BFD Configuration
Mode Commands
The BFD Configuration
Mode manages the protocol settings for Bidirectional Forwarding
Detection (BFD).
BFD provides a low-overhead,
short duration method of detecting failures in the forwarding path
between two BGP adjacent
routers, including the interfaces, data links, and forwarding plane.
BFD must be enabled on both routers. The ASR 5000 and ASR 5500 supports
BFD on Layer 3 clients only in asynchronous mode with optional Echo
functionality.
IMPORTANT:
The commands or keywords/variables
that are available are dependent on platform type, product version,
and installed license(s).
bfd multihop-peer
Configures parameters
for any multihop-BFD sessions with the same destination address.
If these parameters are not configured via this command, MH-BFD
sessions with the same destination address will be in the Admin-down
state.
Privilege:
Security Administrator,
Administrator
Syntax
bfd multihop-peer dst-ip-address { authentication { md5 | meticulous-md5 | meticulous-sha1
plain-text | sha1 } { encrypted password-string | password password-string } | interval tx_interval min_rx rx_interval multiplier value }
no bfd multihop-peer dst-ip-address authentication
no
Removes all the parameters
for the MH-BFD destination address and if there are any sessions
with the same destination address, those sessions will go to Admin-down state.
dst-ip-address
Specifies the destination
address of the BFD enabled peer in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal
notation. This destination address must have been previously configured
via the ip route
static bfd commands
in the Context Configuration mode.
authentication { md5 | meticulous-md5 | meticulous-sha1
plain-text | sha1
Specifies the method
for authenticating all multihop BFD sessions to the specified peer.
By default, authentication for Multihop-BFD sessions to a destination
address is disabled. The authentication type options include:
- md5 – Message
Digest 5
- meticulous-md5 – MD5
using a secret key and sequence numbers updated for every packet
- meticulous-sha1 – SHA1
with sequence numbers updated for every packet
- plain-text – plain
text (unencrypted)
- sha1 – Secured
Hash Algorithm 1
encrypted password-string | password password-string
Specifies the password
for authentication of BFD sessions. The password
must be the same
between the peer neighbors for the BFD sessions to work. If the
authentication password is configured incorrectly between peers,
the BFD sessions to the destination address will not come UP. If
the password is configured for BFD sessions that are already UP,
BFD neighbors will be reset.
- encrypted password-string:
Specifies the use of an encrypted password for authentication of
BFD sessions as an alphanumeric string of up to 523 characters.
- password password-string:
Specifies the use of a plain text password for authentication of
BFD sessions as an alphanumeric string of 1 through 19 characters.
IMPORTANT:
The destination address
and its transmit/receive intervals must be configured before the password
is applied to any MH-BFD sessions at a destination address.
interval tx_interval min_rx rx_interval multiplier value
interval tx_interval: Specifies
the transmit interval (in milliseconds) between BFD packets as an
integer from 50 through 999. Default: 50
min_rx rx_interval:
Specifies the receive interval (in milliseconds) between BFD packets
as an integer from 50 through 999. Default: 50
multiplier value: Specifies
the multiplier value sued to compute holddown as an integer from
3 through 50. Default: 3
Usage:
Use this command to
configure basic operating parameters between BFD enabled peers.
Example:
bfd multihop-peer
10.2.3.4 authentication md5 encrypted 5-klm7783
bfd multihop-peer
10.2.3.4 interval 100 min_rx 100 multiplier 5
bfd nbr-group-name
Configures BFD neighbor
groups.
Privilege:
Security Administrator,
Administrator
Syntax
[no] bfd
nbr-group-name neighbor-group { active-if-name if-name | passive-if-name if-name } gw-ip-address
no bfd nbr-group-name neighbor-group
no
Removes all the parameters
for the BFD neighbor group.
neighbor-group
Specifies an identifier
for a BFD neighbor group as an alphanumeric string of 1 through
19 characters.
active-if-name if-name | passive-if-name if-name
Specifies the logical/physical
interface associated with this BFD group.
active-if-name if-name: Specifies
an active interface that notifies all passive interfaces in this
group. There should be only one active interface in a group. if-name is
a logical or physical interface specified as an alphanumeric string
of 1 through 79 characters.
passive-if-name if-name: Specifies
a passive interface that receives BFD notifications from the active
interface in this group. if-name is
a logical or physical interface specified as an alphanumeric string
of 1 through 79 characters.
gw-ip-address
Specifies the gateway
address of the BFD neighbor in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal
notation (optional CIDR notation).
Usage:
Allow scaling of BFD
sessions when a large number of logical interfaces are configured on
a physical interface. A failure on the physical interface or a logical
interface can be propagated to all passive interfaces in this group.
Example:
bfd nbr-group-name
bgpgroup132 active-if-name bgpif02
echo
Enables or disables
BFD echo mode functionality. The Echo function tests the forwarding
path on the remote system. Echo is only used for single hop BFD sessions
Privilege:
Security Administrator,
Administrator
no echo
Disables BFD echo
functionality.
Usage:
Use this function
to send a stream of Echo packets that the other endpoint then sends
back via its forwarding plane. Echo tests the forwarding path on
the remote system.
end
Exits the current
configuration mode and returns to the Exec mode.
Privilege:
Security Administrator,
Administrator
Usage:
Use this command to
return to the Exec mode.
exit
Exits the current
mode and returns to the parent configuration mode.
Privilege:
Security Administrator,
Administrator
Usage:
Use this command to
return to the parent configuration mode.
slow-timers
Specifies the asynchronous
mode control packet interval when Echo mode is enabled. In BFD asynchronous
mode, BFD-enabled peers periodically send BFD Control packets to
one another. If a number of those packets in a row are not received
within the specified interval by the other peer, the session is
declared to be down.
Privilege:
Security Administrator,
Administrator
Syntax
slow-timers timer-value
no slow-timers
no
Disables previously
specified BFD slow timers.
timer-value
Specifies the BFD
control packet interval (in milliseconds) for Echo mode as an integer from
1000 through 300000. Default: 2000
Usage:
Use this command to
configure the interval between BFD control packets sent between peers
in Echo mode.