The SBC uses Bidirectional Forwarding Detection (BFD) in remote end points and routers to continuously monitor the link availability of the SBC. If the BFD session is down, the router declares the link as down and the upper layer application protocol performs the appropriate actions (such as, not sending control packets).

Note

The SBC supports this feature only on User Datagram Protocol (UDP) and IPv4.

This feature does not support any authentication mechanism.

The SBC supports the BFD asynchronous mode. In the asynchronous mode, the detection time decides the failure of the BFD session.

The detection time indicates the time interval when the SBC does not receive BFD packets, which means the BFD session fails. The receiving system calculates the detection time independently in each direction based on the negotiated transmit interval and the detection multiplier. Each direction may have different detection times.

The SBC applies rate limits on the BFD port to avoid Denial of Service (DoS) and Distributed DoS (DDoS) attacks. The Access Control List (ACL) limits the maximum rate to 10 packets per second. Since the SBC can have VLAN-based Logical Interfaces (LIFs), the BFD session maximum is 100. The maximum number of sessions for each LIF is 10. 

The active and standby SBCs run the BFD daemon, but only the active SBC responds to the BFD packets received on the packet ports and LIFs.

You can configure the BFD either through the EMA (refer to IP Interface Group - IP Interface - Bfd), or in the ipInterface through the CLI (refer to IP Interface Group - CLI).