![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2023\/07\/image-6.png\")
<\/figure>\n\n\n\nWhen the FG1 Fortigate was shutdown it took BGP between two and three minutes to re-route traffic through FG2. Popular wisdom suggests the answer to our dilemma is BFD (bidrectional forward detection). This is a separate protocol altogether, not just a BGP option, and it can be used with OSPF or static routes:<\/p>\n\n\n\n
https:\/\/docs.fortinet.com\/document\/fortigate\/7.4.0\/administration-guide\/771813\/bfd<\/a><\/p>\n\n\n\n On the Fortigate, it can be enabled in system settings, per VDOM, on the interface and on the BGP neighbor. I found it necessary to enable it on the interfaces and on the BGP neighbor config (on all firewalls), examples of which are shown below:<\/p>\n\n\n\n (There are many settings that can be chosen in conjunction with BFD and that will probably need to be aligned if setting up with different vendors. This is beyond the scope of this post)<\/p>\n\n\n\n The improvement was quite startling. When I shutdown the FG1 firewall (the red link lights indicate FG1 is down):<\/p>\n\n\n\n …the convergence instead of taking minutes was short enough that only ping response was missed.<\/p>\n\n\n\n When I turned FG1 back on the transition back wasn’t quite so smooth – probably 30 seconds (I was timing but got distracted !!)<\/p>\n\n\n\n Presumably, the interface\/ BGP relationship between FG1 and FG3 recovers before the BGP relationship between R1 and FG1 has been re-established (there was no BFD defined between them ). <\/p>\n\n\n\n I simulated a slightly less catastrophic failure by shutting down the port1 interface on FG1 that faced FG3 , waiting ten seconds and then re-enabling it. In this instance, I saw the missed ping initially but no subsequent dropped traffic and I confirmed the BGP path had re-established through FG1. <\/p>\n\n\n\n The configurations are identifical to the previous post save for the BFD settings as discussed above. No changes on R1: <\/p>\n\n\n\n If you were a Big Friendly Giant and wanted fast BGP convergence,you might well investigate BFD. (OK, now I have justified my alliteration we can move on) In the previous post, we had a resilient BGP topology which I will remind us of here: When the FG1 Fortigate was shutdown it took BGP between two […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,9],"tags":[],"class_list":["post-1444","post","type-post","status-publish","format-standard","hentry","category-firewalls","category-networking"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/posts\/1444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/labtinker.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1444"}],"version-history":[{"count":0,"href":"https:\/\/labtinker.net\/index.php?rest_route=\/wp\/v2\/posts\/1444\/revisions"}],"wp:attachment":[{"href":"https:\/\/labtinker.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/labtinker.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/labtinker.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2023\/07\/bfd-interface.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2023\/07\/bfd-bgp.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2023\/07\/image-1024x396.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2023\/07\/image-1.png\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/18.135.13.153\/wp-content\/uploads\/2023\/07\/image-2.png\")
<\/figure>\n\n\n\n