Configure BFD for Cloud Router

With Bidirectional Forwarding Detection (BFD) for Cloud Router, you can quickly detect forwarding path outages such as BGP up or down events, allowing for more resilient hybrid networks.

You can configure BFD in BGP sessions for VLAN attachments. BFD is not supported in BGP sessions that are configured for HA VPN tunnels or for Router appliance, which is part of Network Connectivity Center.

To learn more about BFD, see the Bidirectional Forwarding Detection (BFD) for Cloud Router overview, which includes full descriptions of BFD settings and timers.

Before you begin

gcloud

If you want to use the command-line examples in this guide, do the following:

  1. Install or update to the latest version of the Google Cloud CLI.
  2. Set a default region and zone.

API

If you want to use the API examples in this guide, set up API access.

Add a Cloud Router to Cloud Interconnect

Before you can configure BFD, you must set up one of the following connectivity choices, which includes adding a Cloud Router with a BGP session:

Configure BFD on an existing BGP session

You can configure BFD on a BGP session that was previously set up for a VLAN attachment.

To configure BFD settings on an existing BGP session, follow these steps.

Console

  1. In the Google Cloud console, go to the Cloud Routers page.

    Go to Cloud Routers

  2. Select the Cloud Router to update.

  3. On the Router details page, in the BGP sessions section, select the BGP session to update.

  4. On the BGP session details page, click Edit.

  5. Complete any non-BFD settings.

  6. Under Bidirectional Forwarding Detection, configure BFD options as documented in BFD settings and timers.

    Required: To enable BFD, set BFD session initialization mode to active.

gcloud

Run the update-bgp-peer command:

gcloud compute routers update-bgp-peer ROUTER_NAME \
    --project=PROJECT_ID \
    --peer-name=PEER_NAME \
    --interface=INTERFACE \
    --ip-address=IP_ADDRESS \
    --peer-asn=PEER_ASN \
    --peer-ip-address=PEER_IP_ADDRESS \
    --region=REGION \
    --bfd-session-initialization-mode=BFD_SESSION_INITIALIZATION_MODE  \
    --bfd-min-receive-interval=BFD_MIN_RECEIVE_INTERVAL \
    --bfd-min-transmit-interval=BFD_MIN_TRANSMIT_INTERVAL \
    --bfd-multiplier=BFD_MULTIPLIER

Replace the following:

  • ROUTER_NAME: the name of your Cloud Router
  • PROJECT_ID: the project that contains your Cloud Router
  • PEER_NAME: the name of your BGP peer
  • INTERFACE: the name of the interface for this BGP peer
  • IP_ADDRESS: the IP address for your Cloud Router
  • PEER_ASN: the BGP autonomous system number (ASN) for this BGP peer
  • PEER_IP_ADDRESS: the link-local address of the peer router belonging to the range 169.254.0.0/16
  • REGION: the region where the Cloud Router is located
  • Configure BFD options as documented in BFD settings and timers.

    Required: To enable BFD, set BFD_SESSION_INITIALIZATION_MODE to active.

API

Use the routers.patch method to update the bgpPeers[].bfd field.

The bgpPeers[] field accepts an array of BGP peers. When you PATCH this field, you overwrite the existing array of BGP peers with the new array included in your request.

  1. Send a GET request to get the current array of BGP peers for the router. For details, see View BGP session configuration.

  2. Send a PATCH request with a new array of BGP peers. In the array element that contains the BGP session whose BFD settings you want to update, modify the bgpPeers[].bfd field:

       PATCH https://compute.googleapis.com/compute/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME
       {
         "bgpPeers": [
           BGP_PEERS
         ]
       }
    

    Replace the following:

    • PROJECT_ID: the project that contains the Cloud Router
    • REGION: the region where the Cloud Router is located
    • ROUTER_NAME: the name of the Cloud Router
    • BGP_PEERS: the contents of the new array of BGP peers

    The following example includes two BGP peers and sets the values in the bgpPeers[].bfd field. For more information about these options, see BFD settings and timers.

    Required: To enable BFD, set sessionInitializationMode to ACTIVE.

        {
          "name": "peer-1",
          "interfaceName": "if-peer-1",
          "ipAddress": "169.254.10.1",
          "peerIpAddress": "169.254.10.2",
          "peerAsn": 64512,
          "advertisedRoutePriority": 100,
          "advertiseMode": "DEFAULT"
          "bfd": {
            "sessionInitializationMode": ACTIVE,
            "minTransmitInterval": 1000,
            "minReceiveInterval": 1000,
            "multiplier": 5
          }
        },
        {
          "name": "peer-2",
          "interfaceName": "if-peer-2",
          "ipAddress": "169.254.20.1",
          "peerIpAddress": "169.254.20.2",
          "peerAsn": 64513,
          "advertisedRoutePriority": 99,
          "advertiseMode": "DEFAULT"
          "bfd": {
            "sessionInitializationMode": ACTIVE,
            "minTransmitInterval": 1000,
            "minReceiveInterval": 1000,
            "multiplier": 5
          }
        }
    

Configure BFD on your peer router

To enable BFD on your peer router, configure the minimum transmit interval, the minimum receive interval, and the detection multiplier, as recommended by the vendor documentation for your router. Use commands specific to your device.

For BFD timer negotiation between BFD peers, the slower of the two peers determines the transmission rate. By configuring higher values, you can force these intervals to be longer, but not shorter.

Following is a sample BFD configuration for a Cisco router. For additional configuration examples, see Use third-party router configurations for BFD.

  int range <physical interface>
    bfd interval 1000 min_rx 1000 multiplier 5

  router bgp <ASN>
    neighbor 169.254.33.6 fall-over bfd
    neighbor 169.254.44.6 fall-over bfd

Verify BFD on your peer router

After configuring your peer router, verify if the session to the Cloud Router is up and running by viewing details about the BFD session.

  • The following sample command for a Cisco router shows the status of the BFD session:

    show bfd neighbors 169.254.44.6 details
    
  • The command output should look like the following example:

    IPv4 Sessions
    NeighAddr                    LD/RD           RH/RS     State     Int
    169.254.44.6                 4212/2045617738 Up        Up        Tu503
    Session state is UP and not using echo function.
    Session Host: Software
    OurAddr: 169.254.44.5
    Handle: 4
    Local Diag: 0, Demand mode: 0, Poll bit: 0
    MinTxInt: 1000, MinRxInt: 1000, Multiplier: 5
    Received MinRxInt: 1000, Received Multiplier: 5
    Holddown (hits): 244(1), Hello (hits): 100(30409)
    Rx Count: 4562, Rx Interval (ms) min/max/avg: 10/1140/870 last: 56 ms ago
    Tx Count: 4475, Tx Interval (ms) min/max/avg: 10/1040/890 last: 64 ms ago
    Elapsed time watermarks: 4 4 (last: 4)
    Registered protocols: CEF BGP
    Uptime: 00:06:39
    Last packet: Version: 1                  - Diagnostic: 0
                 State bit: Up               - Demand bit: 0
                 Poll bit: 0                 - Final bit: 0
                 C bit: 0
                 Multiplier: 5               - Length: 24
                 My Discr.: 2045617738       - Your Discr.: 4212
                 Min tx interval: 1000     - Min rx interval: 1000
                 Min Echo interval: 0
    
  • This sample output from a Cisco ASR peer router shows the diagnostic information that you can view on the peer side to determine the status of your BFD session:

    14:06:12.906921 IP (tos 0xc0, ttl 255, id 58754, offset 0, flags [none], proto UDP (17), length 52)
      169.254.44.5.49152 > 169.254.44.6.3784: [udp sum ok] BFDv1, length: 24
    Control, State Down, Flags: [none], Diagnostic: No Diagnostic (0x00)
    Detection Timer Multiplier: 5 (5000 ms Detection time), BFD Length: 24
    My Discriminator: 0x0000100b, Your Discriminator: 0x00000000
      Desired min Tx Interval:    1000 ms
      Required min Rx Interval:   1000 ms
      Required min Echo Interval:  100 ms
    

Verify BFD on the Cloud Router

Verify the BFD session on the Google Cloud side by using one of the following methods:

What's next