BFD to Juniper SRX

Tom Harbert tomh at campaignmonitor.com
Thu Nov 27 07:09:47 CET 2014 

Hello,

I am running BIRD 1.4.0 on an Ubuntu linux machine which peers BGP
successfully with a Juniper SRX firewall.  I am having difficulties getting
BFD past the Init state.  See below for both BIRD and SRX config and logs.

It appears as though the firewall is not receiving the BFD messages.  I
have confirmed that there are no access control restrictions for BFD
hitting the SRX (host-inbound-traffic as well as loopback filter).

I have already adjusted the Linux source port selection with:

sysctl -w net.ipv4.ip_local_port_range="49152 65535"

I am sure its something basic, troubleshooting suggestions appreciated.

Thanks,
Tom.



// bird.conf

protocol bfd {
    interface "172.30.6.8/32" {
        interval 1000 ms;
        multiplier 3;
    };
}

protocol bgp iBGP_1 {
    ....
    neighbor 172.30.6.1 as z;
    source address 172.30.6.8;
    ....
    bfd;
    ....
}



// bird host

$ sudo ip addr show eth0 | grep inet
    inet 172.30.6.8/24 brd 172.30.6.255 scope global eth0


$ sudo birdc show bfd session
BIRD 1.4.0 ready.
bfd1:
IP address                Interface  State      Since       Interval
 Timeout
172.30.6.1                      ---        Init       05:27:46      1.000
 3.000


$ sudo tcpdump -i eth0 udp port 3784
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
05:47:35.873663 IP srx-host.49152 > bird-host.3784: BFDv1, Control, State
Down, Flags: [none], length: 24
05:47:36.642025 IP srx-host.49152 > bird-host.3784: BFDv1, Control, State
Down, Flags: [none], length: 24
05:47:37.521546 IP srx-host.49152 > bird-host.3784: BFDv1, Control, State
Down, Flags: [none], length: 24
05:47:38.349886 IP srx-host.49152 > bird-host.3784: BFDv1, Control, State
Down, Flags: [none], length: 24

05:53:19.824960 IP (tos 0xc0, ttl 255, id 16504, offset 0, flags [none],
proto UDP (17), length 52)
    srx-host.49152 > bird-host.3784: BFDv1, length: 24
Control, State Down, Flags: [none], Diagnostic: No Diagnostic (0x00)
Detection Timer Multiplier: 3 (3000 ms Detection time), BFD Length: 24
My Discriminator: 0x0000000f, Your Discriminator: 0x00000000
  Desired min Tx Interval:    1000 ms
  Required min Rx Interval:   1000 ms
  Required min Echo Interval:    0 ms


$ sudo tail -f /var/log/bird.log | grep bfd
2014-11-27 05:27:42 <TRACE> bfd1: Sending CTL to 172.30.6.1 [Down]
2014-11-27 05:27:43 <TRACE> bfd1: Sending CTL to 172.30.6.1 [Down]
2014-11-27 05:27:43 <TRACE> bfd1: CTL received from 172.30.6.1 [AdminDown]
2014-11-27 05:27:43 <TRACE> bfd1: Sending CTL to 172.30.6.1 [Down]
2014-11-27 05:27:43 <TRACE> bfd1: CTL received from 172.30.6.1 [AdminDown]
2014-11-27 05:27:43 <TRACE> bfd1: Sending CTL to 172.30.6.1 [Down]
2014-11-27 05:27:43 <TRACE> bfd1: CTL received from 172.30.6.1 [AdminDown]
2014-11-27 05:27:43 <TRACE> bfd1: Sending CTL to 172.30.6.1 [Down]
2014-11-27 05:27:43 <TRACE> bfd1: CTL received from 172.30.6.1 [AdminDown]
2014-11-27 05:27:46 <TRACE> bfd1: CTL received from 172.30.6.1 [Down]
2014-11-27 05:27:46 <TRACE> bfd1: Session to 172.30.6.1 changed state from
Down to Init
2014-11-27 05:27:46 <TRACE> bfd1: Sending CTL to 172.30.6.1 [Init]
2014-11-27 05:27:46 <TRACE> bfd1: CTL received from 172.30.6.1 [Down]
2014-11-27 05:27:46 <TRACE> bfd1: Sending CTL to 172.30.6.1 [Init]
2014-11-27 05:27:46 <TRACE> bfd1: Sending CTL to 172.30.6.1 [Init]
2014-11-27 05:27:46 <TRACE> bfd1: CTL received from 172.30.6.1 [Down]




// juniper firewall

set protocols bgp group X bfd-liveness-detection minimum-interval 1000
set security zones security-zone X interfaces reth2.106
host-inbound-traffic protocols bfd

> show bfd session
                                                  Detect   Transmit
Address                  State     Interface      Time     Interval
 Multiplier
172.30.6.8               Down      reth2.106      0.000     1.000        3
172.30.6.9               Down      reth2.106      0.000     1.000        3

2 sessions, 2 clients
Cumulative transmit rate 2.0 pps, cumulative receive rate 0.0 pps


// traceoptions

Nov 27 16:25:23.540758 Initiated BFD session to peer 172.30.6.8 (Internal
AS 65000): address=172.30.6.8 ifindex=151 ifname=reth2.106 txivl=1000
rxivl=1000 mult=3 ver=255
Nov 27 16:25:27.562265 Initiated BFD session to peer 172.30.6.9 (Internal
AS 65000): address=172.30.6.9 ifindex=151 ifname=reth2.106 txivl=1000
rxivl=1000 mult=3 ver=255
Nov 27 16:26:59.795599 Terminated BFD session to peer 172.30.6.8 (Internal
AS 65000) (Closing)
Nov 27 16:26:59.798422 Terminated BFD session to peer 172.30.6.9 (Internal
AS 65000) (Closing)
Nov 27 16:27:31.810248 Initiated BFD session to peer 172.30.6.8 (Internal
AS 65000): address=172.30.6.8 ifindex=151 ifname=reth2.106 txivl=1000
rxivl=1000 mult=3 ver=255
Nov 27 16:27:35.811656 Initiated BFD session to peer 172.30.6.9 (Internal
AS 65000): address=172.30.6.9 ifindex=151 ifname=reth2.106 txivl=1000
rxivl=1000 mult=3 ver=255
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20141127/138a74f6/attachment.html>

More information about the Bird-users mailing list