Hi,

When testing in lab network for one of the customer environment reproduction, I Wanted to see what exactly BFD packet looked like to understand more about its behavior.

R1(9.9.12.1)—————–bfd(50ms, multipler 3)————-(9.9.12.2)R2

so to start with, I was working on a Juniper device block and here are the bfd session which are established. I have put it down simply to logical-systems but Idea is still the same.

I wanted first to monitor traffic, but no luck

1

At this point, we might start to be wondering why we don’t see BFD packets on the interface capture at all, the reason is simple, Juniper implements this much lower than the RE which is at line-card level, hence any capture on this would not work.

So, In order to capture the packets, I will go ahead and disable inline and delegation, these two are out of topic for this blog entry and lets keep it simple just by saying that disabling these two will help us in capturing packets at control plane level. Needless to say, dont do anything of this sort in production. we have to clear the session for these to take effect.

2

Lets now see if our interface can  capture BFD Packets and we see it , fantastic

3

Digging deep into the packet, I have done a packet-capture and have written it for a pcap. Also i have flapped the BFD session by writing a firewall filter and applying it to an interface

4

BFD, exchanges Hello, Discriminators for the session and also various timers, first let us see what are these in the command line then we will have seen in the packet capture, discriminators converted to hex, just keep this noted.

5

Let see the packet captures, control plane packet is destined for 3784 port, single-hop BFD and Discriminators are in HEX which are exchanged to keep the track of session.

6

Seeing, How the session down is advertised after firewall filter is applied

7

Bfd detected this by Session-state 0x1 Down  / Discriminator of neighbor set to 0x0 and from the message its clear that it detected that Control timer expired.

Bfd may  be a simple protocol but it can be very tough to troubleshoot for the same reason of being light weight ;), so next time if BFD goes down look out for these parameters and how they effect your session capture.

Regards

Rakesh M

 

 

 

 

Advertisements