Configure BFD Health Check for BGPaaS Sessions
SUMMARY This topic describes how to configure Bidirectional Forwarding and Detection (BFD) health check for BGP as a Service (BGPaaS) sessions. Juniper Networks supports this feature using Contrail Networking Release 23.2 or later in a Kubernetes-orchestrated environment.
Bidirectional Forwarding and Detection (BFD) is a protocol-based health check. This topic describes how to configure BFD for BGPaaS sessions in CN2.
To configure BFD health check for BGPaaS, you must associate the health check service with a BGPaaS object. This association triggers the establishment of BFD sessions to all BGPaaS neighbors for that service. If the BFD session goes down, the resulting BGPaaS session terminates and the routes are withdrawn.
It is not necessary for a BFD session to be Up to establish a BGP neighbor.
Whenever BFD health check detects a BFD session as Up or Down, corresponding logs are
generated. Logging is enabled in the contrail-vrouter-agent.conf file
with the log level SYS_NOTICE. You can view the log file in the location
/var/log/contrail/contrail-vrouter-agent.log.
The following is a snippet of a sample log message for BFD session events:
2023-02-26 Tue 14:38:49:417.479 SYS_NOTICE BFD session Down interface: test-bfd-hc-vmi.st2 vrf: default-domain:admin:VN.hc.st2:VN.hc.st2 2023-02-26 Tue 14:38:49:479.733 PST SYS_NOTICE BFD session Up interface: test-bfd-hc-vmi.st2 vrf: default-domain:admin:VN.hc.st2:VN.hc.st2
Configure BFD Health Check
To configure BFD health check for BGPaaS, you must associate the health check service with a BGPaaS object.
We assume that you've already performed the preliminary steps required to establish a BGPaaS session without BFD (create the NAD (virtual network and subnet) and create the pod with appropriate references to the attached VN). For instructions, see Enable BGP as a Service.
To set up the BGPaaS session with BFD Service Health Check:
-
Create the
ServiceHealthCheckandBGPAsAServiceobjects, as shown in the following examples:Note:Under
ServiceHealthCheckProperties, you can specifydelay,delayUSecs, or both.Delayis calculated in seconds whereasdelayUsecsis calculated in microseconds.In the following example, packets are sent with a delay of 2 seconds and 200000 microseconds (2.2 seconds).
apiVersion: core.contrail.juniper.net/v4 kind: ServiceHealthCheck metadata: name: bfd-hc namespace: bfd-on-bgpaas spec: serviceHealthCheckProperties: delay: 2 delayUsecs: 200000 enabled: true healthCheckType: link-local maxRetries: 2 monitorType: BFD timeoutUsecs: 500000 --- apiVersion: core.contrail.juniper.net/v4 kind: BGPAsAService metadata: namespace: bfd-on-bgpaas name: bgpaas-test spec: shared: false autonomousSystem: 10 bgpAsAServiceSessionAttributes: loopCount: 2 routeOriginOverride: origin: EGP addressFamilies: family: - inet - inet6 serviceHealthCheckReference: apiVersion: core.contrail.juniper.net/v4 kind: ServiceHealthCheck namespace: bfd-on-bgpaas name: bfd-hc virtualMachineInterfacesSelector: - matchLabels: core.juniper.net/bgpaasVN: bgpaas-vn-1 - matchLabels: core.juniper.net/bgpaasVN: bgpaas-vn-2 -
Verify your configuration.
-
Enter the
kubectl get ServiceHealthCheck -n bfd-on-bgpaascommand to verify that the object was created. For example:kubectl get ServiceHealthCheck -n bfd-on-bgpaas NAME MONITORTYPE ENABLED HEALTHCHECKTYPE MAXRETRIES TIMEOUT bfd-hc BFD true link-local 2 0
-
Enter the
kubectl describe servicehealthcheck bfd-hc -bfd-on-bgpaascommand. The object is successfully created when theStatefield indicatesSuccess. For example:Spec: Fq Name: bfd-on-bgpaas bfd-hc Service Health Check Properties: Delay: 2 Delay Usecs: 200000 Enabled: true Health Check Type: link-local Max Retries: 2 Monitor Type: BFD Timeout: 0 Timeout Usecs: 500000 Status: Observation: State: Success -
Verify the status of the BFD session you just created.
kubectl get bgpasaservice -A NAMESPACE NAME AS IPADDRESS SHARED STATE AGE bfd-on-bgpaas bgpaas-test-1 10 false Success 21h bfd-on-bgpaas bgpaas-test-2 11 false Success 21h
-