BFD

This help contains the following topics:

Introduction
vSystem support information
Configure BFD

Introduction

Bidirectional forwarding detection (BFD) provides a general-purpose, standard, medium- and protocol-independent fast failure detection mechanism. It can detect and monitor the connectivity of forwarding paths to detect communication failures quickly so that measures can be taken to ensure service continuity and enhance network availability.

BFD can uniformly and quickly detect the failures of the bidirectional forwarding paths between two devices for upper-layer protocols such as routing protocols. The hello mechanism used by upper-layer protocols needs seconds to detect a link failure, while BFD can provide detection measured in milliseconds.

BFD sessions use echo packets to implement detection. Echo packets are encapsulated into UDP packets with port number 3785.

The local end of the link sends echo packets to establish BFD sessions and monitor link status. The peer end does not establish BFD sessions and only forwards the packets back to the originating end. If the local end does not receive echo packets from the peer end within the detection time, it considers the session to be down. BFD sessions in echo packet mode do not require both ends to support BFD. Upon receiving BFD echo packets, the peer end loops back the packets for fast detection.

vSystem support information

Support of non-default vSystems for this feature depends on the device model. This feature is available on the Web interface only if it is supported.

Configure BFD

Complete the following tasks before you configure this feature:

Assign IP addresses to interfaces on the Network > Interface Configuration > Interfaces page.
Configure routes on the Network > Routing page. Make sure the routes are available.
Create security zones on the Network > Security Zones page.
Add interfaces to security zones. You can add interfaces to a security zone on the Security Zones page or select a security zone for an interface on the Interfaces page.
Configure security policies to permit the target traffic on the Policies > Security Policies page.

To configure BFD:

Select System > High Availability > BFD.

Configure BFD as follows:

Figure-1 BFD settings

Table-1 BFD configuration items

Item	Description
Echo packet source IPv4	Specify a source IPv4 address for echo packets, which can be any valid unicast IPv4 address. As a best practice, specify an IPv4 address that is not on the same network segment as any local interfaces. This behavior prevents the peer from sending a large number of ICMP redirect packets, which might result in link congestion.
Echo packet source IPv6	Specify a source IPv6 address for echo packets, which can only be a global unicast IPv6 address. As a best practice, specify an IPv6 address that is not on the same network segment as any local interfaces. This behavior prevents the peer from sending a large number of ICMPv6 redirect packets, which might result in link congestion.

Item

Description

Echo packet source IPv4

Specify a source IPv4 address for echo packets, which can be any valid unicast IPv4 address.

As a best practice, specify an IPv4 address that is not on the same network segment as any local interfaces. This behavior prevents the peer from sending a large number of ICMP redirect packets, which might result in link congestion.

Echo packet source IPv6

Specify a source IPv6 address for echo packets, which can only be a global unicast IPv6 address.

As a best practice, specify an IPv6 address that is not on the same network segment as any local interfaces. This behavior prevents the peer from sending a large number of ICMPv6 redirect packets, which might result in link congestion.