Hi,

Could it be issue with a source port? It is described in the documentation, btw:

https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3

On Sat, Jun 8, 2024, 03:51 Maria Matejka via Bird-users <bird-users@network.cz> wrote:
Hello!

On first sight this looks like Fortinet ignoring the packets. Maybe (wild guess) you have a firewall rule in place dropping them in the Fortinet?

Maria


On 7 June 2024 21:51:28 CEST, LIU Chris via Bird-users <bird-users@network.cz> wrote:

Classified as: {Hitachi Rail – Public}


My setup :

Linux running bird Peer:  Fortinet Firewall

 

In bird, configure bfd as below:

 

protocol bfd BFD_SD_01 {

                interface "*" {

                               min rx interval 1000000 us;

                               min tx interval 1000000 us;

                              idle tx interval 1000000 ums;

                              multiplier 3;

                };

                neighbor 192.168.0.1 local 192.168.0.2;

}


Fortinet side, biasally same, also set rx intrva: 1000 ms, tx interval: 1000ms,  multiplier: 3

However, both side show bfd DOWN

Catpure tcpdump in Fortinet side,  Fortinet IP: 192.168.0.1

   Time     source      destination protocol    info

1  0.000000 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic, State: Down, Flags: 0x00

6  0.756375 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic, State: Down, Flags: 0x00

11 1.519796 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic, State: Down, Flags: 0x00

14 2.351177 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic, State: Down, Flags: 0x00

19 3.225686 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic, State: Down, Flags: 0x00

24 3.852938 192.168.0.1 192.168.0.2 BFD Control Diag: Control Detection Time Expired, State: Down, Flags: 0x00

25 3.981126 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic, State: Down, Flags: 0x00

 

from Fortinet neighbour information, it seems cannot receive control message from Peer, why? I don't have any block port. Why get detection time: 1500ms after neighboation

Below is fortinet bfd neighbor information

OurAddress NeighAddress State Interface LDesc/RDesc

192.168.0.1 192.168.0.2 DOWN STN2-SD-A 1/0/M

Local Diag: 1, Demand mode: no, Poll bit: unset

MinTxInt: 1000, MinRxInt: 1000, Multiplier: 3

Received: MinRxInt: 0 (ms), MinTxInt: 0 (ms), Multiplier: 3

Transmit Interval: 6500 (ms), Detection Time: 1500 (ms)

Rx Count: 0, Rx Interval; (ms) min/max/avg 0/0/0

Tx Count: 10287, Tx Interval (ms) min/max/avg 5000/5030/5000, last: 2350 (ms) ago

Registered protocols: Static BGP

 

Is this bird issue or fortinet?  I suspect 80% caused by Fortiet, but I just want to get some suggestion/proposal from bird expert.

 

With Best Regards,

Chris LIU

Hitachi Rail – Public


{Hitachi Rail – Public}

--
Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.