Monitoring IP Reachability Detection

You can see the basic BFD settings (configured or default), and a table of the peer IP addresses and their statuses.

Monitoring IP Reachability Detection in Gaia Portal

  1. From the left navigation tree, click Advanced Routing > IP Reachability Detection.

  2. In the top right corner, click Monitoring.

  3. In the IP Reachability Detection Monitor section, click on the Information category.

    Note - The page is static. To see the latest values, click Reload.

Monitoring IP Reachability Detection in Gaia Clish

show ip-reachability-detection[Esc][Esc] 

MyGW> show ip-reachability-detection summary
BFD Minimum TX Interval: 300 ms
BFD Minimum RX Interval: 300 ms
BFD Detect Multiplier: 10
Remote Address            Protocol    Reachable
10.1.3.13                 BFD         No
10.1.254.1                BFD         Yes
13::1                     BFD         Yes
34::4                     BFD         Yes
fe80::a1 (bond212)        BFD         Yes
MyGW>

MyGW> show ip-reachability-detection ip-address 10.1.1.13

Field in the output

Description

 
Remote Address 10.1.1.13

IP address of the peer.

 
Protocol:   BFD

Is BFD used?

 
Reachable:  No

Is the peer reachable (according to the BFD protocol state)?

 
Downtime: 0 days 0 hrs 2 mins 21 secs

How long in current status (uptime or downtime)?

 
BFD Protocol Details

BFD protocol-specific data.

 
Session State: 1 (Down)
 
Diagnostics: Local: 1 (Control Detection Time Expired)
  Remote: 0 (No Diagnostic)

State, and if state is not Up, diagnostic code.

 
Advertised Min RX: 300 ms  TX: 1000 ms
Received Min RX: 0 ms  TX: 300 ms  Multiplier: 10

Intervals advertised by us and the peer; detect multiplier advertised by the peer (as in RFC 5880).

 
Detection Time: 3.0 sec

Failure detection time. It is often longer when the connection is already down (as shown here) than when it is up.

Rounded to the nearest tenth of a second.

 
Rx Count: 223          last: 144728 ms ago

BFD packets received for this session: total count and time since the last accepted packet.

 
Rx Drops by Reason:

Count by reason of BFD packets received but rejected.

These counters do not include packets not received by the interface, packets dropped by the Firewall, invalid BFD packets, or unidentified as part of the session.

Counts are reset on boot, when BFD session is deleted, or if routed restarts.

 
for authentication:

 

 
0 apparent config mismatch

Mismatch: The two endpoints have different authentication configurations (mismatch of authentication type or key ID).

For example, one uses BFD authentication and the other does not. You may see this when you change configurations.

 
0 bad packet form

Badly formatted authentication section in an otherwise valid BFD packet. Very rare.

 
0 sequence numbering

Sequence number of a received packet is out of order.

If you see this for a short time, it indicates that a peer is reachable again or that the configuration changed.

If this count continuously increases, it can indicate an attempted replay attack.

 
204 message digest / password

The received packet has an incorrect message digest. This shows when the two peers do not have the same shared secret configured for BFD authentication.

 
0 for discriminator values

The discriminator in a BFD packet was zero, when that was not permitted.

If you see this for a short time, it indicates that a peer, which was not reachable, is reachable again.

 
0 for TTL

IPv4 Time to Live (TTL) field of the packet was not equal to 255, as required by RFC 5881.

Can indicate misconfiguration or attempted attack (rare).

 
Tx Count: 226 (0 failed)   last: 393 ms ago

Count of BFD packets sent out of the BFD module in this session, and when was the last packet sent.

If the Firewall drops a packet, it is counted here as transmitted and not as failed.

 
Local Discriminator: 742320834 (0x2c3eeac2)

A random, unique discriminator identifies a BFD session, on a GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. machine.

 
UDP Source Port: 61244

The UDP source port, from which BFD packets are sent by this host to this peer.

 
Number of Transitions:      4
Last 10 Transitions:
    Current time is:  Oct 30 12:58:05
    State             Time
    Not Reachable     Oct 30 12:55:44
    Reachable         Oct 30 12:55:36
    Not Reachable     Oct 30 12:55:05
    Reachable         Oct 30 12:55:05

A record of recent transitions (reachable or not reachable) with this peer.

The output shows the current date and time, for easy comparison with the date and time of the events.

Troubleshooting IP Reachability Detection

See Trace Options.