On the fortigate the cfg is simple, you need to enable it globally, and under system interface. You have to enable the bfd per each routing peer ( BGP in my case )
cfg
show sys settings | grep bfd
set bfd enable
show sys interface GCM | grep bfd
set bfd enable
config router bgp
set as 5706
set ebgp-multipath enable
config neighbor
edit "192.168.127.1"
set bfd enable
set remote-as 65001
end
Junos device it's even simpler, just enable it per each bgp neighbor
set protocols bgp group FGT bfd-liveness-detection minimum-interval 1000
To validate;
FortiOS
JunOS
It's recommended NOT to run bfd and graceful restart at the same time. bfd supports authentication on Junos but not in FortiOS
If you suspect bfd is not working or not being sent use the diag sniffer cmd
e.g
diag sniffer packet <interfacename> "port 3784"
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment