Configuring BFD to Monitor VPN Routes
You can configure BFD to monitor a VPN route to check whether the VPN route is reachable.
Pre-configuration Tasks
Before configuring BFD to detect a VPN route, complete the following task:
Configure network layer attributes for interfaces to ensure network connectivity.
Configure a VPN instance on each PE.
- Enabling BFD Globally
- Establishing a BFD Session
- (Optional) Configuring BFD Packets to Be Transparently Transmitted on an Interface
- (Optional) Changing the BFD Detection Time
- (Optional) Setting the BFD WTR Time
- (Optional) Configuring a Description for a BFD Session
- (Optional) Setting the Priority of a BFD Session
- Verifying the Configuration of BFD to Monitor VPN Routes
Establishing a BFD Session
You can establish a BFD session on both ends of a link to detect faults in a VPN route.
Procedure
- Run system-view
The system view is displayed.
- According to whether BFD detects an IPv4 or IPv6 link, perform either of the following operations:
To bind a BFD session for IPv4 to an interface, run bfd session-name bind peer-ip peer-ip vpn-instance vpn-name [ interface interface-type interface-number ] [ source-ip source-ip ]
- If a single-hop BFD session for IPv4 is created for the first time, a peer IPv4 address must be specified for the BFD session, and the BFD session must be bound to the local interface. The binding cannot be modified after being created.
- When a BFD session for IPv4 is created, the system checks only the validity of the IPv4 address format. Binding the BFD session for IPv4 to an incorrect remote or local IPv4 address results in a failure in establishing the BFD session for IPv4.
- If BFD and unicast reverse path forwarding (URPF) are used together, source-ip must be configured correctly before a BFD session is bound to the IPv4 address to prevent BFD packets from being discarded. URPF checks the format of the source IPv4 addresses in received packets and discards the packets whose source IPv4 addresses are incorrect.
- Run either of the following commands to create the binding information about the BFD for IPv6 session:
bfd session-name bind peer-ipv6 peer-ipv6 vpn-instance vpn-name [ interface interface-type interface-number ] [ source-ipv6 source-ipv6 ]
bfd session-name bind peer-ipv6 peer-ipv6 vpn-instance vpn-name [ source-ipv6 source-ipv6 ] [ select-board slot-id1 [ slot-id2 ] ]
- If a single-hop BFD session for IPv6 is created for the first time, the BFD session must be bound to the remote IPv6 address and the local interface. The binding cannot be modified after being created.
- When a BFD session for IPv6 is created, the system checks only the validity of the IPv6 address format. Binding the BFD session for IPv6 to an incorrect remote or local IPv6 address results in a failure in establishing the BFD session for IPv6.
- If BFD and URPF are used together, source-ip must be configured correctly before a BFD session is bound to the IPv6 address to prevent BFD packets from being discarded. URPF checks the format of the source IPv6 addresses in received packets and discards the packets whose source IPv6 addresses are incorrect.
If both slot-id1 and slot-id2 are configured in select-board slot-id1 [ slot-id2 ], only one board is selected, and slot-id1 is preferred. If slot-id1 fails to be selected, slot-id2 is selected. If both boards fail to be selected, board selection stops.
- Run discriminator local discr-value
The local discriminator of the BFD session is created.
- Run discriminator remote discr-value
The remote discriminator of the BFD session is created.
The local and remote discriminators on the two ends of a BFD session must be correctly associated. That is, the local discriminator of the local device must be the same as the remote discriminator of the remote device, and the remote discriminator of the local device must be the same as the local discriminator of the remote device. If the association is incorrect, a BFD session cannot be set up.
- Run commit
The configuration is committed.
(Optional) Configuring BFD Packets to Be Transparently Transmitted on an Interface
On a network, if a customer-side router that functions as a CE has the default BFD function enabled, the default BFD packets received by a PE are sent to the CPU instead of being transparently transmitted to the peer CE. In this case, you can adjust the forwarding mode of multicast IPv4 BFD packets on the interface and its sub-interfaces to enable the BFD packets to be transparently transmitted.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
- Run default-ip-bfd transparent-transmission enable
Transparent transmission is configured for multicast IPv4 BFD packets on the interface and its sub-interfaces.
- Run commit
The configuration is committed.
(Optional) Changing the BFD Detection Time
You can change the BFD detection time to more efficiently use a BFD session to monitor links on a network.
Procedure
- Run system-view
The system view is displayed.
- Run bfd session-name
The BFD session view is displayed.
- Run min-tx-interval tx-interval
The minimum interval at which BFD control packets are sent is set.
- Run min-rx-interval rx-interval
The minimum interval at which BFD control packets are received is set.
If a BFD session goes Down, a device automatically changes the intervals at which BFD control packets are sent and received to random values greater than 1000 milliseconds. After the BFD session goes Up, the device restores the configured intervals.
- Run detect-multiplier multiplier
The local detection multiplier is set.
In BFD for route scenarios, a route's outbound interface is an inter-board trunk interface. If the board on which the trunk interface's any member interface resides fails and the BFD detection time is less than 200 ms, the BFD session goes Down because the inter-board trunk switching time is 200 ms. Therefore, you are advised to set the BFD detection time to a value greater than 3 x 100 ms.
- Run commit
The configuration is committed.
(Optional) Setting the BFD WTR Time
You can set the BFD wait to restore (WTR) time to prevent an application from switching between the master and slave devices due to BFD session flapping.
Context
If a BFD session flaps, master/slave switchovers are frequently performed on the application associated with BFD. To resolve this issue, set the WTR time for a BFD session. When the BFD session changes from Down to Up, BFD reports the change to the upper-layer application after the WTR time expires.
Procedure
- Run system-view
The system view is displayed.
- Run bfd session-name
The BFD session view is displayed.
- Run wtr wtr-value
The WTR time of the BFD session is set.
A BFD session is unidirectional. Therefore, if the WTR time is used, you must set the same WTR time on both ends of the BFD session. If the WTR times on both ends are different and the session status changes on one end, applications on both ends of the BFD session detect different BFD session statuses.
- Run commit
The configuration is committed.
(Optional) Configuring a Description for a BFD Session
You can configure a description for a BFD session to identify this session.
Procedure
- Run system-view
The system view is displayed.
- Run bfd session-name
The BFD session view is displayed.
- Run description description
A description is configured for the BFD session.
description is a string of 1 to 51 case-sensitive characters, spaces not supported.
You can run the undo description command to delete the description of the BFD session.
- Run commit
The configuration is committed.
(Optional) Setting the Priority of a BFD Session
You can set a priority for a BFD session. Packets of a BFD session with a higher priority are preferentially forwarded.
Procedure
- Run system-view
The system view is displayed.
- (Optional) Run bfd
The BFD view is displayed.
- (Optional) Run tos-exp tos-value static
A priority is configured for all the static BFD session.
To specify priorities for static BFD sessions in batches, run this command in the BFD view.
- (Optional) Run quit
Return to the system view.
- Run bfd session-name
The BFD session view is displayed.
- Run tos-exp tos-value
If the tos-exp command is run in the BFD session view to set a priority and the tos-exp command is run in the BFD view to set a priority, the configuration of the tos-exp command in the BFD session view takes effect.
- Run commit
The configuration is committed.
Verifying the Configuration of BFD to Monitor VPN Routes
After configuring BFD to monitor a VPN route, verify the configuration, including the session type and status.
Prerequisites
BFD has been configured to monitor a VPN route.
You can view statistics about a BFD session and information about the BFD session only after all BFD parameters are set and the BFD session is successfully set up.
Procedure
- Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peer-ip [ vpn-instance vpn-name ] | static } [ verbose ] command to check information about BFD sessions.
- Run the display bfd statistics command to check global BFD statistics.
- Run the display bfd statistics session { all | static | dynamic | discriminator discr-value | peer-ip peer-ip [ vpn-instance vpn-name ] } command to check statistics about BFD sessions.
- Run the display bfd interface command to check information about BFD interfaces.
- Enabling BFD Globally
- Establishing a BFD Session
- (Optional) Configuring BFD Packets to Be Transparently Transmitted on an Interface
- (Optional) Changing the BFD Detection Time
- (Optional) Setting the BFD WTR Time
- (Optional) Configuring a Description for a BFD Session
- (Optional) Setting the Priority of a BFD Session
- Verifying the Configuration of BFD to Monitor VPN Routes
