Guidelines for BFD routing

BFD is supported on all Firewall Threat Defense platforms and is available in multi-instance mode.

BFD is supported in routed firewall mode and not in transparent mode.

• BFD is not supported on failover interfaces.

• In clustering, BFD is supported only on the control node.

• OSPFv2, OSPFv3, BGP IPv4, and BGP IPv6 protocol are supported.

  IS-IS and EIGRP protocols are not supported.

• BFD for static routes is not supported. You can configure BFD on interfaces that belong only to virtual routers.

• Only named interfaces are supported.

• BFD on BVI, VTI, and loopback interfaces are not supported.

• Echo mode is disabled by default. You can enable echo mode on single-hop only.

• Echo mode is not supported for IPv6.

• Use only a single-hop template to configure a single-hop policy.

• Authentication of the single-hop template is optional.

• You cannot configure multiple BFDs on the same interface.

• Do not configure the source IP address also as the destination IP address.

• Source and destination address should have same IP type—IPV4 or IPV6.

• Only network objects of host or network type are allowed.

• Use only a multi-hop template to configure a multi-hop policy.

• Authentication is mandatory for the multi-hop template.

When you upgrade to version 7.3 and the previous version has any FlexConfig BFD policies, the management center displays a warning message during deployment. However, it does not stop the deployment process. After post-upgrade deployment, to manage the BFD policies from the UI ( Device (Edit) > Routing > BFD), you must configure BFD policies in the Device (Edit) > Routing > BFD page and remove the configuration from the FlexConfig policy for the device.