Command Reference, Cisco IOS XE Gibraltar 16.12.x (Catalyst 3650 Switches)

authentication (BFD)

To configure authentication in a Bidirectional Forwarding Detection (BFD) template for single hop sessions, use the authentication command in BFD configuration mode. To disable authentication in BFD template for single-hop sessions, use the no form of this command

authentication authentication-type keychain keychain-name

no authentication authentication-type keychain keychain-name

Syntax Description


`authentication-type`	Authentication type. Valid values are md5, meticulous-md5, meticulous-sha1, and sha-1.
keychain `keychain-name`	Configures an authentication key chain with the specified name. The maximum number of characters allowed in the name is 32.

Command Default

Authentication in BFD template for single hop sessions is not enabled.

Command Modes

BFD configuration (config-bfd)

Command History


Release	Modification
Cisco IOS XE Denali 16.3.1	This command was introduced.

Usage Guidelines

You can configure authentication in single hop templates. We recommend that you configure authentication to enhance security. Authentication must be configured on each BFD source-destination pair, and authentication parameters must match on both devices.

The following example shows how to configure authentication for the template1 BFD single-hop template:

Device> enable
Device# configuration terminal
Device(config)# bfd-template single-hop template1
Device(config-bfd)# authentication sha-1 keychain bfd-singlehop

bfd

To set the baseline Bidirectional Forwarding Detection (BFD) session parameters on an interface, use the bfd interface configuration mode. To remove the baseline BFD session parameters, use the no form of this command

bfd interval milliseconds min_rx milliseconds multiplier multiplier-value

no bfd interval milliseconds min_rx milliseconds multiplier multiplier-value

Syntax Description


interval `milliseconds`	Specifies the rate, in milliseconds, at which BFD control packets will be sent to BFD peers. The valid range for the milliseconds argument is from 50 to 9999.
min_rx `milliseconds`	Specifies the rate, in milliseconds, at which BFD control packets will be expected to be received from BFD peers. The valid range for the milliseconds argument is from 50 to 9999.
multiplier `multiplier-value`	Specifies the number of consecutive BFD control packets that must be missed from a BFD peer before BFD declares that the peer is unavailable and the Layer 3 BFD peer is informed of the failure. The valid range for the multiplier-valueargument is from 3 to 50.

Command Default

No baseline BFD session parameters are set.

Command Modes

Interface configuration (config-if)

Command History


Release	Modification
Cisco IOS XE Denali 16.3.1	This command was introduced.

Usage Guidelines

The bfd command can be configured on SVI, Ethernet and port-channel interfaces.

If BFD runs on a port channel interface, BFD has a timer value restriction of 250 * 3 milliseconds.

The bfd interval configuration is not removed when:

an IPv4 address is removed from an interface
an IPv6 address is removed from an interface
IPv6 is disabled from an interface
an interface is shutdown
IPv4 CEF is disabled globally or locally on an interface
IPv6 CEF is disabled globally or locally on an interface

The bfd interval configuration is removed when the subinterface on which its is configured is removed.

Note

If we configure bfd interval command in interface config mode, then bfd echo mode is enabled by default. We need to enable either no ip redirect (if BFD echo is needed) or no bfd echo in interface config mode.

Before using BFD echo mode, you must disable sending Internet Control Message Protocol (ICMP) redirect messages by entering the no ip redirect command, in order to avoid high CPU utilization.

The following example shows the BFD session parameters set for Gigabit Ethernet 1/0/3:

Device> enable
Device# configuration terminal
Device(config)# interface gigabitethernet 1/0/3
Device(config-if)# bfd interval 100 min_rx 100 multiplier 3

bfd all-interfaces

To enable Bidirectional Forwarding Detection (BFD) for all interfaces participating in the routing process, use the bfd all-interfaces command in router configuration or address family interface configuration mode. To disable BFD for all neighbors on a single interface, use the no form of this command

bfd all-interfaces

no bfd all-interfaces

Syntax Description

This command has no arguments or keywords.

Command Default

BFD is disabled on the interfaces participating in the routing process.

Command Modes

Router configuration (config-router)

Command History


Release	Modification
Cisco IOS XE Denali 16.3.1	This command was introduced.

Usage Guidelines

To enable BFD for all interfaces, enter the bfd all-interfaces command in router configuration mode

The following example shows how to enable BFD for all Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors:

Device> enable
Device# configuration terminal
Device(config)# router eigrp 123
Device(config-router)# bfd all-interfaces
Device(config-router)# end

The following example shows how to enable BFD for all Intermediate System-to-Intermediate System (IS-IS) neighbors:

Device> enable
Device# configuration terminal
Device(config)# router isis tag1
Device(config-router)# bfd all-interfaces
Device(config-router)# end

bfd check-ctrl-plane-failure

To enable Bidirectional Forwarding Detection (BFD) control plane failure checking for the Intermediate System-to-Intermediate System (IS-IS) routing protocol, use the bfd check-control-plane-failure command in router configuration mode. To disable control plane failure detection, use the no form of this command

bfd check-ctrl-plane-failure

no bfd check-ctrl-plane-failure

Syntax Description

This command has no arguments or keywords.

Command Default

BFD control plane failure checking is disabled.

Command Modes

Router configuration (config-router)

Command History


Release	Modification
Cisco IOS XE Denali 16.3.1	This command was introduced.

Usage Guidelines

The bfd check-ctrl-plane-failure command can be configured for an IS-IS routing process only. The command is not supported on other protocols.

When a switch restarts, a false BFD session failure can occur, where neighboring routers behave as if a true forwarding failure has occurred. However, if the bfd check-ctrl-plane-failure command is enabled on a switch, the router can ignore control plane related BFD session failures. We recommend that you add this command to the configuration of all neighboring routers just prior to a planned router restart, and that you remove the command from all neighboring routers when the restart is complete.

The following example enables BFD control plane failure checking for the IS-IS routing protocol:

Device> enable
Device# configuration terminal
Device(config)# router isis
Device(config-router)# bfd check-ctrl-plane-failure
Device(config-router)# end

bfd echo

To enable Bidirectional Forwarding Detection (BFD) echo mode, use the bfd echo command in interface configuration mode. To disable BFD echo mode, use the no form of this command

bfd echo

no bfd echo

Syntax Description

This command has no arguments or keywords.

Command Default

BFD echo mode is enabled by default if BFD is configured using bfd interval command in interface configuration mode.

Command Modes

Interface configuration (config-if)

Command History


Release	Modification
Cisco IOS XE Denali 16.3.1	This command was introduced.

Usage Guidelines

Echo mode is enabled by default. Entering the no bfd echo command without any keywords turns off the sending of echo packets and signifies that the switch is unwilling to forward echo packets received from BFD neighbor switches.

When echo mode is enabled, the desired minimum echo transmit interval and required minimum transmit interval values are taken from the bfd interval milliseconds min_rx milliseconds parameters, respectively.

Note

Before using BFD echo mode, you must disable sending Internet Control Message Protocol (ICMP) redirect messages by entering the no ip redirects command, in order to avoid high CPU utilization.

The following example configures echo mode between BFD neighbors:

Device> enable
Device# configuration terminal
Device(config)# interface GigabitEthernet 1/0/3
Device(config-if)# bfd echo

The following output from the show bfd neighbors details command shows that the BFD session neighbor is up and using BFD echo mode. The relevant command output is shown in bold in the output.

Device# show bfd neighbors details
OurAddr      NeighAddr   LD/RD  RH/RS  Holdown(mult) State Int
172.16.1.2   172.16.1.1  1/6    Up     0 (3 )        Up    Fa0/1
Session state is UP and using echo function with 100 ms interval.
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 1000000, MinRxInt: 1000000, Multiplier: 3
Received MinRxInt: 1000000, Received Multiplier: 3
Holdown (hits): 3000(0), Hello (hits): 1000(337)
Rx Count: 341, Rx Interval (ms) min/max/avg: 1/1008/882 last: 364 ms ago
Tx Count: 339, Tx Interval (ms) min/max/avg: 1/1016/886 last: 632 ms ago
Registered protocols: EIGRP
Uptime: 00:05:00
Last packet: Version: 1            - Diagnostic: 0
             State bit: Up         - Demand bit: 0
             Poll bit: 0           - Final bit: 0
             Multiplier: 3         - Length: 24
             My Discr.: 6          - Your Discr.: 1
             Min tx interval: 1000000   - Min rx interval: 1000000
             Min Echo interval: 50000

bfd slow-timers

To configure the Bidirectional Forwarding Detection (BFD) slow timers value, use the bfd slow-timers command in interface configuration mode. To change the slow timers used by BFD, use the no form of this command

bfd slow-timers [ milliseconds]

no bfd slow-timers

Command Default

The BFD slow timer value is 1000 milliseconds

Command Modes

Global configuration (config)

Command History


Release	Modification
Cisco IOS XE Denali 16.3.1	This command was introduced.

The following example shows how to configure the BFD slow timers value to 14,000 milliseconds:

Device(config)# bfd slow-timers 14000

The following output from the show bfd neighbors details command shows that the BFD slow timers value of 14,000 milliseconds has been implemented. The values for the MinTxInt and MinRxInt will correspond to the configured value for the BFD slow timers. The relevant command output is shown in bold.

Device# show bfd neighbors details
OurAddr      NeighAddr   LD/RD  RH/RS  Holdown(mult) State Int
172.16.1.2   172.16.1.1  1/6    Up     0 (3 )        Up    Fa0/1
Session state is UP and using echo function with 100 ms interval.
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 14000, MinRxInt: 14000, Multiplier: 3
Received MinRxInt: 1000000, Received Multiplier: 3
Holdown (hits): 3600(0), Hello (hits): 1200(337)
Rx Count: 341, Rx Interval (ms) min/max/avg: 1/1008/882 last: 364 ms ago
Tx Count: 339, Tx Interval (ms) min/max/avg: 1/1016/886 last: 632 ms ago
Registered protocols: EIGRP
Uptime: 00:05:00
Last packet: Version: 1            - Diagnostic: 0
             State bit: Up         - Demand bit: 0
             Poll bit: 0           - Final bit: 0
             Multiplier: 3         - Length: 24
             My Discr.: 6          - Your Discr.: 1
             Min tx interval: 1000000   - Min rx interval: 1000000
             Min Echo interval: 50000

Note

If the BFD session is down, then the BFD control packets will be sent with the slow timer interval.
If the BFD session is up, then if echo is enabled, then BFD control packets will be sent in negotiated slow timer interval and echo packets will be sent in negotiated configured BFD interval. If echo is not enabled, then BFD control packets will be sent in negotiated configured interval.

bfd template

To create a Bidirectional Forwarding Detection (BFD) template and to enter BFD configuration mode, use the bfd-template command in global configuration mode. To remove a BFD template, use the no form of this command

bfd template template-name

no bfd template template-name

Command Default

A BFD template is not bound to an interface.

Command Modes

Interface configuration (config-if)

Command History


Release	Modification
Cisco IOS XE Denali 16.3.1	This command was introduced.

Usage Guidelines

Even if you have not created the template by using the bfd-template command, you can configure the name of the template under an interface, but the template is considered invalid until you define the template. You do not have to reconfigure the template name again. It becomes valid automatically.

Device> enable
Device# configuration terminal
Device(config)# interface Gigabitethernet 1/3/0
Device(config-if)# bfd template template1

bfd-template single-hop

To bind a single hop Bidirectional Forwarding Detection (BFD) template to an interface, use the bfd template command in interface configuration mode. To unbind single-hop BFD template from an interface, use the no form of this command

bfd-template single-hop template-name

no bfd-template single-hop template-name

Syntax Description


single-hop	Creates the single-hop BFD template.
`template-name`	Template name.

Command Default

A BFD template does not exist.

Command Modes

Global configuration (config)

Command History


Release	Modification
Cisco IOS XE Denali 16.3.1	This command was introduced.

Usage Guidelines

The bfd-template command allows you to create a BFD template and places the device in BFD configuration mode. The template can be used to specify a set of BFD interval values. BFD interval values specified as part of the BFD template are not specific to a single interface.

The following example shows how to create a BFD template and specify BFD interval values:

Device> enable
Device# configuration terminal
Device(config)# bfd-template single-hop node1
Device(bfd-config)#interval min-tx 100 min-rx 100 multiplier 3
Device(bfd-config)#echo

The following example shows how to create a BFD single-hop template and configure BFD interval values and an authentication key chain:

Device> enable
Device# configuration terminal
Device(config)# bfd-template single-hop template1
Device(bfd-config)#interval min-tx 200 min-rx 200 multiplier 3
Device(bfd-config)#authentication keyed-sha-1 keychain bfd_singlehop

Note

BFD echo is not enabled by default in the bfd-template configuration. This needs to configured explicitly.

ip route static bfd

To specify static route bidirectional forwarding detection (BFD) neighbors, use the ip route static bfd command in global configuration mode. To remove a static route BFD neighbor, use theno form of this command

ip route static bfd{interface-type interface-number ip-address|vrf vrf-name} [ group group-name] [passive] [unassociate]

no ip route static bfd{interface-type interface-number ip-address|vrf vrf-name} [ group group-name] [passive] [unassociate]

Syntax Description


`interface-type interface-number`	Interface type and number.
`ip-address`	IP address of the gateway, in A.B.C.D format.
vrf `vrf-name`	Specifies Virtual Routing and Forwarding (VRF) instance and the destination vrf name.
group `group-name`	(Optional) Assigns a BFD group. The group-name is a character string of up to 32 characters specifying the BFD group name.
unassociate	(Optional) Unassociates the static route configured for a BFD.

Command Default

No static route BFD neighbors are specified.

Command Modes

Global configuration (config)

Command History


Release	Modification
Cisco IOS XE Denali 16.3.1	This command was introduced.

Usage Guidelines

Use the ip route static bfd command to specify static route BFD neighbors. All static routes that have the same interface and gateway specified in the configuration share the same BFD session for reachability notification.

All static routes that specify the same values for the interface-type, interface-number, and ip-address arguments will automatically use BFD to determine gateway reachability and take advantage of fast failure detection.

The group keyword assigns a BFD group. The static BFD configuration is added to the VPN routing and forwarding (VRF) instance with which the interface is associated. The passive keyword specifies the passive member of the group. Adding static BFD in a group without the passive keyword makes the BFD an active member of the group. A static route should be tracked by the active BFD configuration in order to trigger a BFD session for the group. To remove all the static BFD configurations (active and passive) of a specific group, use the no ip route static bfd command and specify the BFD group name.

The unassociate keyword specifies that a BFD neighbor is not associated with static route, and the BFD sessions are requested if an interface has been configured with BFD. This is useful in bringing up a BFDv4 session in the absence of an IPv4 static route. If the unassociate keyword is not provided, then the IPv4 static routes are associated with BFD sessions.

BFD requires that BFD sessions are initiated on both endpoint devices. Therefore, this command must be configured on each endpoint device.

The BFD static session on a switch virtual interface (SVI) is established only after the bfd interval milliseconds min_rx milliseconds multiplier multiplier-value command is disabled and enabled on that SVI.

To enable the static BFD sessions, perform the following steps:

Enable BFD timers on the SVI.

bfd interval milliseconds min_rx milliseconds multiplier multiplier-value
Enable BFD for the static IP route

ip route static bfd interface-type interface-number ip-address
Disable and enable the BFD timers on the SVI again.

no bfd interval milliseconds min_rx milliseconds multiplier multiplier-value

bfd interval milliseconds min_rx milliseconds multiplier multiplier-value

The following example shows how to configure BFD for all static routes through a specified neighbor, group, and active member of the group:

Device# configuration terminal
Device(config)# ip route static bfd GigabitEthernet 1/0/1 10.1.1.1 group group1

The following example shows how to configure BFD for all static routes through a specified neighbor, group, and passive member of the group:

Device# configuration terminal
Device(config)# ip route static bfd GigabitEthernet 1/0/1 10.2.2.2 group group1 passive

The following example shows how to configure BFD for all static routes in an unassociated mode without the group and passive keywords:

Device# configuration terminal
Device(config)# ip route static bfd GigabitEthernet 1/0/1 10.2.2.2 unassociate

ipv6 route static bfd

To specify static route Bidirectional Forwarding Detection for IPv6 (BFDv6) neighbors, use the ipv6 route static bfd command in global configuration mode. To remove a static route BFDv6 neighbor, use theno form of this command

ipv6 route static bfd [ vrf vrf-name] interface-type interface-number ipv6-address [unassociated]

no ipv6 route static bfd

Syntax Description


vrf `vrf-name`	(Optional) Name of the virtual routing and forwarding (VRF) instance by which static routes should be specified.
`interface-type interface-number`	Interface type and number.
`ipv6-address`	IPv6 address of the neighbor.
unassociated	(Optional) Moves a static BFD neighbor from associated mode to unassociated mode.

Command Default

No static route BFDv6 neighbors are specified.

Command Modes

Global configuration (config)

Command History


Release	Modification
Cisco IOS XE Denali 16.3.1	This command was introduced.

Usage Guidelines

Use the ipv6 route static bfd command to specify static route neighbors. All of the static routes that have the same interface and gateway specified in the configuration share the same BFDv6 session for reachability notification. BFDv6 requires that BFDv6 sessions are initiated on both endpoint routers. Therefore, this command must be configured on each endpoint router. An IPv6 static BFDv6 neighbor must be fully specified (with the interface and the neighbor address) and must be directly attached.

All static routes that specify the same values for vrf vrf-name, interface-type interface-number , and ipv6-address will automatically use BFDv6 to determine gateway reachability and take advantage of fast failure detection.

The following example creates a neighbor on Ethernet interface 0/0 with an address of 2001::1:

Device# configuration terminal
Device(config)# ipv6 route static bfd ethernet 0/0 2001::1

The following example converts the neighbor to unassociated mode:

Device# configuration terminal
Device(config)# ipv6 route static bfd ethernet 0/0 2001::1 unassociated

Bias-Free Language

Results

Chapter: Bidirectional Forwarding Detection

Bidirectional Forwarding Detection

authentication (BFD)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

bfd

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

bfd all-interfaces

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

bfd check-ctrl-plane-failure

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

bfd echo

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

bfd slow-timers

Command Default

Command Modes

Command History

bfd template

Command Default

Command Modes

Command History

Usage Guidelines

bfd-template single-hop

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

ip route static bfd

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

ipv6 route static bfd

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Was this Document Helpful?

Contact Cisco