top of page
Search

BFD (Bidirectional Forwarding Detection) in ACI

  • Writer: Mukesh Chanderia
    Mukesh Chanderia
  • Jan 1
  • 3 min read

Updated: Mar 17

What is BFD?

  • Bidirectional Forwarding Detection (BFD) is a network protocol that swiftly identifies failures in the forwarding path between two devices, such as routers or switches.

  • It enables rapid detection of faults, often within milliseconds (sub-second), enhancing network reliability by reducing downtime.


When to Use BFD:

  1. Indirect Connections:

    • In scenarios where routers are connected through a Layer 2 device or cloud and cannot directly detect each other’s failures, BFD offers quick failure detection, bypassing the longer timeouts of traditional protocols.​

  2. Unreliable Media:

    • For connections over media lacking reliable failure detection mechanisms, like shared Ethernet, BFD provides swift detection, ensuring timely responses to issues.​

  3. Multiple Protocols:

    • When multiple protocols operate between two routers, each with its own failure detection timers, BFD standardizes detection times, leading to consistent and predictable network behavior.​


BFD in Cisco ACI:


  • Monitoring Spine-to-Leaf Connections:

    • BFD rapidly identifies failures in critical ACI fabric links between spine and leaf switches, maintaining network stability.​

  • Enhancing Routing Protocols:

    • By integrating with protocols like OSPF, BGP, and static routes, BFD accelerates network convergence during failures, minimizing downtime.​

  • Ensuring Application Availability:

    • BFD helps prevent application downtime by enabling swift rerouting of traffic in response to network issues.​


Configuration Steps for Fabric BFD


  1. Enable Global BFD:

    • Navigate to: Fabric > Fabric Policies > Policies > Interface > L3 Interface > default.​

    • Enable the BFD ISIS Policy configuration.​

    • Verify neighbors using the command:​


      Spine/Leaf# show bfd neighbors vrf overlay-1


  2. Modify Global BFD Timer:

    • Navigate to: Fabric > Access Policies > Policies > Switch > BFD > BFD IPv4.​

    • Create or edit a BFD policy with desired timers.​

    • Check neighbor details using:​


      Spine/Leaf# show bfd ipv4 neighbors details


    Enable Interface-level BFD:


    • Important: Disable the global BFD setting first.​

    • Create a new L3 Interface Policy (e.g., "NP") and enable the BFD ISIS Policy configuration within it.​


    • Assign this new L3 Interface Policy to the appropriate Policy Groups:​

      • Leaf Interface Policy Group: Create a new policy group (e.g., "LNPG") and attach the "NP" L3 interface policy.

      • Spine Interface Policy Group: Create a new policy group (e.g., "SNPG") and attach the "NP" L3 interface policy.


    • Associate these Policy Groups with the correct Interface Profiles:​

      • Leaf Interface Profile: Create a new profile and attach the "LNPG" policy group.

      • Spine Interface Profile: Create a new profile and attach the "SNPG" policy group.

    • Ensure that the relevant switch profiles utilize "LNPG" and "SNPG" to activate Fabric BFD on those interfaces.​


Guidelines and Limitations:


  • Supported Features:

    • Starting from APIC Release 3.1(1), BFD supports IS-IS on fabric interfaces between leaf and spine switches. Additionally, BFD is supported on spine switches for OSPF and static routes.​

    • BFD is compatible with modular spine switches equipped with -EX and -FX line cards (or newer versions), as well as the Nexus 9364C non-modular spine switch (or newer versions).​

    • From APIC Release 5.0(1), BFD multihop is supported on leaf switches, and ACI supports C-bit-aware BFD, determining whether BFD is dependent or independent of the control plane.​


  • Limitations:


    • BFD between vPC peers is not supported.​

    • BFD over iBGP is not supported for loopback address peers.​

    • BFD on Layer 3 Outs (L3Out) is supported only on routed interfaces, subinterfaces, and SVIs; it is not supported on loopback interfaces.​

    • BFD for BGP prefix peers (dynamic neighbors) is not supported.​

    • Enabling BFD subinterface optimization on one subinterface activates it for all subinterfaces on the same physical interface.


Enabling BFD on L3Out:


  • To enable BFD on an L3Out:​

    • Check the BFD option within the Logical Interface Profile under the respective routing protocol (BGP, OSPF, or EIGRP).​

    • By default, BFD parameters are derived from the global default BFD policy located at: Fabric > Access Policies > Policies > Switch > BFD > BFD IPv4/v6 > default.​

    • For custom BFD settings, create a non-default BFD policy and apply it to specific switches via the Switch Policy Group and Switch Profile under Fabric > Access Policies > Switches.​

    • To override switch-level global BFD parameters at the interface level, create a BFD Interface Profile under the Logical Interface Profile. This interface-level BFD policy is located under: Tenant > Policies > Protocol > BFD.

Recent Posts

See All
MultiCast In ACI

Let's understand how multicast actually works inside a Cisco ACI fabric. It starts with a quick primer on general multicast terms, then...

 
 
 
Quality of Service (QoS) in Cisco ACI

Configuring Quality of Service (QoS)  in Cisco ACI (Application Centric Infrastructure)  involves creating and applying QoS policies that...

 
 
 

Commentaires

Follow me

© 2021 by Mukesh Chanderia
 

Call

T: 8505812333  

Contact

info@mukeshchanderia.com

  • Twitter
  • LinkedIn
  • Facebook Clean
©Mukesh Chanderia
bottom of page