead to session negotiation failures.

Once adjustments are made, validate the stability by monitoring the BFD status for the connection to ensure consistent peering.