BFD Example

This example establishes authenticated BFD between two routers which use OSPF to exchange routing information.

Configure BFD Authentication Keys

First, configure and check the authentication keys on both routers.

r1 tnsr(config)# bfd conf-key-id 123456789
r1 tnsr(config-bfd-key)# authentication type meticulous-keyed-sha1
r1 tnsr(config-bfd-key)# secret 4a40369b4df32ed0652b548400
r1 tnsr(config-bfd-key)# exit
r2 tnsr(config)# bfd conf-key-id 123456789
r2 tnsr(config-bfd-key)# authentication type meticulous-keyed-sha1
r2 tnsr(config-bfd-key)# secret 4a40369b4df32ed0652b548400
r2 tnsr(config-bfd-key)# exit
r1 tnsr# show bfd keys
Conf Key  Type                  Use Count
--------- --------------------- ----------
123456789 meticulous-keyed-sha1 1
r2 tnsr# show bfd keys
Conf Key  Type                  Use Count
--------- --------------------- ----------
123456789 meticulous-keyed-sha1 1

Configure BFD Sessions

Next, configure the BFD sessions on both routers using the authentication information configured in the previous section.

r1 tnsr(config)# bfd session r1_r2
r1 tnsr(config-bfd)# enable true
r1 tnsr(config-bfd)# interface TenGigabitEthernet6/0/0
r1 tnsr(config-bfd)# local address 203.0.113.2
r1 tnsr(config-bfd)# peer address 203.0.113.27
r1 tnsr(config-bfd)# desired-min-tx 1000000
r1 tnsr(config-bfd)# required-min-rx 1000000
r1 tnsr(config-bfd)# detect-multiplier 3
r1 tnsr(config-bfd)# bfd-key-id 123
r1 tnsr(config-bfd)# conf-key-id 123456789
r1 tnsr(config-bfd)# delayed true
r1 tnsr(config-bfd)# exit
r1 tnsr(config)# exit

Note

Note that since this node is being configured first, it has delayed true set, while the peer will have false. Since this is a new session, the difference is minimal, but when making future changes, this distinction is important. See Setup BFD Authentication for details.

r2 tnsr(config)# bfd session r2_r1
r2 tnsr(config-bfd)# enable true
r2 tnsr(config-bfd)# interface TenGigabitEthernet6/0/0
r2 tnsr(config-bfd)# local address 203.0.113.27
r2 tnsr(config-bfd)# peer address 203.0.113.2
r2 tnsr(config-bfd)# desired-min-tx 1000000
r2 tnsr(config-bfd)# required-min-rx 1000000
r2 tnsr(config-bfd)# detect-multiplier 3
r2 tnsr(config-bfd)# bfd-key-id 123
r2 tnsr(config-bfd)# conf-key-id 123456789
r2 tnsr(config-bfd)# delayed false
r2 tnsr(config-bfd)# exit
r2 tnsr(config)# exit

Confirm BFD Status

With BFD configured on both nodes, check its status. The status should show a state of up and also indicate that the session is authenticated.

r1 tnsr# show bfd
Session Name: r1_r2
    Interface: TenGigabitEthernet6/0/0
    Local IP Addr: 203.0.113.2
    Peer  IP Addr: 203.0.113.27
    State: up
    Required Min Rx Interval: 1000000 usec
    Desired Min Tx Interval: 1000000 usec
    Detect Multiplier: 3
    BFD Key Id: 123
    Configuration Key Id: 123456789
    Authenticated: true
r2 tnsr# show bfd
Session Name: r2_r1
    Interface: TenGigabitEthernet6/0/0
    Local IP Addr: 203.0.113.27
    Peer  IP Addr: 203.0.113.2
    State: up
    Required Min Rx Interval: 1000000 usec
    Desired Min Tx Interval: 1000000 usec
    Detect Multiplier: 3
    BFD Key Id: 123
    Configuration Key Id: 123456789
    Authenticated: true

Setup OSPF

Now setup the routing protocol which will utilize the BFD status.

Note

BFD is activated by the bfd enabled true command on the TenGigabitEthernet6/0/0 interface in OSPF. This is the same interface configured in BFD.

r1 tnsr(config)# route dynamic ospf
r1 tnsr(config-frr-ospf)# enable
r1 tnsr(config-frr-ospf)# server
r1 tnsr(config-ospf)# ospf router-id 10.2.0.1
r1 tnsr(config-ospf)# interface TenGigabitEthernet6/0/0
r1 tnsr(config-ospf-if)# ip address * area 0.0.0.0
r1 tnsr(config-ospf-if)# ip network broadcast
r1 tnsr(config-ospf-if)# bfd enabled true
r1 tnsr(config-ospf-if)# exit
r1 tnsr(config-ospf)# int GigabitEthernet3/0/0
r1 tnsr(config-ospf-if)# ip address * area 0.0.0.0
r1 tnsr(config-ospf-if)# exit
r1 tnsr(config-ospf)# exit
r1 tnsr(config-frr-ospf)# exit
r2 tnsr(config)# route dynamic ospf
r2 tnsr(config-frr-ospf)# enable
r2 tnsr(config-frr-ospf)# server
r2 tnsr(config-ospf)# ospf router-id 10.27.0.1
r2 tnsr(config-ospf)# interface TenGigabitEthernet6/0/0
r2 tnsr(config-ospf-if)# ip address * area 0.0.0.0
r2 tnsr(config-ospf-if)# ip network broadcast
r2 tnsr(config-ospf-if)# bfd enabled true
r2 tnsr(config-ospf-if)# exit
r2 tnsr(config-ospf)# int GigabitEthernet3/0/0
r2 tnsr(config-ospf-if)# ip address * area 0.0.0.0
r2 tnsr(config-ospf-if)# exit
r2 tnsr(config-ospf)# exit
r2 tnsr(config-frr-ospf)# exit

Check OSPF Status

Check the status of OSPF to see if a neighbor relationship has been formed:

r1 tnsr(config)# show route dynamic ospf neighbor

Neighbor ID     Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
10.27.0.1         1 Full/Backup       36.415s 203.0.113.27    TenGigabitEthernet6/0/0:203.0.113.2     0     0     0
r2 tnsr(config)# show route dynamic ospf neighbor

Neighbor ID     Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
10.2.0.1          1 Full/DR           35.487s 203.0.113.2     TenGigabitEthernet6/0/0:203.0.113.27     1     0     0

Finish Up

Both routers are fully configured to use BFD and OSPF. If the TenGigabitEthernet6/0/0 interface fails, BFD will signal OSPF and the interface will be marked down in the OSPF daemon, and neighbors on that interface will be removed.