Hi, Could it be issue with a source port? It is described in the documentation, btw:
https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3 On Sat, Jun 8, 2024, 03:51 Maria Matejka via Bird-users < [email protected]> wrote: > Hello! > > On first sight this looks like Fortinet ignoring the packets. Maybe (wild > guess) you have a firewall rule in place dropping them in the Fortinet? > > Maria > > > On 7 June 2024 21:51:28 CEST, LIU Chris via Bird-users < > [email protected]> wrote: > >> Classified as: {Hitachi Rail – Public} >> >> My setup : >> >> Linux running bird, Peer: Fortinet Firewall >> >> >> >> In bird, configure bfd as below: >> >> >> >> protocol bfd BFD_SD_01 { >> >> interface "*" { >> >> min rx interval 1000000 us; >> >> min tx interval 1000000 us; >> >> idle tx interval 1000000 ums; >> >> multiplier 3; >> >> }; >> >> neighbor 192.168.0.1 local 192.168.0.2; >> >> } >> >> >> Fortinet side, biasally same, also set rx intrva: 1000 ms, tx interval: >> 1000ms, multiplier: 3 >> >> However, both side show bfd DOWN。 >> >> Catpure tcpdump in Fortinet side, Fortinet IP: 192.168.0.1 >> >> Time source destination protocol info >> >> 1 0.000000 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic, >> State: Down, Flags: 0x00 >> >> 6 0.756375 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic, >> State: Down, Flags: 0x00 >> >> 11 1.519796 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic, >> State: Down, Flags: 0x00 >> >> 14 2.351177 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic, >> State: Down, Flags: 0x00 >> >> 19 3.225686 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic, >> State: Down, Flags: 0x00 >> >> 24 3.852938 192.168.0.1 192.168.0.2 BFD Control Diag: Control Detection >> Time Expired, State: Down, Flags: 0x00 >> >> 25 3.981126 192.168.0.2 192.168.0.1 BFD Control Diag: No Diagnostic, >> State: Down, Flags: 0x00 >> >> >> >> from Fortinet neighbour information, it seems cannot receive control >> message from Peer, why? I don't have any block port. Why get detection >> time: 1500ms after neighboation >> >> Below is fortinet bfd neighbor information >> >> OurAddress NeighAddress State Interface LDesc/RDesc >> >> 192.168.0.1 192.168.0.2 DOWN STN2-SD-A 1/0/M >> >> Local Diag: 1, Demand mode: no, Poll bit: unset >> >> MinTxInt: 1000, MinRxInt: 1000, Multiplier: 3 >> >> Received: MinRxInt: 0 (ms), MinTxInt: 0 (ms), Multiplier: 3 >> >> Transmit Interval: 6500 (ms), Detection Time: 1500 (ms) >> >> Rx Count: 0, Rx Interval; (ms) min/max/avg 0/0/0 >> >> Tx Count: 10287, Tx Interval (ms) min/max/avg 5000/5030/5000, last: 2350 >> (ms) ago >> >> Registered protocols: Static BGP >> >> >> >> Is this bird issue or fortinet? I suspect 80% caused by Fortiet, but I >> just want to get some suggestion/proposal from bird expert. >> >> >> >> With Best Regards, >> >> Chris LIU >> >> Hitachi Rail – Public >> >> {Hitachi Rail – Public} >> > -- > Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o. >
