Re: BFD and Juniper SRX inter-op issue
SrcAddr (5) len 8: 10.10.255.1 Jun 9 15:56:14HoldTime (14) len 8: 10 sec 0 nsec Jun 9 15:56:14NoAbsorb (15) len 1: True Jun 9 15:56:14NoRefresh (16) len 1: True Jun 9 15:56:14ForceRefresh (17) len 1: False Jun 9 15:56:14DoNotAge (18) len 1: True Jun 9 15:56:14Distribute (27) len 1: True Jun 9 15:56:14LooseAuth (122) len 1: (hex) 00 Jun 9 15:56:14Discriminator (63) len 4: 0x1e Jun 9 15:56:14DestAddr (8) len 8: 10.10.255.0 Jun 9 15:56:14RtblIdx (24) len 4: 10 Jun 9 15:56:14MinRecvTTL (68) len 1: 255 Jun 9 15:56:14RecvOnMhopPort (101) len 1: 0 Jun 9 15:56:14Unknown (153) len 1: (hex) 00 Jun 9 15:56:14Unknown (154) len 4: (hex) 00 00 00 00 Jun 9 15:56:14Unknown (165) len 4: (hex) 00 00 00 03 Jun 9 15:56:14Unknown (211) len 1: (hex) 04 Jun 9 15:56:14Unknown (167) len 1: (hex) 01 Jun 9 15:56:14 (bfdd_build_packet:2261) : Session 10.10.255.1 (IFL 568): cur tx ivl 100 WBR, Alexander Shevchenko On Wed, Sep 1, 2021 at 5:03 PM Justin Cattle wrote: > Hi, > > > Unfortunately not. I hope we will raise a bug with Juniper, but it could > take a while to get any resolution. > > It would also be interesting to know if there is something more Bird > could/should be doing in this case - I hope for some developer feedback on > the issue :) > > > Cheers, > Just > > > On Mon, 23 Aug 2021 at 12:21, Oliver wrote: > >> Hi Just, >> >> do you made any progress on this? We have the same problem with Deutsche >> Telekom as Upstream provider. They also have Juniper Router. >> >> Best regards, >> >> Oliver >> >> On Tue, 10 Aug 2021, Justin Cattle wrote: >> >> > Forgot to mention, in the bird logs I see lofs of message such as this: >> > >> > bfd1: Bad packet from 1.1.11.2 - unknown session id (0123456789) >> > >> > >> > Cheers, >> > Just >> > >> > >> > On Tue, 10 Aug 2021 at 13:20, Justin Cattle wrote: >> > >> > > Hi, >> > > >> > > >> > > I have encountered what seems to be a bug of sorts in the Juniper >> > > implementation of BFD in at least their SRX340. >> > > >> > > We have no issues with the QFX series, where BFD seems to work as >> expected >> > > with bird. >> > > >> > > I'm wondering if there is anything we can do to handle this issue on >> the >> > > bird side, or if anyone has any insight that may shed some light on >> the >> > > behaviour we are seeing. >> > > >> > > Here is the issue summary: >> > > >> > >- BFD timers are set quite conservatively >> > > - interval 4000 ms >> > > - multiplier 6 >> > > >> > > >> > >- A BFD session between a bird endpoint and a juniper endpoint is >> up >> > >and running at the start - all fine >> > >- If the you stop bird on the server, after the Detection time [ >> > >currently 24 secs ], the BFD messages from the Juniper show status >> as Down >> > >with the Diagnostic message Control Detection Time Expired. You >> can then >> > >start bird on the server again, and the two sides will agree >> session info >> > >and BFD status goes Up. - This is expected. >> > >- However, if you stop bird, but start it again before the >> Detection >> > >time [ currently 24 secs ], like for a service restart, the BFD >> messages >> > >from the Juniper never show as Down, and the two sides never agree >> on a BFD >> > >session and BFD remains Down on the server but Up on the Juniper. >> - Should >> > >a new session be established at this point ? >> > >- Once the Juniper gets stuck in the BFD status Up state, then you >> can >> > >stop the bird for a long time [ over an hour at least ] , and the >> Juniper >> > >never seems to notice [ the BFD packets still show state Up ]. - >> This seems >> > >to be a bug n the juniper end - why should it never go Down in >> this state ? >> > >- If the BFD session info is reset on the Juniper side, then the >> two >> > >sides will agree session info and BFD status goes Up. >> > > >> > > >> > > Does anyone have any thoughts ? >> > > >> > > Is there a packet bird can send, gratuitous or not, that can make the >> > > juniper end realise it MUST reinitialize ? >> > &
Re: BFD and Juniper SRX inter-op issue
Hi, Unfortunately not. I hope we will raise a bug with Juniper, but it could take a while to get any resolution. It would also be interesting to know if there is something more Bird could/should be doing in this case - I hope for some developer feedback on the issue :) Cheers, Just On Mon, 23 Aug 2021 at 12:21, Oliver wrote: > Hi Just, > > do you made any progress on this? We have the same problem with Deutsche > Telekom as Upstream provider. They also have Juniper Router. > > Best regards, > > Oliver > > On Tue, 10 Aug 2021, Justin Cattle wrote: > > > Forgot to mention, in the bird logs I see lofs of message such as this: > > > > bfd1: Bad packet from 1.1.11.2 - unknown session id (0123456789) > > > > > > Cheers, > > Just > > > > > > On Tue, 10 Aug 2021 at 13:20, Justin Cattle wrote: > > > > > Hi, > > > > > > > > > I have encountered what seems to be a bug of sorts in the Juniper > > > implementation of BFD in at least their SRX340. > > > > > > We have no issues with the QFX series, where BFD seems to work as > expected > > > with bird. > > > > > > I'm wondering if there is anything we can do to handle this issue on > the > > > bird side, or if anyone has any insight that may shed some light on the > > > behaviour we are seeing. > > > > > > Here is the issue summary: > > > > > >- BFD timers are set quite conservatively > > > - interval 4000 ms > > > - multiplier 6 > > > > > > > > >- A BFD session between a bird endpoint and a juniper endpoint is up > > >and running at the start - all fine > > >- If the you stop bird on the server, after the Detection time [ > > >currently 24 secs ], the BFD messages from the Juniper show status > as Down > > >with the Diagnostic message Control Detection Time Expired. You > can then > > >start bird on the server again, and the two sides will agree > session info > > >and BFD status goes Up. - This is expected. > > >- However, if you stop bird, but start it again before the Detection > > >time [ currently 24 secs ], like for a service restart, the BFD > messages > > >from the Juniper never show as Down, and the two sides never agree > on a BFD > > >session and BFD remains Down on the server but Up on the Juniper. - > Should > > >a new session be established at this point ? > > >- Once the Juniper gets stuck in the BFD status Up state, then you > can > > >stop the bird for a long time [ over an hour at least ] , and the > Juniper > > >never seems to notice [ the BFD packets still show state Up ]. - > This seems > > >to be a bug n the juniper end - why should it never go Down in this > state ? > > >- If the BFD session info is reset on the Juniper side, then the two > > >sides will agree session info and BFD status goes Up. > > > > > > > > > Does anyone have any thoughts ? > > > > > > Is there a packet bird can send, gratuitous or not, that can make the > > > juniper end realise it MUST reinitialize ? > > > Any config that can be tweaked to help ? > > > > > > > > > Cheers, > > > Just > > > > > > > -- > > > > > > Notice: > > This email is confidential and may contain copyright material of > > members of the Ocado Group. Opinions and views expressed in this message > > may not necessarily reflect the opinions and views of the members of the > > Ocado Group. > > > > If you are not the intended recipient, please notify us > > immediately and delete all copies of this message. Please note that it > is > > your responsibility to scan this message for viruses. > > > > References to the > > "Ocado Group" are to Ocado Group plc (registered in England and Wales > with > > number 7098618) and its subsidiary undertakings (as that expression is > > defined in the Companies Act 2006) from time to time. The registered > office > > of Ocado Group plc is Buildings One & Two, Trident Place, Mosquito Way, > > Hatfield, Hertfordshire, AL10 9UL. > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen > phone: 0551-37-0, mailto:kont...@sernet.de > Gesch.F.: Dr. Johannes Loxen und Reinhild Jung > AG Göttingen: HR-B 2816 - http://www.sernet.de > Datenschutz: https://www.sernet.de/datenschutz > -- Notice: This email is confidential and may contain copyright material of members of the Ocado Group. Opinions and views expressed in this message may not necessarily reflect the opinions and views of the members of the Ocado Group. If you are not the intended recipient, please notify us immediately and delete all copies of this message. Please note that it is your responsibility to scan this message for viruses. References to the "Ocado Group" are to Ocado Group plc (registered in England and Wales with number 7098618) and its subsidiary undertakings (as that expression is defined in the Companies Act 2006) from time to time. The registered office of Ocado Group plc is Buildings One & Two, Trident Place, Mosquito Way, Hatfield, Hertfordshire, AL10 9UL.
Re: BFD and Juniper SRX inter-op issue
Hi Just, do you made any progress on this? We have the same problem with Deutsche Telekom as Upstream provider. They also have Juniper Router. Best regards, Oliver On Tue, 10 Aug 2021, Justin Cattle wrote: > Forgot to mention, in the bird logs I see lofs of message such as this: > > bfd1: Bad packet from 1.1.11.2 - unknown session id (0123456789) > > > Cheers, > Just > > > On Tue, 10 Aug 2021 at 13:20, Justin Cattle wrote: > > > Hi, > > > > > > I have encountered what seems to be a bug of sorts in the Juniper > > implementation of BFD in at least their SRX340. > > > > We have no issues with the QFX series, where BFD seems to work as expected > > with bird. > > > > I'm wondering if there is anything we can do to handle this issue on the > > bird side, or if anyone has any insight that may shed some light on the > > behaviour we are seeing. > > > > Here is the issue summary: > > > >- BFD timers are set quite conservatively > > - interval 4000 ms > > - multiplier 6 > > > > > >- A BFD session between a bird endpoint and a juniper endpoint is up > >and running at the start - all fine > >- If the you stop bird on the server, after the Detection time [ > >currently 24 secs ], the BFD messages from the Juniper show status as > > Down > >with the Diagnostic message Control Detection Time Expired. You can then > >start bird on the server again, and the two sides will agree session info > >and BFD status goes Up. - This is expected. > >- However, if you stop bird, but start it again before the Detection > >time [ currently 24 secs ], like for a service restart, the BFD messages > >from the Juniper never show as Down, and the two sides never agree on a > > BFD > >session and BFD remains Down on the server but Up on the Juniper. - > > Should > >a new session be established at this point ? > >- Once the Juniper gets stuck in the BFD status Up state, then you can > >stop the bird for a long time [ over an hour at least ] , and the Juniper > >never seems to notice [ the BFD packets still show state Up ]. - This > > seems > >to be a bug n the juniper end - why should it never go Down in this > > state ? > >- If the BFD session info is reset on the Juniper side, then the two > >sides will agree session info and BFD status goes Up. > > > > > > Does anyone have any thoughts ? > > > > Is there a packet bird can send, gratuitous or not, that can make the > > juniper end realise it MUST reinitialize ? > > Any config that can be tweaked to help ? > > > > > > Cheers, > > Just > > > > -- > > > Notice: > This email is confidential and may contain copyright material of > members of the Ocado Group. Opinions and views expressed in this message > may not necessarily reflect the opinions and views of the members of the > Ocado Group. > > If you are not the intended recipient, please notify us > immediately and delete all copies of this message. Please note that it is > your responsibility to scan this message for viruses. > > References to the > "Ocado Group" are to Ocado Group plc (registered in England and Wales with > number 7098618) and its subsidiary undertakings (as that expression is > defined in the Companies Act 2006) from time to time. The registered office > of Ocado Group plc is Buildings One & Two, Trident Place, Mosquito Way, > Hatfield, Hertfordshire, AL10 9UL. -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: 0551-37-0, mailto:kont...@sernet.de Gesch.F.: Dr. Johannes Loxen und Reinhild Jung AG Göttingen: HR-B 2816 - http://www.sernet.de Datenschutz: https://www.sernet.de/datenschutz
Re: BFD and Juniper SRX inter-op issue
Forgot to mention, in the bird logs I see lofs of message such as this: bfd1: Bad packet from 1.1.11.2 - unknown session id (0123456789) Cheers, Just On Tue, 10 Aug 2021 at 13:20, Justin Cattle wrote: > Hi, > > > I have encountered what seems to be a bug of sorts in the Juniper > implementation of BFD in at least their SRX340. > > We have no issues with the QFX series, where BFD seems to work as expected > with bird. > > I'm wondering if there is anything we can do to handle this issue on the > bird side, or if anyone has any insight that may shed some light on the > behaviour we are seeing. > > Here is the issue summary: > >- BFD timers are set quite conservatively > - interval 4000 ms > - multiplier 6 > > >- A BFD session between a bird endpoint and a juniper endpoint is up >and running at the start - all fine >- If the you stop bird on the server, after the Detection time [ >currently 24 secs ], the BFD messages from the Juniper show status as Down >with the Diagnostic message Control Detection Time Expired. You can then >start bird on the server again, and the two sides will agree session info >and BFD status goes Up. - This is expected. >- However, if you stop bird, but start it again before the Detection >time [ currently 24 secs ], like for a service restart, the BFD messages >from the Juniper never show as Down, and the two sides never agree on a BFD >session and BFD remains Down on the server but Up on the Juniper. - Should >a new session be established at this point ? >- Once the Juniper gets stuck in the BFD status Up state, then you can >stop the bird for a long time [ over an hour at least ] , and the Juniper >never seems to notice [ the BFD packets still show state Up ]. - This seems >to be a bug n the juniper end - why should it never go Down in this state ? >- If the BFD session info is reset on the Juniper side, then the two >sides will agree session info and BFD status goes Up. > > > Does anyone have any thoughts ? > > Is there a packet bird can send, gratuitous or not, that can make the > juniper end realise it MUST reinitialize ? > Any config that can be tweaked to help ? > > > Cheers, > Just > -- Notice: This email is confidential and may contain copyright material of members of the Ocado Group. Opinions and views expressed in this message may not necessarily reflect the opinions and views of the members of the Ocado Group. If you are not the intended recipient, please notify us immediately and delete all copies of this message. Please note that it is your responsibility to scan this message for viruses. References to the "Ocado Group" are to Ocado Group plc (registered in England and Wales with number 7098618) and its subsidiary undertakings (as that expression is defined in the Companies Act 2006) from time to time. The registered office of Ocado Group plc is Buildings One & Two, Trident Place, Mosquito Way, Hatfield, Hertfordshire, AL10 9UL.
BFD and Juniper SRX inter-op issue
Hi, I have encountered what seems to be a bug of sorts in the Juniper implementation of BFD in at least their SRX340. We have no issues with the QFX series, where BFD seems to work as expected with bird. I'm wondering if there is anything we can do to handle this issue on the bird side, or if anyone has any insight that may shed some light on the behaviour we are seeing. Here is the issue summary: - BFD timers are set quite conservatively - interval 4000 ms - multiplier 6 - A BFD session between a bird endpoint and a juniper endpoint is up and running at the start - all fine - If the you stop bird on the server, after the Detection time [ currently 24 secs ], the BFD messages from the Juniper show status as Down with the Diagnostic message Control Detection Time Expired. You can then start bird on the server again, and the two sides will agree session info and BFD status goes Up. - This is expected. - However, if you stop bird, but start it again before the Detection time [ currently 24 secs ], like for a service restart, the BFD messages from the Juniper never show as Down, and the two sides never agree on a BFD session and BFD remains Down on the server but Up on the Juniper. - Should a new session be established at this point ? - Once the Juniper gets stuck in the BFD status Up state, then you can stop the bird for a long time [ over an hour at least ] , and the Juniper never seems to notice [ the BFD packets still show state Up ]. - This seems to be a bug n the juniper end - why should it never go Down in this state ? - If the BFD session info is reset on the Juniper side, then the two sides will agree session info and BFD status goes Up. Does anyone have any thoughts ? Is there a packet bird can send, gratuitous or not, that can make the juniper end realise it MUST reinitialize ? Any config that can be tweaked to help ? Cheers, Just -- Notice: This email is confidential and may contain copyright material of members of the Ocado Group. Opinions and views expressed in this message may not necessarily reflect the opinions and views of the members of the Ocado Group. If you are not the intended recipient, please notify us immediately and delete all copies of this message. Please note that it is your responsibility to scan this message for viruses. References to the "Ocado Group" are to Ocado Group plc (registered in England and Wales with number 7098618) and its subsidiary undertakings (as that expression is defined in the Companies Act 2006) from time to time. The registered office of Ocado Group plc is Buildings One & Two, Trident Place, Mosquito Way, Hatfield, Hertfordshire, AL10 9UL.
Re: BFD and Juniper?
) len 72: (hex) 42 46 44 20 70 72 6f 67 72 61 6d 6d 65 64 20 70 65 72 69 Aug 15 22:40:42 PPM Trace: BFD programmed periodic xmit to 169.254.255.1 (IFL 65546), interval 1 0 Aug 15 22:40:42 Received Downstream TraceMsg (24) len 85: Aug 15 22:40:42IfIndex (3) len 4: 0 Aug 15 22:40:42Protocol (1) len 1: BFD Aug 15 22:40:42Data (9) len 60: (hex) 42 46 44 20 6e 65 69 67 68 62 6f 72 20 31 36 39 2e 32 35 Aug 15 22:40:42 PPM Trace: BFD neighbor 169.254.255.1 (IFL 65546): bfd_ppm_discr 2057 Aug 15 22:40:42 Received Downstream TraceMsg (24) len 73: Aug 15 22:40:42IfIndex (3) len 4: 0 Aug 15 22:40:42Protocol (1) len 1: BFD Aug 15 22:40:42Data (9) len 48: (hex) 42 46 44 20 6e 65 69 67 68 62 6f 72 20 31 36 39 2e 32 35 Aug 15 22:40:42 PPM Trace: BFD neighbor 169.254.255.1 (IFL 65546) set, 0 0 Aug 15 22:40:42 Received Downstream TraceMsg (24) len 97: Aug 15 22:40:42IfIndex (3) len 4: 0 Aug 15 22:40:42Protocol (1) len 1: BFD Aug 15 22:40:42Data (9) len 72: (hex) 42 46 44 20 70 72 6f 67 72 61 6d 6d 65 64 20 70 65 72 69 Aug 15 22:40:42 PPM Trace: BFD programmed periodic xmit to 169.254.255.1 (IFL 65546), interval 1 0 Aug 15 22:40:42 Received Downstream TraceMsg (24) len 85: Aug 15 22:40:42IfIndex (3) len 4: 0 Aug 15 22:40:42Protocol (1) len 1: BFD Aug 15 22:40:42Data (9) len 60: (hex) 42 46 44 20 6e 65 69 67 68 62 6f 72 20 31 36 39 2e 32 35 Aug 15 22:40:42 PPM Trace: BFD neighbor 169.254.255.1 (IFL 65546): bfd_ppm_discr 2057 Aug 15 22:40:42 Received Downstream TraceMsg (24) len 73: Aug 15 22:40:42IfIndex (3) len 4: 0 Aug 15 22:40:42Protocol (1) len 1: BFD Aug 15 22:40:42Data (9) len 48: (hex) 42 46 44 20 6e 65 69 67 68 62 6f 72 20 31 36 39 2e 32 35 Aug 15 22:40:42 PPM Trace: BFD neighbor 169.254.255.1 (IFL 65546) set, 0 0 Aug 15 22:40:57 Sent Upstream Keepalive (0) len 20: Aug 15 22:40:57Holdtime (11) len 8: 120 sec 0 nsec Aug 15 22:41:00 Received Upstream Keepalive (0) len 20: Aug 15 22:41:00Holdtime (11) len 8: 120 sec 0 nsec Aug 15 22:41:01 Sent Upstream Keepalive (0) len 20: Aug 15 22:41:01Holdtime (11) len 8: 120 sec 0 nsec From: bird-users-boun...@network.cz [mailto:bird-users-boun...@network.cz] On Behalf Of Leighton, Russell Sent: Sunday, August 16, 2015 8:36 AM To: dnikol...@mega-net.ru Cc: bird-users@network.cz Subject: RE: BFD and Juniper? Thx, replies below. I sent another email with Juniper traces and Wireshark screenshots but it is big and waiting on moderator approval. It is interesting that the MX thinks Bird is in AdminDown but bird thinks it is in Init MX “show bfd sessions extensive”: Address State Interface Time Interval Multiplier 169.254.255.1Down xe-2/0/0.2 0.000 1.0005 Client BGP, TX interval 0.100, RX interval 0.010 Local diagnostic None, remote diagnostic None Remote state AdminDown, version 1 Replicated Min async interval 0.100, min slow interval 1.000 Adaptive async TX interval 0.100, RX interval 0.010 Local min TX interval 1.000, minimum RX interval 0.010, multiplier 5 Remote min TX interval 0.000, min RX interval 0.000, multiplier 0 Local discriminator 2058, remote discriminator 0 Echo mode disabled/inactive, no-absorb, no-refresh Session ID: 0x87f 1 sessions, 1 clients Cumulative transmit rate 1.0 pps, cumulative receive rate 0.0 pps Bird “show bfd sessions”: bird show bfd sessions bfd1: IP addressInterface State Since Interval Timeout 169.254.255.3 ---Init 18:47:50 1.0005.000 169.254.255.2 ---Init 18:47:49 1.0003.000 169.254.255.4 ---Init 18:47:46 1.0003.000 The bird debug logs were not informative. I will check the firewall … good point. The MX is getting some bfd based on the traces but maybe the firewall is disrupting things. From: Dmitry S. Nikolaev [mailto:dnikol...@mega-net.ru mailto:dnikol...@mega-net.ru] Sent: Sunday, August 16, 2015 1:25 AM To: Leighton, Russell Cc: bird-users@network.cz mailto:bird-users@network.cz Subject: Re: BFD and Juniper? Hi. 1. What output on MX for: # show bfd session extensive 2. What output on BIRD for: show bfd sessions 3. Try to enable debug for BFD on bird and see what happens in log file. 4. Use tcpdump on BIRD side to see all BFD packets are send or recieved. 5. Do you have firewall on MX ? Check firewall, it must not block ports: UDP 3784, 4784 for your neighbor`s IP. --- With best regards, Dmitry S. Nikolaev Moscow, Russia phone: +7 (499) 678 8007 [ext. 6003] fax: +7 (499) 678 8007 [ext. ] www: http://www.mega-net.ru http://www.mega-net.ru/ mail: dnikol...@mega-net.ru mailto:dnikol...@mega-net.ru On 15.08.2015 22:57, Leighton, Russell wrote: 12.3 I’ll try Job Snijders
Re: BFD and Juniper?
Hi. What Junos version on you router ? There is a bug in Junos 10.4 (and maybe early versions) with SRC address for BFD session if router have several IP`s on one iface. --- With best regards, Dmitry S. Nikolaev Moscow, Russia phone: +7 (499) 678 8007 [ext. 6003] fax: +7 (499) 678 8007 [ext. ] www: http://www.mega-net.ru mail: dnikol...@mega-net.ru On 15.08.2015 17:42, Leighton, Russell wrote: I’m trying to get bird 1.5.0 to have BFD work with Juniper MX Routers. Sessions get stuck in Init state with the Juniper side in Down state. Any suggestions? I’m happy to share Juniper traces if that would lend some insight. Thx in advance. -Russ Russell Leighton Senior Software Development Engineer Amazon Web Services / EC2 Networking leig...@amazon.com Mobile: 301.828.8458
Re: BFD and Juniper?
On Sat, Aug 15, 2015 at 02:42:11PM +, Leighton, Russell wrote: I'm trying to get bird 1.5.0 to have BFD work with Juniper MX Routers. Sessions get stuck in Init state with the Juniper side in Down state. Any suggestions? On the BIRD box, set this in sysctl.conf: net.ipv4.ip_local_port_range=49152 65535 BIRD config: protocol bfd bfd1 { interface ; } protocol bgp neighbor1 { [ ... ] bfd on; } On the Juniper side something like this: j...@eunetworks-1.router.nl.coloclue.net show configuration protocols bgp group internal-ipv4 neighbor 94.142.247.237 bfd-liveness-detection minimum-interval 10; multiplier 5; transmit-interval { minimum-interval 100; } Kind regards, Job
BFD to Juniper SRX
Hello, I am running BIRD 1.4.0 on an Ubuntu linux machine which peers BGP successfully with a Juniper SRX firewall. I am having difficulties getting BFD past the Init state. See below for both BIRD and SRX config and logs. It appears as though the firewall is not receiving the BFD messages. I have confirmed that there are no access control restrictions for BFD hitting the SRX (host-inbound-traffic as well as loopback filter). I have already adjusted the Linux source port selection with: sysctl -w net.ipv4.ip_local_port_range=49152 65535 I am sure its something basic, troubleshooting suggestions appreciated. Thanks, Tom. // bird.conf protocol bfd { interface 172.30.6.8/32 { interval 1000 ms; multiplier 3; }; } protocol bgp iBGP_1 { neighbor 172.30.6.1 as z; source address 172.30.6.8; bfd; } // bird host $ sudo ip addr show eth0 | grep inet inet 172.30.6.8/24 brd 172.30.6.255 scope global eth0 $ sudo birdc show bfd session BIRD 1.4.0 ready. bfd1: IP addressInterface State Since Interval Timeout 172.30.6.1 ---Init 05:27:46 1.000 3.000 $ sudo tcpdump -i eth0 udp port 3784 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 05:47:35.873663 IP srx-host.49152 bird-host.3784: BFDv1, Control, State Down, Flags: [none], length: 24 05:47:36.642025 IP srx-host.49152 bird-host.3784: BFDv1, Control, State Down, Flags: [none], length: 24 05:47:37.521546 IP srx-host.49152 bird-host.3784: BFDv1, Control, State Down, Flags: [none], length: 24 05:47:38.349886 IP srx-host.49152 bird-host.3784: BFDv1, Control, State Down, Flags: [none], length: 24 05:53:19.824960 IP (tos 0xc0, ttl 255, id 16504, offset 0, flags [none], proto UDP (17), length 52) srx-host.49152 bird-host.3784: BFDv1, length: 24 Control, State Down, Flags: [none], Diagnostic: No Diagnostic (0x00) Detection Timer Multiplier: 3 (3000 ms Detection time), BFD Length: 24 My Discriminator: 0x000f, Your Discriminator: 0x Desired min Tx Interval:1000 ms Required min Rx Interval: 1000 ms Required min Echo Interval:0 ms $ sudo tail -f /var/log/bird.log | grep bfd 2014-11-27 05:27:42 TRACE bfd1: Sending CTL to 172.30.6.1 [Down] 2014-11-27 05:27:43 TRACE bfd1: Sending CTL to 172.30.6.1 [Down] 2014-11-27 05:27:43 TRACE bfd1: CTL received from 172.30.6.1 [AdminDown] 2014-11-27 05:27:43 TRACE bfd1: Sending CTL to 172.30.6.1 [Down] 2014-11-27 05:27:43 TRACE bfd1: CTL received from 172.30.6.1 [AdminDown] 2014-11-27 05:27:43 TRACE bfd1: Sending CTL to 172.30.6.1 [Down] 2014-11-27 05:27:43 TRACE bfd1: CTL received from 172.30.6.1 [AdminDown] 2014-11-27 05:27:43 TRACE bfd1: Sending CTL to 172.30.6.1 [Down] 2014-11-27 05:27:43 TRACE bfd1: CTL received from 172.30.6.1 [AdminDown] 2014-11-27 05:27:46 TRACE bfd1: CTL received from 172.30.6.1 [Down] 2014-11-27 05:27:46 TRACE bfd1: Session to 172.30.6.1 changed state from Down to Init 2014-11-27 05:27:46 TRACE bfd1: Sending CTL to 172.30.6.1 [Init] 2014-11-27 05:27:46 TRACE bfd1: CTL received from 172.30.6.1 [Down] 2014-11-27 05:27:46 TRACE bfd1: Sending CTL to 172.30.6.1 [Init] 2014-11-27 05:27:46 TRACE bfd1: Sending CTL to 172.30.6.1 [Init] 2014-11-27 05:27:46 TRACE bfd1: CTL received from 172.30.6.1 [Down] // juniper firewall set protocols bgp group X bfd-liveness-detection minimum-interval 1000 set security zones security-zone X interfaces reth2.106 host-inbound-traffic protocols bfd show bfd session Detect Transmit Address State Interface Time Interval Multiplier 172.30.6.8 Down reth2.106 0.000 1.0003 172.30.6.9 Down reth2.106 0.000 1.0003 2 sessions, 2 clients Cumulative transmit rate 2.0 pps, cumulative receive rate 0.0 pps // traceoptions Nov 27 16:25:23.540758 Initiated BFD session to peer 172.30.6.8 (Internal AS 65000): address=172.30.6.8 ifindex=151 ifname=reth2.106 txivl=1000 rxivl=1000 mult=3 ver=255 Nov 27 16:25:27.562265 Initiated BFD session to peer 172.30.6.9 (Internal AS 65000): address=172.30.6.9 ifindex=151 ifname=reth2.106 txivl=1000 rxivl=1000 mult=3 ver=255 Nov 27 16:26:59.795599 Terminated BFD session to peer 172.30.6.8 (Internal AS 65000) (Closing) Nov 27 16:26:59.798422 Terminated BFD session to peer 172.30.6.9 (Internal AS 65000) (Closing) Nov 27 16:27:31.810248 Initiated BFD session to peer 172.30.6.8 (Internal AS 65000): address=172.30.6.8 ifindex=151 ifname=reth2.106 txivl=1000 rxivl=1000 mult=3 ver=255 Nov 27 16:27:35.811656 Initiated BFD session to peer 172.30.6.9 (Internal AS 65000): address=172.30.6.9 ifindex=151 ifname=reth2.106 txivl=1000 rxivl=1000 mult=3 ver=255