Create BFD Profiles
Focus
Focus

Create BFD Profiles

Table of Contents

Create BFD Profiles

Create a BFD profile to apply to static routes or a routing protocol on the Advanced Routing Engine.
On an Advanced Routing Engine, you can use Bidirectional Forwarding Detection (BFD) profiles to easily apply BFD settings to a static route or routing protocol. You can use the default profile (which is read-only) or create new BFD profiles.
Perform the following before creating a BFD profile:
  • Configure one or more static routes if you are applying BFD to a static route.
  • Configure a routing protocol (
    BGP
    ,
    OSPF
    ,
    OSPFv3
    , or
    RIPv2
    ) if you are applying BFD to a routing protocol. For example, you can apply a BFD profile when configuring general BGP settings.
The effectiveness of your BFD implementation depends on various factors, such as traffic loads, network conditions, how aggressive your BFD settings are, and how busy the dataplane is.
  1. Select
    Network
    Routing
    Routing Profiles
    BFD
    .
  2. Add
    a BFD profile by
    Name
    (maximum of 63 characters). The name is case-sensitive and must be unique on the firewall. Use only letters, numbers, hyphens, and underscores. No dot (.) or space is allowed.
  3. Select the
    Mode
    in which BFD operates:
    • Active
      —BFD initiates sending control packets to peer (default). At least one of the BFD peers must be Active; both can be Active.
    • Passive
      —BFD waits for peer to send control packets and responds as required.
  4. Enter the
    Desired Minimum Tx Interval (ms)
    , the minimum interval, in milliseconds, at which you want the BFD protocol to send BFD control packets; you are thus negotiating the transmit interval with the peer. Range for PA-7000 Series, PA-5200 Series, and PA-5450 firewall is 50 to 10,000; range for PA-3200 Series is 100 to 10,000; range for VM-Series is 200 to 10,000. Default is 1,000.
    If you have multiple routing protocols that use different BFD profiles on the same interface, configure the BFD profiles with the same
    Desired Minimum Tx Interval
    .
    On a PA-7000 Series firewall, set the Desired Minimum Tx Interval to 100 or greater; a value less than 100 is at risk of causing BFD flaps.
  5. Enter the
    Required Minimum Rx Interval (ms)
    . This is the minimum interval, in milliseconds, at which BFD can receive BFD control packets. Range for PA-7000 Series, PA-5200 Series, and PA-5450 firewall is 50 to 10,000; range for PA-3200 Series is 100 to 10,000; range for VM-Series is 200 to 10,000. Default is 1,000.
    On a PA-7000 Series firewall, set the Desired Minimum Rx Interval to 100 or greater; a value less than 100 is at risk of causing BFD flaps.
  6. Enter the
    Detection Time Multiplier
    . Range is 2 to 255, default is 3.
    The local system calculates the detection time as the
    Detection Time Multiplier
    received from the remote system multiplied by the agreed transmit interval of the remote system (the greater of the
    Required Minimum Rx Interval
    and the last received
    Desired Minimum Tx Interval
    ). If BFD does not receive a BFD control packet from its peer before the detection time expires, a failure has occurred.
    When creating a BFD profile, take into consideration that the firewall is a session-based device typically at the edge of a network or data center and may have slower links than a dedicated router. Therefore, the firewall likely needs a longer interval and a higher multiplier than the fastest settings allowed. A detection time that is too short can cause false failure detections when the issue is really just traffic congestion.
  7. Enter the
    Hold Time (ms)
    , the delay, in milliseconds, after a link comes up before BFD transmits BFD control packets.
    Hold Time
    applies to BFD
    Active
    mode only. If BFD receives BFD control packets during the Hold Time, it ignores them. Range is 0 to 120,000; default is 0, which means no transmit
    Hold Time
    is used; BFD sends and receives BFD control packets immediately after the link is established.
  8. Enter the
    Minimum Rx TTL
    , the minimum Time-to-Live (number of hops) BFD will accept (receive) in a BFD control packet when BGP supports multihop BFD. Range is 1 to 254; there is no default.
    The firewall drops the packet if it receives a smaller TTL than its configured
    Minimum Rx TTL
    . For example, if the peer is 5 hops away and the peer transmits a BFD packet with a TTL of 100 to the firewall, and if the
    Minimum Rx TTL
    for the firewall is set to 96 or higher, the firewall drops the packet.
  9. Click
    OK
    .

Recommended For You