BFD基本配置

2025-10-21 09:52:32

BFD与静态路由联动

静态路由联动原理

静态路由自身没有检测机制,当网络发生故障的时候,需要管理员介入。BFD与静态路由联动特性可为公网静态路由绑定BFD会话,利用BFD会话来检测静态路由所在链路的状态。

BFD与静态路由联动可为每条静态路由绑定一个BFD会话,当这条静态路由上绑定的BFD会话检测到链路故障(由Up转为Down)后,BFD会将故障上报路由管理系统,由路由管理模块将这条路由设置为“非激活”状态(此条路由不可用,从IP路由表中删除)。当这条静态路由上绑定的BFD会话成功建立或者从故障状态恢复后(由Down转为Up),BFD会上报路由管理模块,由路由管理模块将这条路由设置为“激活”状态(此路由可用,加入IP路由表)。

典型配置1

拓扑图如下:

目标:BFD与静态路由联动实现浮动路由。

场景:R1到23.23.23.23/32网络可通过R2到达,也可通过R3到达(交换机作为二层转发)。R2作为主用R3作为备用。R1到R2、R3之间由于不是直连链路,因此接口状态不会影响到静态路由的有效性,此时使用BFD进行检测,当检测失效时,使用备份静态路由进行数据转发。

配置步骤

基本IP编址

BFD配置

BFD与静态路由联动配置

验证

1.基本IP编址

[R1]interface GigabitEthernet 0/0/1

[R1-GigabitEthernet0/0/1]ip add 10.0.12.1 24

[R1-GigabitEthernet0/0/1]q

[R1]interface GigabitEthernet 0/0/2

[R1-GigabitEthernet0/0/2]ip add 10.0.13.1 24

[R1-GigabitEthernet0/0/2]q

[R1]interface LoopBack 0

[R1-LoopBack0]ip add 10.0.1.1 32

[R1-LoopBack0]q

[R2]interface GigabitEthernet 0/0/1

[R2-GigabitEthernet0/0/1]ip add 10.0.12.2 24

[R2-GigabitEthernet0/0/1]q

[R2]interface LoopBack 0

[R2-LoopBack0]ip add 23.23.23.23 32

[R2-LoopBack0]q

[R3]interface GigabitEthernet 0/0/1

[R3-GigabitEthernet0/0/1]ip add 10.0.13.2 24

[R3-GigabitEthernet0/0/1]q

[R3]interface LoopBack 0

[R3-LoopBack0]ip add 23.23.23.23 32

[R3-LoopBack0]q

2.BFD配置

#在主用路径上启用BFD,检测R1到R2接口。

[R1]bfd //全局启用BFD

[R1-bfd]q

[R1]bfd 1 bind peer-ip 10.0.12.2 source-ip 10.0.12.1 auto //配置BFD会话

[R1-bfd-session-1]commit

[R1-bfd-session-1]q

[R2]bfd

[R2-bfd]q

[R2]bfd 1 bind peer-ip 10.0.12.1 source-ip 10.0.12.2 auto

[R2-bfd-session-1]commit

[R2-bfd-session-1]q

#查看BFD会话信息

[R1]display bfd session all

--------------------------------------------------------------------------------

Local Remote PeerIpAddr State Type InterfaceName

--------------------------------------------------------------------------------

8192 8192 10.0.12.2 Up S_AUTO_PEER -

--------------------------------------------------------------------------------

Total UP/DOWN Session Number : 1/0

[R2]display bfd session all

--------------------------------------------------------------------------------

Local Remote PeerIpAddr State Type InterfaceName

--------------------------------------------------------------------------------

8192 8192 10.0.12.1 Up S_AUTO_PEER -

--------------------------------------------------------------------------------

Total UP/DOWN Session Number : 1/0

3.BFD与静态路由联动配置

#在R2和R3上配置去往R1环回的静态路由

[R2]ip route-static 10.0.0.0 8 10.0.12.1

[R3]ip route-static 10.0.0.0 8 10.0.13.1

[R2]display ip routing-table

Route Flags: R - relay, D - download to fib, T - to vpn-instance

------------------------------------------------------------------------------

Routing Tables: Public

Destinations : 9 Routes : 9

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.0.0/8 Static 60 0 RD 10.0.12.1 GigabitEthernet0/0/1

[R3]display ip routing-table

Route Flags: R - relay, D - download to fib, T - to vpn-instance

------------------------------------------------------------------------------

Routing Tables: Public

Destinations : 9 Routes : 9

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.0.0/8 Static 60 0 RD 10.0.13.1 GigabitEthernet0/0/1

#在R1上配置静态路由并联动BFD

[R1]ip route-static 0.0.0.0 0.0.0.0 10.0.12.2 track bfd-session 1 //默认主路由与bfd联动

[R1]ip route-static 0.0.0.0 0.0.0.0 10.0.13.2 preference 100 //备用路由调整优先级(静态路由默认60)

#查看路由表

[R1]display ip routing-table

Route Flags: R - relay, D - download to fib, T - to vpn-instance

------------------------------------------------------------------------------

Routing Tables: Public

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 Static 60 0 RD 10.0.12.2 GigabitEthernet0/0/1

//正常情况下主用路由加入转发表

[R1]display ip routing-table 0.0.0.0 0 verbose

Route Flags: R - relay, D - download to fib, T - to vpn-instance

------------------------------------------------------------------------------

Routing Table : Public

Summary Count : 2

Destination: 0.0.0.0/0

Protocol: Static Process ID: 0

Preference: 60 Cost: 0

NextHop: 10.0.12.2 Neighbour: 0.0.0.0

State: Active Adv Relied Age: 00h04m53s

Tag: 0 Priority: medium

Label: NULL QoSInfo: 0x0

IndirectID: 0x80000001

RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/1

TunnelID: 0x0 Flags: RD

Destination: 0.0.0.0/0

Protocol: Static Process ID: 0

Preference: 100 Cost: 0

NextHop: 10.0.13.2 Neighbour: 0.0.0.0

State: Inactive Adv Relied Age: 00h04m32s

Tag: 0 Priority: medium

Label: NULL QoSInfo: 0x0

IndirectID: 0x80000002

RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/2

TunnelID: 0x0 Flags: R

//备用路由此时为不活跃状态(不加表)

注意:如果不配置BFD检测的话,在R1上是没有任何机制可以判断静态路由是否有效的,因此BFD在这种场景非常重要。

4.配置验证

在R2上关闭连接至R1的端口,模拟主用路径故障。

#关闭R2端口

[R2]interface GigabitEthernet 0/0/1

[R2-GigabitEthernet0/0/1]shutdown

#R1到目的网络有短暂丢包(切换备用线路)

ping -c 100 23.23.23.23

PING 23.23.23.23: 56 data bytes, press CTRL_C to break

Reply from 23.23.23.23: bytes=56 Sequence=1 ttl=255 time=2 ms

Reply from 23.23.23.23: bytes=56 Sequence=2 ttl=255 time=2 ms

Reply from 23.23.23.23: bytes=56 Sequence=3 ttl=255 time=1 ms

Reply from 23.23.23.23: bytes=56 Sequence=4 ttl=255 time=2 ms

Reply from 23.23.23.23: bytes=56 Sequence=5 ttl=255 time=2 ms

Reply from 23.23.23.23: bytes=56 Sequence=6 ttl=255 time=4 ms

Reply from 23.23.23.23: bytes=56 Sequence=7 ttl=255 time=1 ms

Request time out

Request time out

Reply from 23.23.23.23: bytes=56 Sequence=10 ttl=255 time=1 ms

Reply from 23.23.23.23: bytes=56 Sequence=11 ttl=255 time=8 ms

Reply from 23.23.23.23: bytes=56 Sequence=12 ttl=255 time=1 ms

#BFD状态down

display bfd session all

--------------------------------------------------------------------------------

Local Remote PeerIpAddr State Type InterfaceName

--------------------------------------------------------------------------------

8192 0 10.0.12.2 Down S_AUTO_PEER -

--------------------------------------------------------------------------------

Total UP/DOWN Session Number : 0/1

#R1路由表(此时备用路由被加入路由转发表)

display ip routing-table

Route Flags: R - relay, D - download to fib, T - to vpn-instance

------------------------------------------------------------------------------

Routing Tables: Public

Destinations : 12 Routes : 12

Destination/Mask Proto Pre Cost Flags NextHop Interface

0.0.0.0/0 Static 100 0 RD 10.0.13.2 GigabitEthernet0/0/2

#R1默认路由信息(主用路由状态成为invalid,备用为active)

display ip routing-table 0.0.0.0 0 verbose

Route Flags: R - relay, D - download to fib, T - to vpn-instance

------------------------------------------------------------------------------

Routing Table : Public

Summary Count : 2

Destination: 0.0.0.0/0

Protocol: Static Process ID: 0

Preference: 60 Cost: 0

NextHop: 10.0.12.2 Neighbour: 0.0.0.0

State: Invalid Adv Relied Age: 00h27m53s

Tag: 0 Priority: medium

Label: NULL QoSInfo: 0x0

IndirectID: 0x80000001

RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/1

TunnelID: 0x0 Flags: R

Destination: 0.0.0.0/0

Protocol: Static Process ID: 0

Preference: 100 Cost: 0

NextHop: 10.0.13.2 Neighbour: 0.0.0.0

State: Active Adv Relied Age: 00h27m32s

Tag: 0 Priority: medium

Label: NULL QoSInfo: 0x0

IndirectID: 0x80000002

RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/2

TunnelID: 0x0 Flags: RD

BFD与OSPF联动

典型配置1

拓扑如图所示:

场景:两台路由器通过交换机互联,并将各自的接口运行于OSPF区域0,由于不是接口直接相连,若其中一台的接口Down,另一台不会立即感知,需要等待4倍的Hello时间来删除邻居,在这段时间内,数据转发都会处于非正常状态。在这种场景下,可以通过BFD检测来加快OSPF的收敛速度。

目标:通过BFD检测来加快OSPF的收敛速度。

配置步骤:

IP编址基本配置

OSPF配置

BFD会话配置

配置验证

1.IP编址基本配置

[R1]interface LoopBack 0

[R1-LoopBack0]ip add 10.0.1.1 32

[R1-LoopBack0]q

[R1]interface GigabitEthernet 0/0/1

[R1-GigabitEthernet0/0/1]ip add 10.1.12.1 24

[R1-GigabitEthernet0/0/1]q

[R2]interface LoopBack 0

[R2-LoopBack0]ip add 10.0.2.2 32

[R2-LoopBack0]q

[R2]interface GigabitEthernet 0/0/1

[R2-GigabitEthernet0/0/1]ip add 10.1.12.2 24

[R2-GigabitEthernet0/0/1]q

2.OSPF配置

[R1]ospf 1 router-id 10.0.1.1

[R1-ospf-1]area 0

[R1-ospf-1-area-0.0.0.0]network 10.0.1.1 0.0.0.0

[R1-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255

[R1-ospf-1-area-0.0.0.0]q

[R1-ospf-1]q

[R2]ospf 1 router-id 10.0.2.2

[R2-ospf-1]area 0

[R2-ospf-1-area-0.0.0.0]network 10.0.2.2 0.0.0.0

[R2-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255

[R2-ospf-1-area-0.0.0.0]q

[R2-ospf-1]q

3.BFD会话配置

#配置BFD会话

[R1]bfd //全局开启BFD

[R1-bfd]q

[R1]ospf 1

[R1-ospf-1]bfd all-interfaces enable //OSPF进程下使能BFD联动

[R1-ospf-1]q

[R2]bfd

[R2-bfd]q

[R2]ospf 1

[R2-ospf-1]bfd all-interfaces enable

[R2-ospf-1]q

#查看BFD session状态

display bfd session all

--------------------------------------------------------------------------------

Local Remote PeerIpAddr State Type InterfaceName

--------------------------------------------------------------------------------

8192 8192 10.1.12.2 Up D_IP_IF GigabitEthernet0/0/1

--------------------------------------------------------------------------------

Total UP/DOWN Session Number : 1/0

display bfd session all

--------------------------------------------------------------------------------

Local Remote PeerIpAddr State Type InterfaceName

--------------------------------------------------------------------------------

8192 8192 10.1.12.1 Up D_IP_IF GigabitEthernet0/0/1

--------------------------------------------------------------------------------

Total UP/DOWN Session Number : 1/0

4.配置验证

#在R1上开启debug,观察debug日志。

Dec 12 2024 00:22:47+00:00 R1 %%01BFD/4/STACHG_TODWN(l)[2]:BFD session changed to Down. (SlotNumber=0, Discriminator=8192, Diagnostic=DetectDown, Applications=OSPF, ProcessPST=False, BindInterfaceName=GigabitEthernet0/0/1, InterfacePhysicalState=Up, InterfaceProtocolState=Up)

Dec 12 2024 00:22:47+00:00 R1 %%01OSPF/3/NBR_CHG_DOWN(l)[3]:Neighbor event:neighbor state changed to Down. (ProcessId=1, NeighborAddress=10.1.12.2, NeighborEvent=KillNbr, NeighborPreviousState=Init, NeighborCurrentState=Down)

Dec 12 2024 00:22:47+00:00 R1 %%01OSPF/3/NBR_DOWN_REASON(l)[4]:Neighbor state leaves full or changed to Down. (ProcessId=1, NeighborRouterId=10.0.2.2, NeighborAreaId=0, NeighborInterface=GigabitEthernet0/0/1, NeighborDownImmediate reason=Neighbor Down Due to Kill Neighbor, NeighborDownPrimeReason=BFD Session Down, NeighborChangeTime=2024-12-12 00:22:47)

#在R2上shutdown端口,模拟链路故障。

[R2]interface GigabitEthernet 0/0/1

[R2-GigabitEthernet0/0/1]shutdown

BFD与VRRP联动

典型配置1

拓扑图如下

场景

R1通过两台交换机S1、S2和R2、R3互连,R2和R3运行VRRP作为局域网内R4和R5的网关,R2工作在VRRP MASTER模式,R3工作在BACKUP模式。为了避免R2的非直连上行链路Down后,上行流量依旧从R2转发形成路由黑洞的问题,配置BFD联动VRRP,当R1和R2互联接口Down掉,立即降低R2的VRRP优先级,由R3作为MASTER转发上行流量。

配置步骤:

1.基本IP编址

2.OSPF与静态路由配置

3.VRRP配置

4.配置BFD联动

5.测试

1.基本IP编址

[R1]interface LoopBack 0

[R1-LoopBack0]ip add 10.0.1.1 24

[R1-LoopBack0]q

[R1]interface GigabitEthernet 0/0/1

[R1-GigabitEthernet0/0/1]ip add 10.0.12.1 24

[R1-GigabitEthernet0/0/1]q

[R1]interface GigabitEthernet 0/0/2

[R1-GigabitEthernet0/0/2]ip add 10.0.13.1 24

[R1-GigabitEthernet0/0/2]q

[R2]interface LoopBack 0

[R2-LoopBack0]ip add 10.0.2.2 24

[R2-LoopBack0]q

[R2]interface GigabitEthernet 0/0/1

[R2-GigabitEthernet0/0/1]ip add 10.0.12.2 24

[R2-GigabitEthernet0/0/1]q

[R2]interface GigabitEthernet 0/0/0

[R2-GigabitEthernet0/0/0]ip add 192.168.45.2 24

[R2-GigabitEthernet0/0/0]q

[R3]interface LoopBack 0

[R3-LoopBack0]ip add 10.0.3.3 24

[R3-LoopBack0]q

[R3]interface GigabitEthernet 0/0/2

[R3-GigabitEthernet0/0/2]ip add 10.0.13.2 24

[R3-GigabitEthernet0/0/2]q

[R3]interface GigabitEthernet 0/0/0

[R3-GigabitEthernet0/0/0]ip add 192.168.45.3 24

[R3-GigabitEthernet0/0/0]q

[R4]interface GigabitEthernet 0/0/0

[R4-GigabitEthernet0/0/0]ip add 192.168.45.4 24

[R4-GigabitEthernet0/0/0]q

[R5]interface GigabitEthernet 0/0/0

[R5-GigabitEthernet0/0/0]ip add 192.168.45.5 24

[R5-GigabitEthernet0/0/0]q

[~SW1]vlan 12

[*SW1-vlan12]q

[*SW1]interface GE 1/0/1

[*SW1-GE1/0/1]port link-type access

[*SW1-GE1/0/1]port default vlan 12

[*SW1-GE1/0/1]q

[*SW1]interface GE 1/0/2

[*SW1-GE1/0/2]p l a

[*SW1-GE1/0/2]p d v 12

[*SW1-GE1/0/2]q

[*SW1]comm

[~SW1]

[~SW2]vlan 13

[*SW2-vlan13]q

[*SW2]interface GE 1/0/1

[*SW2-GE1/0/1]port link-type access

[*SW2-GE1/0/1]port default vlan 13

[*SW2-GE1/0/1]q

[*SW2]interface GE 1/0/3

[*SW2-GE1/0/3]p l a

[*SW2-GE1/0/3]p d v 13

[*SW2-GE1/0/3]q

[*SW2]comm

[~SW2]

2.OSPF与静态路由配置

[R1]ospf 1

[R1-ospf-1]area 0

[R1-ospf-1-area-0.0.0.0]network 10.0.1.0 0.0.0.255

[R1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255

[R1-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255

[R1-ospf-1-area-0.0.0.0]q

[R1-ospf-1]q

[R2]ospf 1

[R2-ospf-1]area 0

[R2-ospf-1-area-0.0.0.0]network 10.0.2.0 0.0.0.255

[R2-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255

[R2-ospf-1-area-0.0.0.0]network 192.168.45.0 0.0.0.255

[R2-ospf-1-area-0.0.0.0]q

[R2-ospf-1]silent-interface GigabitEthernet 0/0/0 //配置静默接口,该接口只宣告网段不建立邻居

[R3]ospf 1

[R3-ospf-1]area 0

[R3-ospf-1-area-0.0.0.0]network 10.0.3.0 0.0.0.255

[R3-ospf-1-area-0.0.0.0]network 10.0.13.0 0.0.0.255

[R3-ospf-1-area-0.0.0.0]network 192.168.45.0 0.0.0.255

[R3-ospf-1-area-0.0.0.0]q

[R3-ospf-1]silent-interface GigabitEthernet 0/0/0 //配置静默接口,该接口只宣告网段不建立邻居

#修改接口开销,使下行流量的选路以R2为主。

[R1]interface GigabitEthernet 0/0/1

[R1-GigabitEthernet0/0/1]ospf cost 90

[R1-GigabitEthernet0/0/1]q

[R1]interface GigabitEthernet 0/0/2

[R1-GigabitEthernet0/0/2]ospf cost 100

[R1-GigabitEthernet0/0/2]q

[R2]interface GigabitEthernet 0/0/1

[R2-GigabitEthernet0/0/1]ospf cost 90

[R2-GigabitEthernet0/0/1]q

[R3]interface GigabitEthernet 0/0/2

[R3-GigabitEthernet0/0/2]ospf cost 100

[R3-GigabitEthernet0/0/2]q

3.VRRP配置

#在R2、R3的下行接口配置VRRP。

[R2]interface GigabitEthernet 0/0/0

[R2-GigabitEthernet0/0/0]vrrp vrid 45 virtual-ip 192.168.45.1

[R2-GigabitEthernet0/0/0]vrrp vrid 45 priority 150 //华为设备默认优先级为100

[R2-GigabitEthernet0/0/0]q

[R3]interface GigabitEthernet 0/0/0

[R3-GigabitEthernet0/0/0]vrrp vrid 45 virtual-ip 192.168.45.1

[R3-GigabitEthernet0/0/0]q

#在R4和R5上配置默认路由指向VRRP地址

[R4]ip route-static 0.0.0.0 0 192.168.45.1

[R5]ip route-static 0.0.0.0 0 192.168.45.1

4.配置BFD联动

#在R1和R2上启用BFD,配置联动VRRP,如果BFD检测失效,立即降低优先级。

[R1]bfd

[R1-bfd]q

[R1]bfd 1 bind peer-ip 192.168.45.2 source-ip 10.0.12.1 auto

[R1-bfd-session-1]commit

[R1-bfd-session-1]q

[R2]bfd

[R2-bfd]q

[R2]bfd 1 bind peer-ip 10.0.12.1 source-ip 192.168.45.2 auto

[R2-bfd-session-1]com

[R2-bfd-session-1]q

[R2]interface GigabitEthernet 0/0/0

[R2-GigabitEthernet0/0/0]vrrp vrid 45 track bfd-session session-name 1 reduced 60 //检测到BFD失效时,降低接口VRRP优先级

5.测试

#当前VRRP状态

[R2]display vrrp

GigabitEthernet0/0/0 | Virtual Router 45

State : Master //主用模式

Virtual IP : 192.168.45.1

Master IP : 192.168.45.2

PriorityRun : 150 //当前运行优先级150

PriorityConfig : 150

MasterPriority : 150

Preempt : YES Delay Time : 0 s

TimerRun : 1 s

TimerConfig : 1 s

Auth type : NONE

Virtual MAC : 0000-5e00-012d

Check TTL : YES

Config type : normal-vrrp

Backup-forward : disabled

Track BFD : 1 Priority reduced : 60 //BFD失效时降低优先级

BFD-session state : UP

Create time : 2024-12-26 00:26:22

Last change time : 2024-12-26 00:26:25

#模拟BFD失效

[R4]ping -c 100 10.0.1.1

[R1]interface GigabitEthernet 0/0/1

[R1-GigabitEthernet0/0/1]shutdown

#在R4上查看ping的结果

ping -c 100 10.0.1.1

PING 10.0.1.1: 56 data bytes, press CTRL_C to break

Reply from 10.0.1.1: bytes=56 Sequence=1 ttl=254 time=3 ms

Reply from 10.0.1.1: bytes=56 Sequence=2 ttl=254 time=4 ms

Reply from 10.0.1.1: bytes=56 Sequence=3 ttl=254 time=4 ms

Reply from 10.0.1.1: bytes=56 Sequence=6 ttl=254 time=3 ms

Reply from 10.0.1.1: bytes=56 Sequence=37 ttl=254 time=6 ms

Request time out

Request time out

Reply from 10.0.1.1: bytes=56 Sequence=40 ttl=254 time=4 ms

Reply from 10.0.1.1: bytes=56 Sequence=41 ttl=254 time=2 ms

Reply from 10.0.1.1: bytes=56 Sequence=42 ttl=254 time=3 ms

display vrrp

GigabitEthernet0/0/0 | Virtual Router 45

State : Backup

Virtual IP : 192.168.45.1

Master IP : 192.168.45.3

PriorityRun : 90

PriorityConfig : 150

MasterPriority : 100

Preempt : YES Delay Time : 0 s

TimerRun : 1 s

TimerConfig : 1 s

Auth type : NONE

Virtual MAC : 0000-5e00-012d

Check TTL : YES

Config type : normal-vrrp

Backup-forward : disabled

Track BFD : 1 Priority reduced : 60

BFD-session state : DOWN

Create time : 2024-12-26 00:26:22

Last change time : 2024-12-26 01:24:37