bird BFD is DOWN

Alexander Zubkov green at qrator.net
Sat Jun 8 10:52:18 CEST 2024 

Hi,

Could it be issue with a source port? It is described in the documentation,
btw:

https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3

On Sat, Jun 8, 2024, 03:51 Maria Matejka via Bird-users <
bird-users at network.cz> wrote:

> Hello!
>
> On first sight this looks like Fortinet ignoring the packets. Maybe (wild
> guess) you have a firewall rule in place dropping them in the Fortinet?
>
> Maria
>
>
> On 7 June 2024 21:51:28 CEST, LIU Chris via Bird-users <
> bird-users at network.cz> wrote:
>
>> Classified as: {Hitachi Rail – Public}
>>
>> My setup :
>>
>> Linux running bird, Peer:  Fortinet Firewall
>>
>>
>>
>> In bird, configure bfd as below:
>>
>>
>>
>> protocol bfd BFD_SD_01 {
>>
>>                 interface "*" {
>>
>>                                min rx interval 1000000 us;
>>
>>                                min tx interval 1000000 us;
>>
>>                               idle tx interval 1000000 ums;
>>
>>                               multiplier 3;
>>
>>                 };
>>
>>                 neighbor 192.168.0.1 local 192.168.0.2;
>>
>> }
>>
>>
>> Fortinet side, biasally same, also set rx intrva: 1000 ms, tx interval:
>> 1000ms,  multiplier: 3
>>
>> However, both side show bfd DOWN。
>>
>> Catpure tcpdump in Fortinet side,  Fortinet IP: 192.168.0.1
>>
>>    Time     source      destination protocol    info
>>
>> 1  0.000000 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic,
>> State: Down, Flags: 0x00
>>
>> 6  0.756375 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic,
>> State: Down, Flags: 0x00
>>
>> 11 1.519796 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic,
>> State: Down, Flags: 0x00
>>
>> 14 2.351177 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic,
>> State: Down, Flags: 0x00
>>
>> 19 3.225686 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic,
>> State: Down, Flags: 0x00
>>
>> 24 3.852938 192.168.0.1 192.168.0.2 BFD Control Diag: Control Detection
>> Time Expired, State: Down, Flags: 0x00
>>
>> 25 3.981126 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic,
>> State: Down, Flags: 0x00
>>
>>
>>
>> from Fortinet neighbour information, it seems cannot receive control
>> message from Peer, why? I don't have any block port. Why get detection
>> time: 1500ms after neighboation
>>
>> Below is fortinet bfd neighbor information
>>
>> OurAddress NeighAddress State Interface LDesc/RDesc
>>
>> 192.168.0.1 192.168.0.2 DOWN STN2-SD-A 1/0/M
>>
>> Local Diag: 1, Demand mode: no, Poll bit: unset
>>
>> MinTxInt: 1000, MinRxInt: 1000, Multiplier: 3
>>
>> Received: MinRxInt: 0 (ms), MinTxInt: 0 (ms), Multiplier: 3
>>
>> Transmit Interval: 6500 (ms), Detection Time: 1500 (ms)
>>
>> Rx Count: 0, Rx Interval; (ms) min/max/avg 0/0/0
>>
>> Tx Count: 10287, Tx Interval (ms) min/max/avg 5000/5030/5000, last: 2350
>> (ms) ago
>>
>> Registered protocols: Static BGP
>>
>>
>>
>> Is this bird issue or fortinet?  I suspect 80% caused by Fortiet, but I
>> just want to get some suggestion/proposal from bird expert.
>>
>>
>>
>> With Best Regards,
>>
>> Chris LIU
>>
>> Hitachi Rail – Public
>>
>> {Hitachi Rail – Public}
>>
> --
> Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20240608/a8047dbb/attachment.htm>

More information about the Bird-users mailing list