-
Notifications
You must be signed in to change notification settings - Fork 710
VPP VPP_BFD_Nexus
Dave Wallace edited this page Apr 21, 2026
·
1 revision
This example shows how to configure Bi-direction Forwarding Detection between VPP and a Cisco Nexus 6000 switch.
In this example we have:
A box running VPP with an Intel Niantic (X520/825990) NIC - visible as TenGigabitEthernet5/0/1 in VPP connected to the Nexus switch's Eth/1/3/3 interface.
For this test we assume that subnets 10.0.0/24 and 10.10.10.10/28 are not used.
Configure the IP addresses on both VPP:
DBGvpp# set int ip address TenGigabitEthernet5/0/1 10.0.0.2/24
DBGvpp# set int state TenGigabitEthernet5/0/1 up
and Nexus:
zglab-nexus-1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
zglab-nexus-1(config)# interface Ethernet 1/3/3
zglab-nexus-1(config-if)# no switchport
zglab-nexus-1(config-if)# ip address 10.0.0.1/24
zglab-nexus-1(config-if)# end
zglab-nexus-1#
We should now be able to ping the nexus from VPP and vice versa:
DBGvpp# ping 10.0.0.1 repeat 5
64 bytes from 10.0.0.1: icmp_seq=1 ttl=255 time=.5994 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=255 time=.5058 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=255 time=.5259 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=255 time=.5494 ms
64 bytes from 10.0.0.1: icmp_seq=5 ttl=255 time=.5433 ms
Statistics: 5 sent, 5 received, 0% packet loss
zglab-nexus-1# ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: icmp_seq=0 ttl=63 time=0.637 ms
64 bytes from 10.0.0.2: icmp_seq=1 ttl=63 time=0.492 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=63 time=0.503 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=63 time=0.475 ms
64 bytes from 10.0.0.2: icmp_seq=4 ttl=63 time=0.441 ms
--- 10.0.0.2 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.441/0.509/0.637 ms
We now configure the BFD feature on nexus:
zglab-nexus-1(config)# feature bfd
Please disable the ICMP redirects on all interfaces
running BFD sessions using the command below
'no ip redirects '
zglab-nexus-1(config)# interface Ethernet 1/3/3
zglab-nexus-1(config-if)# no ip redirects
zglab-nexus-1(config-if)# bfd interval 100 min_rx 100 multiplier 3
zglab-nexus-1(config-if)# bfd neighbor src-ip 10.0.0.1 dest-ip 10.0.0.2
Check the state of the BFD session on nexus:
zglab-nexus-1# show bfd neighbors details
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int Vrf
10.0.0.1 10.0.0.2 1090519041/0 Down N/A(3) Down Eth1/3/3 default
Session state is Down and not using echo function
Local Diag: 0, Demand mode: 0, Poll bit: 0, Authentication: None
MinTxInt: 2000000 us, MinRxInt: 2000000 us, Multiplier: 3
Received MinRxInt: 0 us, Received Multiplier: 3
Holdown (hits): 0 ms (0), Hello (hits): 2000 ms (10)
Rx Count: 0, Rx Interval (ms) min/max/avg: 0/0/0 last: 21064 ms ago
Tx Count: 10, Tx Interval (ms) min/max/avg: 1944/1944/1944 last: 1564 ms ago
Registered protocols: bfd_app
Downtime: 0 days 0 hrs 0 mins 21 secs
Last packet: Version: 0 - Diagnostic: 0
State bit: AdminDown - Demand bit: 0
Poll bit: 0 - Final bit: 0
Multiplier: 3 - Length: 24
My Discr.: 0 - Your Discr.: 0
Min tx interval: 0 - Min rx interval: 0
Min Echo interval: 0 - Authentication bit: 0
Down reason: No Diagnostic, Reason not-hosted: None
now we configure the session in VPP:
DBGvpp# bfd udp session add interface TenGigabitEthernet5/0/1 local-addr 10.0.0.2 peer-addr 10.0.0.1 desired-min-tx 100000 required-min-rx 100000 detect-mult 3
if we are quick enough (e.g. by doing a copy paste), we can see the session in the down state:
DBGvpp# show bfd sessions
Index Property Local value Remote value
0 IPv4 address 10.0.0.2 10.0.0.1
Session state Down Down
Diagnostic code No Diagnostic No Diagnostic
Detect multiplier 3 0
Required Min Rx Interval (usec) 100000 1
Desired Min Tx Interval (usec) 100000 0
Transmit interval 1000000
Min Echo Rx Interval (usec) 1 0
Demand mode no no
Poll state BFD_POLL_NOT_NEEDED
Number of configured BFD sessions: 1
before it goes up:
DBGvpp# show bfd sessions
Index Property Local value Remote value
0 IPv4 address 10.0.0.2 10.0.0.1
Session state Up Up
Diagnostic code No Diagnostic No Diagnostic
Detect multiplier 3 3
Required Min Rx Interval (usec) 100000 2000000
Desired Min Tx Interval (usec) 100000 100000
Transmit interval 2000000
Last control frame tx .14s ago
Last control frame rx .04s ago
Min Echo Rx Interval (usec) 1 100000
Demand mode no no
Poll state BFD_POLL_NOT_NEEDED
Number of configured BFD sessions: 1
we can also verify the session state on Nexus:
zglab-nexus-1# show bfd neighbors details
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int Vrf
10.0.0.1 10.0.0.2 1090519041/2530806747 Up 5288(3) Up Eth1/3/3 default
Session state is Up and using echo function with 100 ms interval
Local Diag: 0, Demand mode: 0, Poll bit: 0, Authentication: None
MinTxInt: 100000 us, MinRxInt: 2000000 us, Multiplier: 3
Received MinRxInt: 100000 us, Received Multiplier: 3
Holdown (hits): 6000 ms (1), Hello (hits): 100 ms (837)
Rx Count: 48, Rx Interval (ms) min/max/avg: 217/1976/3879 last: 711 ms ago
Tx Count: 837, Tx Interval (ms) min/max/avg: 95/95/95 last: 70 ms ago
Registered protocols: bfd_app
Uptime: 0 days 0 hrs 1 mins 19 secs
Last packet: Version: 1 - Diagnostic: 0
State bit: Up - Demand bit: 0
Poll bit: 0 - Final bit: 0
Multiplier: 3 - Length: 24
My Discr.: -1764160549 - Your Discr.: 1090519041
Min tx interval: 100000 - Min rx interval: 100000
Min Echo interval: 1 - Authentication bit: 0
Down reason: None, Reason not-hosted: None
We can get more aggressive detection by using the echo feature, for which we need an echo source interface configured in VPP:
DBGvpp# loop create
loop0
DBGvpp# set int state loop0 up
DBGvpp# set int ip address loop0 10.10.10.10/28
DBGvpp# bfd udp echo-source set interface loop0
Then the BFD will quickly start to use the echo feature as a supplement - note the new properties in the CLI output: Echo transmit interval and Last echo frame tx/roundtrip time
DBGvpp# show bfd sessions
Index Property Local value Remote value
0 IPv4 address 10.0.0.2 10.0.0.1
Session state Up Up
Diagnostic code No Diagnostic No Diagnostic
Detect multiplier 3 3
Required Min Rx Interval (usec) 100000 2000000
Desired Min Tx Interval (usec) 100000 100000
Transmit interval 2000000
Last control frame tx .81s ago
Last control frame rx .81s ago
Min Echo Rx Interval (usec) 1 100000
Echo transmit interval 100000
Last echo frame tx .08s ago
Last echo frame roundtrip time .000048s
Demand mode no no
Poll state BFD_POLL_NOT_NEEDED
Number of configured BFD sessions: 1
Now we will set authentication for the BFD control frames with the goal of not distrupting the current session state. For that, we will first add the authentication key to vpp:
DBGvpp# bfd key set conf-key-id 1 type keyed-sha1 secret 68656c6c6f20776f726c64
we are entering the secret as hex-string, with the secret being "hello world" string.
Now we activate the authentication in VPP with the delayed option:
DBGvpp# bfd udp session auth activate interface TenGigabitEthernet5/0/1 local-addr 10.0.0.2 peer-addr 10.0.0.1 conf-key-id 1 bfd-key-id 5 delayed yes
we can see that the authentication is not in use yet:
DBGvpp# show bfd sessions
Index Property Local value Remote value
0 IPv4 address 10.0.0.2 10.0.0.1
Session state Up Up
Diagnostic code No Diagnostic No Diagnostic
Detect multiplier 3 3
Required Min Rx Interval (usec) 100000 2000000
Desired Min Tx Interval (usec) 100000 100000
Transmit interval 2000000
Last control frame tx 1.78s ago
Last control frame rx .77s ago
Min Echo Rx Interval (usec) 1 100000
Echo transmit interval 100000
Last echo frame tx 0.00s ago
Last echo frame roundtrip time .000032s
Demand mode no no
Poll state BFD_POLL_NOT_NEEDED
Number of configured BFD sessions: 1
Now we configure the authentication on the Nexus side:
zglab-nexus-1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
zglab-nexus-1(config)# interface ethernet 1/3/3
zglab-nexus-1(config-if)# bfd authentication Keyed-SHA1 key-id 5 hex-key 68656c6c6f20776f726c64
end
shortly, vpp will recognize now-signed control frames coming from nexus and will switch to using the authentication (and signing outgoing frames) itself:
DBGvpp# show bfd sessions
Index Property Local value Remote value
0 IPv4 address 10.0.0.2 10.0.0.1
Session state Init Down
Diagnostic code No Diagnostic No Diagnostic
Detect multiplier 3 3
Required Min Rx Interval (usec) 100000 100000
Desired Min Tx Interval (usec) 100000 100000
Transmit interval 100000
Last control frame tx .05s ago
Last control frame rx .13s ago
Min Echo Rx Interval (usec) 1 100000
Demand mode no no
Poll state BFD_POLL_NOT_NEEDED
Authentication config key ID 1
Authentication BFD key ID 5
Sequence number 1011200656 1431422116
Number of configured BFD sessions: 1
we see that the authentication key information appeared and we can also see the sequence numbers.
Finally we check whether the session state was disturbed on nexus:
zglab-nexus-1# show bfd neighbors details
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int Vrf
10.0.0.1 10.0.0.2 1090519041/2530806747 Up 5921(3) Up Eth1/3/3 default
Session state is Up and using echo function with 100 ms interval
Local Diag: 0, Demand mode: 0, Poll bit: 0, Authentication: Keyed-SHA1
MinTxInt: 100000 us, MinRxInt: 2000000 us, Multiplier: 3
Received MinRxInt: 1000000 us, Received Multiplier: 3
Holdown (hits): 6000 ms (1), Hello (hits): 1000 ms (20929)
Rx Count: 10203, Rx Interval (ms) min/max/avg: 217/2000/1750 last: 78 ms ago
Tx Count: 20929, Tx Interval (ms) min/max/avg: 895/895/895 last: 684 ms ago
Registered protocols: bfd_app
Uptime: 0 days 4 hrs 55 mins 49 secs
Last packet: Version: 1 - Diagnostic: 0
State bit: Up - Demand bit: 0
Poll bit: 0 - Final bit: 0
Multiplier: 3 - Length: 24
My Discr.: -1764160549 - Your Discr.: 1090519041
Min tx interval: 100000 - Min rx interval: 1000000
Min Echo interval: 1 - Authentication bit: 1
Down reason: None, Reason not-hosted: None
we verify by checking the uptime that it wasn't.
Similarly, we could remove the authentication without disturbing the session state by deactivating it on vpp side with the "delayed yes" option and then deactivating it on the nexus side.
- VPP 2022 Make Test Use Case Poll
- VPP-AArch64
- VPP-ABF
- VPP Alternative Builds
- VPP API Concepts
- VPP API Versioning
- VPP-ApiChangeProcess
- VPP-ArtifactVersioning
- VPP-BIER
- VPP-Bihash
- VPP-BugReports
- VPP Build System Deep Dive
- VPP Build, Install, And Test Images
- VPP-BuildArtifactRetentionPolicy
- VPP-c2cpel
- VPP Code Walkthrough VoD
- VPP Code Walkthrough VoD Topic Index
- VPP Code Walkthrough VoDs
- VPP-CodeStyleConventions
- VPP-CodingTips
- VPP Command Line Arguments
- VPP Command Line Interface CLI Guide
- VPP-CommitMessages
- VPP-Committers-SMEs
- VPP-CommitterTasks-ApiFreeze
- VPP CommitterTasks Compare API Changes
- VPP-CommitterTasks-CutPointRelease
- VPP-CommitterTasks-CutRelease
- VPP-CommitterTasks-FinalReleaseCandidate
- VPP-CommitterTasks-PullThrottleBranch
- VPP-CommitterTasks-ReleasePlan
- VPP Configuration Tool
- VPP Configure An LW46 MAP E Terminator
- VPP Configure VPP As A Router Between Namespaces
- VPP Configure VPP TAP Interfaces For Container Routing
- VPP-CoreFileMismatch
- VPP-cpel
- VPP-cpeldump
- VPP-CurrentData
- VPP-DHCPKit
- VPP-DHCPv6
- VPP-DistributedOwnership
- VPP-Documentation
- VPP DPOs And Feature Arcs
- VPP EC2 Instance With SRIOV
- VPP-elog
- VPP-FAQ
- VPP Feature Arcs
- VPP-Features
- VPP-Features-IPv6
- VPP-FIB
- VPP-g2
- VPP Getting VPP 16.06
- VPP Getting VPP Release Binaries
- VPP-HA
- VPP-HostStack
- VPP-HostStack-BuiltinEchoClientServer
- VPP-HostStack-EchoClientServer
- VPP-HostStack-ExternalEchoClientServer
- VPP HostStack Hs Test
- VPP-HostStack-LDP-iperf
- VPP-HostStack-LDP-nginx
- VPP-HostStack-LDP-sshd
- VPP-HostStack-nginx
- VPP-HostStack-SessionLayerArchitecture
- VPP-HostStack-TestHttpServer
- VPP-HostStack-TestProxy
- VPP-HostStack-TLS
- VPP-HostStack-VCL
- VPP-HostStack-VclEchoClientServer
- VPP-Hotplug
- VPP How To Add A Tunnel Encapsulation
- VPP How To Build The Sample Plugin
- VPP How To Connect A PCI Interface To VPP
- VPP How To Create A VPP Binary Control Plane API
- VPP How To Deploy VPP In EC2 Instance And Use It To Connect Two Different VPCs
- VPP How To Optimize Performance %28System Tuning%29
- VPP How To Use The API Trace Tools
- VPP How To Use The C API
- VPP How To Use The Packet Generator And Packet Tracer
- VPP-Howtos
- VPP-index
- VPP Installing VPP Binaries From Packages
- VPP Interconnecting vRouters With VPP
- VPP Introduction To IP Adjacency
- VPP Introduction To N Tuple Classifiers
- VPP IP Adjacency Introduction
- VPP-IPFIX
- VPP-IPSec
- VPP IPSec And IKEv2
- VPP IPv6 SR VIRL Topology File
- VPP Java API
- VPP Java API Plugin Support
- VPP Jira Workflow
- VPP-Macswapplugin
- VPP-MakeTestFramework
- VPP-Meeting
- VPP-MFIB
- VPP Missing Prefetches
- VPP Modifying The Packet Processing Directed Graph
- VPP MPLS FIB
- VPP-NAT
- VPP Nataas Test
- VPP-OVN
- VPP Per Feature Notes
- VPP Performance Analysis Tools
- VPP-perftop
- VPP Progressive VPP Tutorial
- VPP Project Meeting Minutes
- VPP Pulling, Building, Running, Hacking And Pushing VPP Code
- VPP Pure L3 Between Namespaces With 32s
- VPP Pure L3 Container Networking
- VPP Pushing And Testing A Tag
- VPP Python API
- VPP-PythonVersionPolicy
- VPP-QuickTrexSetup
- VPP Random Hints And Kinks For KVM Usage
- VPP Release Plans Release Plan 16.09
- VPP Release Plans Release Plan 17.01
- VPP Release Plans Release Plan 17.04
- VPP Release Plans Release Plan 17.07
- VPP Release Plans Release Plan 17.10
- VPP Release Plans Release Plan 18.01
- VPP Release Plans Release Plan 18.04
- VPP Release Plans Release Plan 18.07
- VPP Release Plans Release Plan 18.10
- VPP Release Plans Release Plan 19.01
- VPP Release Plans Release Plan 19.04
- VPP Release Plans Release Plan 19.08
- VPP Release Plans Release Plan 20.01
- VPP Release Plans Release Plan 20.05
- VPP Release Plans Release Plan 20.09
- VPP Release Plans Release Plan 21.01
- VPP Release Plans Release Plan 21.06
- VPP Release Plans Release Plan 21.10
- VPP Release Plans Release Plan 22.02
- VPP Release Plans Release Plan 22.06
- VPP Release Plans Release Plan 22.10
- VPP Release Plans Release Plan 23.02
- VPP Release Plans Release Plan 23.06
- VPP Release Plans Release Plan 23.10
- VPP Release Plans Release Plan 24.02
- VPP Release Plans Release Plan 24.06
- VPP Release Plans Release Plan 24.10
- VPP Release Plans Release Plan 25.02
- VPP Release Plans Release Plan 25.06
- VPP Release Plans Release Plan 25.10
- VPP Release Plans Release Plan 26.02
- VPP Release Plans Release Plan 26.06
- VPP-RM
- VPP-SecurityGroups
- VPP Segment Routing For IPv6
- VPP Segment Routing For MPLS
- VPP Setting Up Your Dev Environment
- VPP-SNAT
- VPP Software Architecture
- VPP STN Testing
- VPP The VPP API
- VPP Training Events
- VPP-Troubleshooting
- VPP-Troubleshooting-BuildIssues
- VPP-Troubleshooting-Vagrant
- VPP Tutorial DPDK And MacSwap
- VPP Tutorial Routing And Switching
- VPP-Tutorials
- VPP Use VPP To Chain VMs Using Vhost User Interface
- VPP Use VPP To Connect VMs Using Vhost User Interface
- VPP Using mTCP User Mode TCP Stack With VPP
- VPP Using VPP As A VXLAN Tunnel Terminator
- VPP Using VPP In A Multi Thread Model
- VPP-VOM
- VPP VPP BFD Nexus
- VPP VPP Home Gateway
- VPP VPP WIKI DEPRECATED CONTENT
- VPP-VPPCommunicationsLibrary
- VPP-VPPConfig
- VPP What Is ODP4VPP
- VPP What Is VPP
- VPP Working Environments
- VPP Working With The 16.06 Throttle Branch