I want to enable Bidirectional Forwarding Detection (BFD) for my AWS Direct Connect (DX) connection. 

BFD is a detection protocol to provide fast forwarding path failure detection times, which allows for a faster routing reconvergence time. BFD is a mechanism independent of media, routing protocols, or data. It's a best practice to enable BFD for fast link failure detection and failover when connecting to AWS services over DX connections and AWS VPNs. Enabling BFD for your DX connection allows the Border Gateway Protocol (BGP) neighbor relationship to be torn down quickly after notifications from BFD. Otherwise, by default, BGP waits for three keep-alive failures of 90 seconds.

Asynchronous BFD is automatically enabled for DX virtual interfaces on the AWS side. However, you must configure your router for asynchronous BFD to enable it for your connection.

Before you begin, be sure to check your vendor documentation for specific commands and instructions for configuring your network device. Then, use the following examples for Cisco and Juniper routers to configure BFD on your router.

Note: The AWS BFD liveness detection minimum interval is 300 ms and the multiplier is three.

Cisco router example configuration

The following example BFD configuration is for a Cisco router. Be sure to change this as necessary when configuring your own router.

1.    Enter the following in your router's configuration terminal. Be sure to enter your own values for the interface name, virtual LAN (VLAN) number, autonomous system number (ASN), and DX peer IP address.

no ip redirect
bfd slow-timers 10000 
interface <YOUR_INTERFACE_NAME>.<YOUR_VLAN_NUMBER>
bfd interval 300 min_rx 300 multiplier 3
router bgp <ASN>
neighbor <DX Peer IP> fall-over bfd

Example configuration: 

no ip redirect
bfd slow-timers 10000 
interface GigabitEthernet1/0.259
description "Direct Connect to your Amazon VPC or AWS Cloud"                        
    encapsulation dot1Q 259
    ip address 169.254.254.2 255.255.255.252
        bfd interval 300 min_rx 300 multiplier 3
        router bgp 65000
neighbor 169.254.254.1 fail-over bfd

2.    Check if BFD is enabled using:

show bfd neighbors detail

Verify that the output resembles the following: 

MinTxInt: 300, MinRxInt: 300, Multiplier: 3Local Diag: 0, Demand mode: 0, Poll bit: 0
172.16.10.2   172.16.10.1    8/1  1   90 (3)      Up              Gi1/0.259
OurAddr       NeighAddr     LD/RD RH  Holdown(mult)  State     Int

Juniper router configuration

The following example BFD configuration is for a Juniper router (JUNOS release 8.3+). Be sure to change this as necessary when configuring your own router. You can enable BFD in JUNOS using one of the following two methods.

The first method is to enable BFD using the following series of commands. Be sure to enter your own values for the group name, neighbor, and address.

cli
edit protocols bgp group ebgp
edit protocols bgp group GROUP-NAME NEIGHBOR ADDRESS
set bfd-liveness-detection minimum-interval 300 multiplier 3
exit
exit
commit check
commit confirm

The second method is to enable BFD at the group level.

1.    Enable BFD at the group level. Be sure to enter your own value for the group name:

set protocol bgp group GROUP-NAME bfd-liveness-detection minimum-interval 300 multiplier 3

2.    Verify that BFD is enabled:

show bfd session extensive

Be sure that the output resembles the following: 

Address                  State     Interface      Time     Interval  Multiplier
192.163.6.4              Up                       3.000     1.000        3  
 Client BGP, TX interval 0.300, RX interval 0.300
 Session up time 00:54:40
 Local diagnostic None, remote diagnostic None
 Remote state Up, version 1
 Logical system 12, routing table index 25
 Min async interval 1.000, min slow interval 1.000
 Adaptive async TX interval 0.300, RX interval 0.300
 Local min TX interval 0.300, minimum RX interval 0.300, multiplier 3
 Remote min TX interval 0.300, min RX interval 0.300, multiplier 3
 Local discriminator 10, remote discriminator 9
 Echo mode disabled/inactive
 Multi-hop route table 25, local-address 192.168.6.5

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-11-21

Updated: 2018-12-06