One more thing, if you set up a BGP session without BFD, does the session show bfd in the capabilities for the remote end? Whatever the issue is, it’ll be small and stupid and the session will suddenly come alive once you nail it down, BFD has been really solid for us. On 20 Aug 2024, at 5:41 PM, Damien Gardner Jnr <rendrag@rendrag.net> wrote: Thanks Dirk, Yep, it was all working on ROS6 before the upgrade. Allowing all in the firewall from the TOR switch interface IP. Good question though, I’ll setup a capture piped back to my workstation later tonight and see exactly what’s going over there! (My bgp is internal to sau, announcing the smaller prefixes I use in my lab, not talking to the public routers - so it’s one physical link, no trunking - afaik we don’t support BFD unless you are directly peering on one of the ‘big’ routers for public BGP) Thanks! Damien Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net<mailto:rendrag@rendrag.net> - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder On Tue, 20 Aug 2024 at 5:36 PM, TFM Cloud - Dirk Bermingham <dirk@tfmcloud.au<mailto:dirk@tfmcloud.au>> wrote: What a way to spend a sick day :) Dumb question, the remote end definitely supports bfd? (My SAU links don’t :( ) Are you permitting 3784 UDP and 3785 TCP/UDP in your input and output chains? Can you see 3784/3785 traffic on your BGP interface? BFD on my configs is pretty much as simple as yours, > interface listed in BFD > bfd = yes in BGP > firewall rules permitting… Hope something in there helps, DB On 20 Aug 2024, at 4:52 PM, Damien Gardner Jnr via Public <public@talk.mikrotik.com.au<mailto:public@talk.mikrotik.com.au>> wrote:
So, I was off work sick today, have been holding off on upgrading all my 'production' gear to ROS 7 until BFD support was a thing. Supposedly it's now supported, so I upgraded one of my routers (RB1100AHx4). And yeah, BFD does not appear to work :(
Asked a few colleagues, and it's working for them. We compared configs, and identical configs basically, just different hardware on the other side.
Is there a trick to it? Is it only supported on specific Mikrotik hardware? Or only TO/FROM specific remote hardware? I tried enabling logging (/system logging add prefix=debug topics=bfd), which didn't really add anything.. Remote end is Cisco Nexus
Config is basically:
/routing bfd configuration add disabled=no interfaces=vlan300_WyongBGP /routing bgp connection add as=65001 connect=yes disabled=no hold-time=6s input.filter=BGP_SAU_TOR_IN_V4 keepalive-time=2s listen=yes local.address=103.235.x.x .role=ebgp name=SAU-TOR-WYONG-V4 output.filter-chain=BGP_SAU_TOR_OUT_V4 \ .network=bgp-networks .no-client-to-client-reflection=yes .redistribute=connected,static,vpn,dhcp remote.address=103.235.x.x/32 .as=64101 .port=179 router-id=103.235.x.x routing-table=main templates=SAU \ use-bfd=yes
If I watch the BFD sessions, I'll see it show as 'dead',. and then disappear, then show as dead, then disappear..
Any thoughts? I've set this one to a 6 second hold timer, and halted the other upgrades for now. I've also reset the config and configured from scratch incase it was a v6>v7 upgrade issue, but still the same problem..
Thankyou! --
Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net<mailto:rendrag@rendrag.net> - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder _______________________________________________ Public mailing list Public@talk.mikrotik.com.au<mailto:Public@talk.mikrotik.com.au> http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au