Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding Distributed BFD

Bidirectional Forwarding Detection (BFD) is a protocol to verify the liveliness of data path. The term distributed BFD refers to BFD that runs on the Packet Forwarding Engine. The terms nondistributed BFD and centralized BFD refer to BFD that runs on the Routing Engine.

Benefits

The benefits of distributed BFD are mainly in the scaling and performance areas. Distributed BFD:

  • Allows for the creation of a larger number of BFD sessions.

  • Runs BFD sessions with a shorter transfer/receive timer interval, which can in turn be used to bring down the overall detection time.

  • Separates the functionality of BFD from that of the Routing Engine. This means that a BFD session can stay up during graceful restart, even with an aggressive interval. The minimum interval for Routing Engine-based BFD sessions to survive graceful Routing Engine switchover is 2500 ms. This is improved to sub-second times with distribution.

  • Offloads the processing to the FPC CPU. This frees up the Routing Engine CPU, resulting in improved scaling and performance for Routing Engine-based applications.

Configuration

For both single-hop BFD and multihop BFD, the BFD session can be made to run on the Routing Engine (in nondistributed mode) by configuring set routing-options ppm no-delegate-processing and then running the clear bfd session command.

To determine if a BFD peer is running distributed BFD, run the show bfd sessions extensive command and look for Remote is control-plane independent in the command output.

For distributed BFD to work, you need to configure the lo0 interface with unit 0 and the appropriate family.

This is true for the following types of BFD sessions:

  • BFD over ae logical interfaces, both IPv4 and IPv6

  • Multihop BFD, both IPv4 and IPv6

  • BFD over VLAN interfaces in EX Series switches, both IPv4 and IPv6

  • Virtual Circuit Connectivity Verification (VCCV) BFD (Layer 2 circuit, Layer 3 VPN, and VPLS) (MPLS)

Note:

Starting in Junos OS Release 13.3, the distribution of adjacency entry (the IP addresses of adjacent routers) and transmit entry (the IP address of transmitting routers) for a BFD session is asymmetric. This is because an adjacency entry that requires rules might or might not be distributed based on the redirect rule, and the distribution of transmit entries is not dependent on the redirect rule.

The term redirect rule here denotes the capability of an interface to send protocol redirect messages. See Disabling the Transmission of Redirect Messages on an Interface.

In centralized BFD mode, the routing engine handles BFD. If the routing engine CPU goes too high, there is a chance that BFD will flap. Even in cases where routing engine CPU is normal, smaller values of minimum-interval can lead to BFD packets not being processed if other higher priority tasks are running. The minimum interval value should be selected based on proper testing.

For information about troubleshooting BFD, see Juniper Networks Knowledge Base article 26746.

Single-hop and Multihop BFD

Both single-hop BFD and multihop BFD can run in distributed mode.

  • Single-hop BFD—Single-hop BFD in Junos OS runs in distributed mode by default. The exceptions are OSPFv3 BFD and PIMv6 BFD, for which only nondistributed BFD is supported. Single-hop BFD control packets use UDP port 3784.

  • Multihop BFD—One desirable application of BFD is to detect connectivity to routing devices that span multiple network hops and follow unpredictable paths. This is known as a multihop session. Multihop BFD control packets use UDP port 4784.

Consider the following when using multihop BFD:

  • Prior to Junos OS Release 12.3, multihop BFD is nondistributed and runs on the Routing Engine. Starting in Junos OS Release 12.3, multihop BFD runs in distributed mode by default.
  • In a multichassis link aggregation group setup, Inter-Chassis Control Protocol (ICCP) uses BFD in multihop mode. Multihop BFD runs in centralized mode in this kind of setup prior to Junos OS Release 12.3 and continues to do so as of Junos OS Release 12.3 and later.

  • QFX5110, QFX5120, QFX5200, and QFX5210 switches support multihop BFD inline keep alive support which will enable sessions to be configured at less than 1 second. Performance may vary depending on the system load. 10 inline BFD sessions are supported and can be configured with a timer of 150 x 3 milliseconds.

  • Starting in Junos OS Release 13.3R5, if you apply a firewall filter on a loopback interface for a multihop BFD session with a delegated anchor FPC, Junos OS does not execute this filter, because there is an implicit filter on all ingress FPCs to forward packets to the anchor FPC. Therefore, the firewall filter on the loopback interface is not applied on these packets. If you do not want these packets to be forwarded to the anchor FPC, you can configure the no-delegate-processing option.

Support for BFD on SRX Devices

By default, SRX Series devices operate in centralized BFD mode. They also support distributed BFD, dedicated BFD, and real-time BFD. Table 1 shows the BFD modes supported on SRX Series devices.

Distributed BFD

  • Starting in Junos OS Release 20.3R1, the SRX5000 line of devices with SPC3 card support distributed BFD. This mode provides a faster BFD failure detection time of 3 x 100 ms.
  • Starting in Junos OS Release 21.1R1, we support distributed BFD on SRX1500, SRX4100, SRX4200, and SRX4600. This mode provides a faster BFD failure detection time of 3 x 300 ms. We support this feature for a standalone SRX Series device. It is not supported for chassis clusters.
  • Enable distributed mode on the SRX5000 line of devices with SPC3 and SRX1500, SRX4100, SRX4200, and SRX4600 devices by configuring the BFD failure detection time to a value less than 500 ms.
  • SRX1500 devices run in dedicated mode if you've configured set chassis dedicated-ukern-cpu, regardless of the BFD failure detection time. You can enable distributed mode on SRX1500 devices only when dedicated mode is not enabled.

Dedicated BFD

  • Starting with Junos OS Release 15.1X49-D100, dedicated BFD is supported on SRX340, SRX345, and SRX1500 devices.

  • Starting with Junos OS Release 15.1X49-D110, dedicated BFD is supported on SRX550M devices.

  • Starting with Junos OS Release 12.3X48-D60, dedicated BFD is supported on SRX240, SRX550, and SRX650 devices.

  • To enable dedicated BFD on SRX100, SRX110, SRX210, SRX220, SRX240, SRX300, SRX320, SRX340, SRX345, SRX550, SRX550M, SRX650, and SRX1500 devices, use the set chassis dedicated-ukern-cpu command.

  • Enabling dedicated BFD impacts traffic throughput as one CPU core is removed from data plane processing.

Real-time BFD

  • Starting with Junos OS Release 15.1X49-D100, real-time BFD is supported on SRX300 and SRX320 devices.

  • Starting with Junos OS Release 12.3X48-D60, real-time BFD is supported on SRX100, SRX110, SRX210, and SRX220 devices.

  • To enable real-time BFD on SRX100, SRX110, SRX210, SRX220, SRX240, SRX300, SRX320, SRX340, SRX345, SRX550, SRX550M, and SRX650 devices, use the set chassis realtime-ukern-thread command.

  • Enabling real-time BFD does not impact data plane performance. Higher priority is given to the pfe process handling BFD in distributed mode. This is suitable for scenarios where the number of BFD sessions are less.

Table 1: BFD Modes Supported on SRX Series Devices

SRX Series Device

Centralized BFD Mode

Distributed BFD

Real-Time BFD

Dedicated Core

SRX100

Default

Configuration

Configuration (Optional)

Not supported

SRX110

Default

Configuration

Configuration (Optional)

Not supported

SRX210

Default

Configuration

Configuration (Optional)

Not supported

SRX220

Default

Configuration

Configuration (Optional)

Not supported

SRX240

Default

Configuration

Configuration

Configuration (Optional)

SRX300

Default

Configuration

Configuration (Optional)

Not supported

SRX320

Default

Configuration

Configuration (Optional)

Not supported

SRX340

Default

Configuration

Configuration

Configuration (Optional)

SRX345

Default

Configuration

Configuration

Configuration (Optional)

SRX550

Default

Configuration

Configuration

Configuration (Optional)

SRX550M

Default

Configuration

Configuration

Configuration (Optional)

SRX650

Default

Configuration

Configuration

Configuration (Optional)

SRX1500

Default

Configuration

Not supported

Configuration (Optional)

SRX4100

Default

Not supported

Not supported

Not supported

SRX4200

Default

Not supported

Not supported

Not supported

SRX5400

Default

Not supported

Not supported

Not supported

SRX5600

Default

Not supported

Not supported

Not supported

SRX5800

Default

Not supported

Not supported

Not supported

SRX5000 line of devices with SPC3 card BFD failure detection time > 500 ms BFD failure detection time < 500 ms Not supported Not supported
SRX1500 BFD failure detection time > 500 ms and dedicated mode is not enabled BFD failure detection time < 500 ms and dedicated mode is not enabled Not supported Configuration
SRX4100 BFD failure detection time > 500 ms BFD failure detection time < 500 ms Not supported Not supported
SRX4200 BFD failure detection time > 500 ms BFD failure detection time < 500 ms Not supported Not supported
SRX4600 BFD failure detection time > 500 ms BFD failure detection time < 500 ms Not supported Not supported
Release History Table
Release
Description
21.1R1
Starting in Junos OS Release 21.1R1, distributed BFD is supported on SRX1500, SRX4100, SRX4200, and SRX4600.
20.3R1
Starting in Junos OS Release 20.3R1, the SRX5000 line of devices with SPC3 card support distributed BFD.
15.1X49-D100
Starting with Junos OS Release 15.1X49-D100, dedicated BFD is supported on SRX340, SRX345, and SRX1500 devices.
15.1X49-D100
Starting with Junos OS Release 15.1X49-D100, real-time BFD is supported on SRX300 and SRX320 devices.
13.3R5
Starting in Junos OS Release 13.3R5, if you apply a firewall filter on a loopback interface for a multihop BFD session with a delegated anchor FPC, Junos OS does not execute this filter, because there is an implicit filter on all ingress FPCs to forward packets to the anchor FPC.
13.3
Starting in Junos OS Release 13.3, the distribution of adjacency entry (the IP addresses of adjacent routers) and transmit entry (the IP address of transmitting routers) for a BFD session is asymmetric.