Routing Configuration Guide, Cisco Catalyst SD-WAN Releases 17.x

PDF

Automatically suspending BFD sessions

Updated: February 6, 2026

Overview

Describes how Cisco Catalyst SD-WAN automatically suspends unstable BFD sessions to prevent repeated flapping and reduce unnecessary traffic disruption.

A BFD session flap is a network condition that

  • occurs when a BFD session repeatedly transitions between up and down states,

  • happens because one device in the session becomes unavailable and then available again, or

  • repeatedly recovers and fails due to unstable connections, disrupting applications and causing unnecessary traffic steering between overlay paths.

Automatically suspending BFD sessions

To prevent repeated BFD session flaps, Cisco Catalyst SD-WAN automatically suspends unstable BFD sessions based on the following parameters:

Flap cycle

A flap cycle includes this sequence:

  • The BFD session is in the up state.

  • The BFD session transitions to the down state.

  • The BFD session comes back up.

SLA threshold

An SLA threshold determines when to add a BFD session to the suspended list. It defines a limit for traffic metrics such as loss, latency, or jitter. When any metric exceeds the defined threshold, the system suspends the BFD session. These thresholds represent the traffic performance levels specified in the SLA.

An SLA threshold is optional. If you configure one, set higher values for loss, latency, and jitter to prevent conflicts with SLA parameters defined in SLA classes. For more details on SLA classes, see the Cisco Catalyst SD-WAN Policies Configuration Guide.

Benefits of automatically suspending BFD sessions

  • You can manually remove the affected circuit or tunnel interface from the BFD suspended list.

  • Provides monitoring of a suspended tunnel.

How BFD session suspension works

  • As the BFD suspension feature is for forward data traffic, you should enable BFD suspension on the remote-end node to block the reverse data traffic to avoid dropping data traffic.

  • This feature does not manipulate the state of the BFD session.

Summary

The BFD session suspension workflow temporarily halts unstable sessions to prevent repeated flapping, allowing only control traffic while blocking data traffic until stability is restored.

Workflow

If a BFD session exceeds the flap-count value within the configured flapping-window interval, then the BFD session must remain suspended until the configured duration interval.

  1. For a BFD session in the suspended state, the following occurs:
    • If a session reflaps or exceeds the threshold parameters defined, the session is moved back to suspended state and the duration is reset again.
    • If the session does not flap and is within the threshold range, the session is automatically removed out of the suspended state after the duration interval expires.
    • You can also manually remove suspended BFD sessions by using the request platform software sdwan auto-suspend reset command. For more information, see the Cisco IOS XE SD-WAN Qualified Command Reference Guide.

Result

Data traffic is not sent across the overlay network when a BFD session is in the suspended state.

Only regular SLA measurement, echo response, or path maximum transmission unit (PMTU) control traffic is sent across a suspended BFD session.

Restrictions for automatically suspending BFD sessions

Defines limitations for using BFD automatic suspension in Cisco SD-WAN.

  • On a Cisco IOS XE Catalyst SD-WAN device with a single TLOC, automatic suspension may drop BFD sessions.

  • The last-resort circuit may not work for a single site unless all BFD sessions are down for a tunnel interface. The last-resort circuit is enabled only if all BFD sessions on the non last-resort circuit are suspended or down.

  • SD-WAN Manager feature templates do not support configuring automatic suspension of BFD sessions.

  • You can configure BFD automatic suspension only through a device CLI or a CLI add-on template.

  • When duplicated traffic is sent through a different BFD session, it may still route through a suspended BFD session.

Configure automatic suspension of BFD sessions using a CLI template

To configure automatic suspension of BFD sessions using a CLI template.

If you enable color all and a specific color , the specific color takes precedence over the color all parameter. For more information on BFD colors, see bfd color.

For more information about using CLI templates, see CLI Add-On Feature Templates and CLI Templates.

Procedure

1.

Enable BFD automatic suspension with or without last resort.

Before enabling last resort for the BFD automatic suspension feature, you must enable the last-resort circuit on a tunnel interface.

For more information on last resort, see last-resort-circuit.

auto-suspend
    enable-lr
auto-suspend
    no enable-lr
2.

Configure the flap parameters.

When you use SLA-based BFD automatic suspension, ensure the duration is greater than the BFD multiplier multiplied by the BFD poll interval. We recommend configuring the BFD automatic suspension duration to more than 30 minutes.

duration sec
    flapping-window sec
    flap-count flap-count
3.

(Optional) Configure SLA parameters.

Before configuring SLA thresholds, ensure to configure BFD session flapping parameters and duration.

thresholds
   color
    all
     jitter  jitter-value
     latency latency-value
     loss    loss-value
    !

Verify automatic suspension of BFD sessions

Use any of these commands to verify automatic suspension of BFD sessions.

To view the total suspend count and check how many times the BFD session has been suspended, use the show sdwan bfd sessions suspend command.

The following columns are added for analyzing BFD session suspension metrics: RE-SUSPEND COUNT, SUSPEND TIME LEFT, TOTAL COUNT, and SUSPEND DURATION.

Device# show sdwan bfd sessions suspend
                          SOURCE TLOC   REMOTE TLOC                    DST PUBLIC       DST PUBLIC         RE-SUSPEND  SUSPEND       TOTAL     SUSPEND
SYSTEM IP        STATE    COLOR         COLOR           SOURCE IP      IP               PORT        ENCAP  COUNT       TIME LEFT     COUNT     DURATION
---------------------------------------------------------------------------------------------------------------------------------------------------------
172.16.255.14    up       lte           lte             10.1.15.15     10.1.14.14       12426       ipsec   0          0:00:19:52    18        0:00:00:07

To check whether a suspended flag has been added to a BFD session and to view other BFD session metrics, use the show sdwan bfd sessions alt command.

The following columns are added for BFD suspension:

  • BFD-LD (Local Discriminator) is a unique identifier for all BFD sessions. Its value must be non-zero and is used internally by Cisco TAC for troubleshooting.

  • The FLAGS column includes the ‘Sus’ flag, which indicates that a BFD session is suspended.”

Device# show sdwan bfd sessions alt
*Sus = Suspend
*NA  = Flag Not Set
                                       SOURCE TLOC    REMOTE TLOC                  DST PUBLIC      DST PUBLIC
SYSTEM IP        SITE ID   STATE       COLOR          COLOR          SOURCE IP     IP              PORT        ENCAP  BFD-LD    FLAGS    UPTIME
-----------------------------------------------------------------------------------------------------------------------------------------------------
172.16.255.14    400       up          3g              lte           10.0.20.15    10.1.14.14      12426       ipsec  20004     NA       0:19:30:40
172.16.255.14    400       up          lte             lte           10.1.15.15    10.1.14.14      12426       ipsec  20003     Sus      0:00:02:46
172.16.255.16    600       up          3g              lte           10.0.20.15    10.0.106.1      12366       ipsec  20002     NA       0:19:30:40
172.16.255.16    600       up          lte             lte           10.1.15.15    10.0.106.1      12366       ipsec  20001     NA       0:19:20:14

To view the BFD sessions where the ‘Sus’ flag is added, use the show sdwan bfd history command. 

Device# show sdwan bfd history
                                                   DST PUBLIC       DST PUBLIC                                RX      TX
SYSTEM IP        SITE ID     COLOR     STATE       IP               PORT        ENCAP  TIME                   PKTS    PKTS    DEL   FLAGS
------------------------------------------------------------------------------------------------------------------------------------------
172.16.255.16    600         lte       up          10.0.106.1       12366       ipsec  06/03/22 02:51:06      0       0       0     [ ]
172.16.255.16    600         lte       up          10.0.106.1       12366       ipsec  06/03/22 02:52:04      153     154     0     [Sus]
172.16.255.16    600         lte       down        10.0.106.1       12366       ipsec  06/03/22 03:00:50      1085    1085    0     [Sus]

To view a summary of BFD sessions, including sessions that are up, down, have flapped, or have been suspended use the show sdwan bfd summary command.

The following fields are added for BFD session suspension: sessions-flap, sessions-up-suspended, and sessions-down-suspended.

Device# show sdwan bfd summary
sessions-total           4
sessions-up              4
sessions-max             4
sessions-flap            4
poll-interval            60000
sessions-up-suspended    1
sessions-down-suspended  0