How do I enable BFD for my Direct Connect connection?

Last updated: 2022-02-01

I want to enable Bidirectional Forwarding Detection (BFD) for my AWS Direct Connect connection. How can I do this?

Short description

BFD is a detection protocol that provides fast forwarding path failure detection times. These fast failure detection times facilitate faster routing reconvergence times.

It's a best practice to enable BFD for fast failure detection and failover when connecting to AWS services over Direct Connect connections or VPNs. Enabling BFD for your Direct Connect connection allows the Border Gateway Protocol (BGP) neighbor relationship to be quickly torn down. Otherwise, by default, BGP waits for three keep-alives to fail at a hold-down time of 90 seconds.

Asynchronous BFD is automatically enabled for Direct Connect virtual interfaces on the AWS side. However, you must configure your router to enable asynchronous BFD for your connection.

Resolution

Before you begin, check your vendor documentation for specific commands and instructions for configuring your network device. Then, use the following examples for Cisco, Juniper, and Fortigate routers to configure BFD on your router.

Note: The default AWS BFD liveness detection minimum interval is 300 ms. The default BFD liveness detection multiplier is three.

Cisco router example configuration

The following is an example BFD configuration for a Cisco router. For more information, see BGP support for BFD on the Cisco website.

1.    Enter the following in your router's configuration terminal. Be sure to replace the placeholders with your own values for the interface name, virtual LAN (VLAN) number, Autonomous System Number (ASN), and Direct Connect peer IP address.

no ip redirect
bfd slow-timers 10000 
interface <YOUR_INTERFACE_NAME>.<YOUR_VLAN_NUMBER>
bfd interval 300 min_rx 300 multiplier 3
router bgp <ASN>
neighbor <Direct Connect Peer IP> fall-over bfd

Example configuration:

no ip redirect
bfd slow-timers 10000 
interface GigabitEthernet1/0.259
description "Direct Connect to your Amazon VPC or AWS Cloud"
    encapsulation dot1Q 259
    ip address 169.254.254.2 255.255.255.252
        bfd interval 300 min_rx 300 multiplier 3
        router bgp 65000
neighbor 169.254.254.1 fall-over bfd

2.    Check if BFD is enabled.

show bfd neighbors detail

Confirm that the output resembles the following:

MinTxInt: 300, MinRxInt: 300, Multiplier: 3Local Diag: 0, Demand mode: 0, Poll bit: 0
172.16.10.2   172.16.10.1    8/1  1   90 (3)         Up      Gi1/0.259
OurAddr       NeighAddr     LD/RD RH  Holdown(mult)  State   Int

Juniper router configuration

The following example BFD configuration is for a Juniper router (JUNOS release 8.3+). For more information, see Understanding BFD for BGP on the Juniper website.

You can enable BFD in JUNOS using one of the two methods. The first method is to enable BFD using the following series of commands. Be sure to replace the placeholders with your own values for the group name, neighbor, and address.

cli
edit protocols bgp group ebgp
edit protocols bgp group GROUP-NAME NEIGHBOR ADDRESS
set bfd-liveness-detection minimum-interval 300 multiplier 3
exit
exit
commit check
commit confirm

The second method is to enable BFD at the group level:

1.    Enable BFD at the group level. Be sure to replace the group name placeholder with your own value.

set protocol bgp group GROUP-NAME bfd-liveness-detection minimum-interval 300 multiplier 3

2.    Verify that BFD is enabled:

show bfd session extensive

Confirm that the output resembles the following:

Address                  State     Interface      Time     Interval  Multiplier
192.163.6.4              Up                       3.000     1.000        3  
Client BGP, TX interval 0.300, RX interval 0.300
Session up time 00:54:40
Local diagnostic None, remote diagnostic None
Remote state Up, version 1
Logical system 12, routing table index 25
Min async interval 1.000, min slow interval 1.000
Adaptive async TX interval 0.300, RX interval 0.300
Local min TX interval 0.300, minimum RX interval 0.300, multiplier 3
Remote min TX interval 0.300, min RX interval 0.300, multiplier 3
Local discriminator 10, remote discriminator 9
Echo mode disabled/inactive
Multi-hop route table 25, local-address 192.168.6.5

Fortigate example configuration

The following example BFD configuration is for a Fortigate firewall. For more information, see Configuring BFD on the Fortinet website.

1.    Enter the following in your router's configuration terminal. Be sure to replace the placeholders with your own values for the interface name, virtual LAN (VLAN) number, Autonomous System Number (ASN), and Direct Connect peer IP address.

config router bgp
    config neighbor
               edit <ip> 
                   set bfd enable
               next
           end

config system interface
     edit <specified_name>
     set bfd enable
     set bfd-desired-min-tx 300
     next
end

Example configuration:

config system interface
    edit "vlan10"
        set vdom "root"
        set bfd enable
        set bfd-desired-min-tx 300
        set device-identification enable
        set role lan
        set snmp-index 7
        set interface "port1"
        set vlanid 10
    next
end

config router bgp
    set as 65500
    config neighbor
        edit "1.1.1.1"
            set bfd enable
            set remote-as 555
            set password ENC Jq0z2FuLgwxwbiE2WqkjPzeb/ZPMDNexl8DcJ7AsbfFYzlZcsL7mDrbDvLyFgG8nQiUUaDVRWby5slSV75zpiMbaiqeMmJvUzbN2Y6pKDKvr2ed/mzlVa4pdw1oAq3NgJ3ftmLiQTDJgWY+fN8adofsybqtqtWDF1URypTynjNsgiCHqRd3SStafnl076X6+/0OQgQ==
        next
    end

2.    Check if BFD is enabled:

TestFGT_5 # get router info bfd neighbor
OurAddr         NeighAddr       LD/RD   State   Int
1.1.1.2   1.1.1.1   4/1     UP      vlan10

TestFGT_5 #get router info bfd neighbor detail
OurAddress      NeighAddress    State       Interface       LDesc/RDesc
1.1.1.2         1.1.1.1         UP          vlan10          2/1
Local Diag: 1, Demand mode: no, Poll bit: unset
MinTxInt: 300, MinRxInt: 300, Multiplier: 3
Received: MinRxInt: 250 (ms), MinTxInt: 250 (ms),Multiplier: 3
Transmit Interval: 250 (ms), Detection Time: 750 (ms)
Rx Count: 4532, Rx Interval (ms) min/max/avg 0/5000/190 last 1000000380 (ms) ago
Tx Count: 448861, Tx Interval (ms) min/max/avg 0/5010/247  last: 250 (ms) ago