BFD (Bidirectional Forwarding Detection)
BFD (Bidirectional Forwarding Detection)
Section titled âBFD (Bidirectional Forwarding Detection)âTL;DR (Quick Start)
Section titled âTL;DR (Quick Start)âFor the impatient: enable BFD for BGP in RouterOS v7.
# Allow BFD on interface/routing/bfd/configuration/add interfaces=ether1 comment="BGP peer link"
# Enable BFD on BGP connection/routing/bgp/connection/set [find name=upstream] use-bfd=yes
# Verify session is up/routing/bfd/session/printOverview
Section titled âOverviewâWhat this does: BFD provides sub-second detection of link failures between network devices. Default settings detect failures in ~1 second (200ms interval x 5 multiplier), compared to BGPâs 180-second default hold time or OSPFâs 40-second dead interval.
When to use this:
- Redundant uplinks where fast failover is critical
- BGP peering with multiple upstream providers
- OSPF backbone links requiring rapid convergence
- Any scenario where routing protocol timers are too slow
Prerequisites:
- RouterOS v7.0 or higher
- BGP or OSPF configured
- Direct connectivity for single-hop BFD (multi-hop requires address configuration)
- Firewall allowing UDP 3784 (single-hop) or 4784 (multi-hop)
- Both peers must support BFD
v7 Behavior Change
In RouterOS v7, if use-bfd=yes is set on a BGP connection and the BFD session cannot establish, BGP will not come up. Only enable BFD when youâve confirmed the peer supports it.
Configuration Steps
Section titled âConfiguration StepsâStep 1: Create BFD Configuration Entry
Section titled âStep 1: Create BFD Configuration EntryâBFD requires explicit configuration entries to allow sessions on interfaces:
/routing/bfd/configuration/add interfaces=ether1 \ min-tx=200ms min-rx=200ms multiplier=5 comment="BGP peer link"Default timer values provide 1-second detection time (200ms x 5).
Step 2: Enable BFD on Routing Protocol
Section titled âStep 2: Enable BFD on Routing ProtocolâFor BGP:
/routing/bgp/connection/set [find name=upstream] use-bfd=yesFor OSPF:
/routing/ospf/interface-template/set [find] use-bfd=yesStep 3: Verify BFD Session
Section titled âStep 3: Verify BFD SessionâCheck that the BFD session is established:
/routing/bfd/session/printExpected output:
Columns: REMOTE-ADDRESS, LOCAL-ADDRESS, INTERFACE, STATE, MULTIHOP# REMOTE-ADDRESS LOCAL-ADDRESS INTERFACE STATE MULTIHOP0 192.168.1.2 192.168.1.1 ether1 up noCommon Scenarios
Section titled âCommon ScenariosâScenario: BFD for BGP Peer
Section titled âScenario: BFD for BGP PeerâEnable BFD for a single-hop BGP peer:
# Step 1: Allow BFD on the peering interface/routing/bfd/configuration/add interfaces=ether1 comment="BGP to ISP"
# Step 2: Enable BFD on the BGP connection/routing/bgp/connection/set [find name=isp-upstream] use-bfd=yes
# Step 3: Verify/routing/bfd/session/printScenario: BFD for OSPF Neighbors
Section titled âScenario: BFD for OSPF NeighborsâEnable BFD for all OSPF neighbors:
# Step 1: Create interface list for OSPF interfaces/interface/list/add name=ospf-interfaces/interface/list/member/add list=ospf-interfaces interface=ether2/interface/list/member/add list=ospf-interfaces interface=ether3
# Step 2: Allow BFD on OSPF interfaces/routing/bfd/configuration/add interfaces=ospf-interfaces comment="OSPF backbone"
# Step 3: Enable BFD in OSPF/routing/ospf/interface-template/set [find] use-bfd=yes
# Step 4: Verify/routing/bfd/session/print where state=upScenario: Multi-Hop BFD for eBGP
Section titled âScenario: Multi-Hop BFD for eBGPâFor eBGP peers not directly connected:
# Step 1: Create address list for allowed peers/ip/firewall/address-list/add list=ebgp-bfd-peers address=198.51.100.1/ip/firewall/address-list/add list=ebgp-bfd-peers address=203.0.113.1
# Step 2: Configure BFD for multi-hop (uses addresses, not interfaces)/routing/bfd/configuration/add address-list=ebgp-bfd-peers
# Step 3: Enable BFD and multi-hop on BGP connection/routing/bgp/connection/set [find name=ebgp-peer] use-bfd=yes multihop=yesMulti-hop BFD uses UDP port 4784 instead of 3784.
Scenario: Interface Filtering (Allow/Forbid)
Section titled âScenario: Interface Filtering (Allow/Forbid)âControl which interfaces can use BFD:
# Forbid BFD on management interface (specific rule first)/routing/bfd/configuration/add interfaces=ether1 forbid-bfd=yes comment="No BFD on mgmt"
# Allow BFD on all other interfaces/routing/bfd/configuration/add interfaces=all comment="Allow BFD elsewhere"Order Matters
BFD configuration entries are order-sensitive (first match wins). Place specific forbid-bfd rules before general allow rules.
Scenario: Aggressive Timers for Critical Links
Section titled âScenario: Aggressive Timers for Critical LinksâFor fastest possible failover (50ms detection):
/routing/bfd/configuration/add interfaces=critical-uplink \ min-tx=10ms min-rx=10ms multiplier=5 comment="50ms detection"CPU Impact
Very aggressive timers increase CPU load. On loaded systems, this may cause false positives (BFD flapping). Use 200ms or higher on production routers.
Scenario: Custom Timers per Interface
Section titled âScenario: Custom Timers per InterfaceâDifferent detection times for different links:
# Fast detection for primary uplink/routing/bfd/configuration/add interfaces=ether1 \ min-tx=100ms min-rx=100ms multiplier=3 comment="300ms detection"
# Standard detection for backup/routing/bfd/configuration/add interfaces=ether2 \ min-tx=200ms min-rx=200ms multiplier=5 comment="1s detection"Verification
Section titled âVerificationâConfirm BFD is working correctly:
Check 1: Verify BFD Sessions
Section titled âCheck 1: Verify BFD Sessionsâ/routing/bfd/session/printExpected: All sessions showing state=up.
Check 2: Check Session Details
Section titled âCheck 2: Check Session Detailsâ/routing/bfd/session/print detailExpected: packets-rx and packets-tx incrementing.
Check 3: Verify Configuration
Section titled âCheck 3: Verify Configurationâ/routing/bfd/configuration/printExpected: Entries allowing BFD on required interfaces.
Check 4: Check BGP BFD Status
Section titled âCheck 4: Check BGP BFD Statusâ/routing/bgp/session/printExpected: BGP sessions established with BFD enabled.
Check 5: Check OSPF BFD Status
Section titled âCheck 5: Check OSPF BFD Statusâ/routing/ospf/neighbor/printExpected: OSPF neighbors with BFD enabled.
Check 6: Monitor BFD Events
Section titled âCheck 6: Monitor BFD Eventsâ/log/print where topics~"bfd"Expected: No unexpected âdownâ events.
Troubleshooting
Section titled âTroubleshootingâ| Symptom | Cause | Solution |
|---|---|---|
| BGP wonât establish | BFD configured but peer doesnât support it | Verify peer supports BFD before enabling use-bfd=yes |
| BFD session stuck in âdownâ | No configuration entry for interface | Add /routing/bfd/configuration entry for the interface |
| âTTL check failedâ in logs | Packet traversing extra hops | Verify direct connectivity; use multi-hop BFD if needed |
| Session flapping | Aggressive timers on loaded router | Increase min-tx/min-rx to 200ms or higher |
| BFD not transmitting | Interface matched by forbid-bfd rule | Check configuration order; move forbid rule or add explicit allow |
| Multi-hop BFD not working | Using interface filter for multi-hop | Use addresses or address-list for multi-hop, not interfaces |
| Interop issues with Cisco | Cisco has echo mode enabled | Disable echo on Cisco: no bfd echo |
| Session not restored after reboot | Configuration entry missing or disabled | Verify /routing/bfd/configuration entries exist |
Debug: Enable BFD Logging
Section titled âDebug: Enable BFD Loggingâ/system/logging/add topics=bfd action=memory/log/print where topics~"bfd"Debug: Check Session Statistics
Section titled âDebug: Check Session Statisticsâ/routing/bfd/session/print detailLook for:
state-changes: High count indicates instabilitypackets-rx/packets-tx: Should be incrementinghold-time: Calculated detection time
Debug: Firewall Check
Section titled âDebug: Firewall CheckâEnsure BFD traffic is allowed:
# Single-hop BFD/ip/firewall/filter/add chain=input protocol=udp dst-port=3784 action=accept comment="BFD single-hop"
# Multi-hop BFD/ip/firewall/filter/add chain=input protocol=udp dst-port=4784 action=accept comment="BFD multi-hop"Common Mistakes
- Enabling BFD without peer support - v7 requires both peers to have BFD; BGP stays down if BFD fails
- Missing configuration entry - BFD wonât work without explicit
/routing/bfd/configurationallowing it - Wrong order of rules -
forbid-bfdrules must come before allow rules to work correctly - Using interfaces for multi-hop - Multi-hop BFD requires
addressesoraddress-list, not interface filters - Timers too aggressive - 10ms timers can cause false positives; start with 200ms defaults
BFD Timer Reference
Section titled âBFD Timer Referenceâ| Timer | Default | Description |
|---|---|---|
min-tx | 200ms | Minimum transmit interval |
min-rx | 200ms | Minimum receive interval |
multiplier | 5 | Missed packets before failure |
| Detection time | 1 second | min-rx x multiplier |
Detection Time Examples
Section titled âDetection Time Examplesâ| min-tx/min-rx | Multiplier | Detection Time |
|---|---|---|
| 200ms | 5 | 1 second |
| 100ms | 3 | 300ms |
| 50ms | 5 | 250ms |
| 10ms | 5 | 50ms |
Related Topics
Section titled âRelated TopicsâRouting Protocol Integration
Section titled âRouting Protocol Integrationâ- BGP - primary use case for BFD fast failover
- OSPF - OSPF neighbor failure detection
- Static Routes - BFD-triggered route changes
Route Management
Section titled âRoute Managementâ- Routing Filters - react to BFD-triggered route changes
- Routing Tables - multiple tables with BFD monitoring
Network Infrastructure
Section titled âNetwork Infrastructureâ- Firewall Basics - allow UDP 3784/4784
- VRRP - gateway redundancy with BFD
Monitoring
Section titled âMonitoringâReference
Section titled âReferenceâ- MikroTik BFD Documentation
- RFC 5880 - BFD Protocol
- RFC 5881 - BFD for IPv4 and IPv6 (Single Hop)
- RFC 5883 - BFD for Multihop Paths
Key Commands Reference
Section titled âKey Commands Referenceâ| Command | Description |
|---|---|
/routing/bfd/configuration/add | Create BFD policy entry |
/routing/bfd/configuration/print | View BFD configuration |
/routing/bfd/session/print | View active BFD sessions |
/routing/bfd/session/print detail | View session details with counters |
Configuration Properties
Section titled âConfiguration Propertiesâ| Property | Type | Default | Description |
|---|---|---|---|
interfaces | interface-list | - | Interface filter for single-hop BFD |
addresses | IP range | - | Address range for multi-hop filtering |
address-list | string | - | Named address list for destination matching |
vrf | string | main | Virtual routing instance |
min-tx | time | 200ms | Minimum transmit interval |
min-rx | time | 200ms | Minimum receive interval |
multiplier | integer | 5 | Detection multiplier |
forbid-bfd | yes/no | no | Block BFD on matching entries |
disabled | yes/no | no | Disable configuration entry |
comment | string | - | Description |
Session Properties (Read-Only)
Section titled âSession Properties (Read-Only)â| Property | Type | Description |
|---|---|---|
remote-address | IP | Peerâs IP address |
local-address | IP | Local source address |
interface | string | Associated interface |
state | up/down/init | Current session state |
multihop | yes/no | Multi-hop session indicator |
desired-tx-interval | time | Negotiated transmit interval |
required-min-rx | time | Local minimum RX interval |
remote-min-rx | time | Peerâs minimum RX interval |
multiplier | integer | Detection multiplier |
hold-time | time | Calculated detection time |
packets-rx | integer | Received packet count |
packets-tx | integer | Transmitted packet count |
state-changes | integer | Session state transition count |
uptime | time | Time since session established |
Protocol Ports
Section titled âProtocol Portsâ| Port | Protocol | Purpose |
|---|---|---|
| 3784 | UDP | Single-hop BFD control |
| 4784 | UDP | Multi-hop BFD control |
| 3785 | UDP | BFD echo (not supported on MikroTik) |
Unsupported Features
Section titled âUnsupported Featuresâ| Feature | Notes |
|---|---|
| Echo mode | Not implemented; disable on Cisco peers |
| Authentication | MD5/SHA not supported |
| Static route integration | Must use routing protocol for BFD |