Skip to content

BFD TTL fix + cleanup#661

Merged
taspelund merged 6 commits intomainfrom
trey/bfd-hippity-hop
Mar 12, 2026
Merged

BFD TTL fix + cleanup#661
taspelund merged 6 commits intomainfrom
trey/bfd-hippity-hop

Conversation

@taspelund
Copy link
Copy Markdown
Contributor

@taspelund taspelund commented Mar 9, 2026

First and foremost, this PR adds explicit settings for TTL / Hop Limit to ensure control packets are always sent using 255 (mandated by RFC 5881). There is also a little bit of cleanup done to the egress() function to avoid creating a new socket for every packet we send. It also adds unit tests to validate the TTL/HL change and updates the existing tests to include IPv6 peers in addition to IPv4 peers. One other small cleanup is added to use a type alias throughout the BFD codebase instead of just in a single file.

Fixes #660
Fixes #655
Fixes #531

taspelund added 4 commits March 4, 2026 14:12
@taspelund
Set TTL/Hop Limit to 255 on BFD control packets
8cd88a7 
RFC 5881 describes single-hop BFD for IPv4 and IPv6, and in it there's a
requirement to set the TLL/Hop Limit to 255 for all control packets. We
weren't updating the value on the UdpSocket we use to send our control
packets, allowing the OS to pick its own defaults.

This was discovered when doing manual validation of dual-stack BFD for
static routes with FRR as our peer. IPv4 sessions came all the way up,
but IPv6 sessions never did. Debug logs on the FRR side showed the
following errors, which were the dead giveaway of the issue:
```
2026-03-04 19:25:53 [DEBG] bfdd: [YA0Q5-C0BPV] control-packet: invalid TTL: 60 expected 255 [mhop:no peer:fd00:101::6 local:fd00:101::5 port:4]
2026-03-04 19:25:53 [DEBG] bfdd: [YA0Q5-C0BPV] control-packet: invalid TTL: 60 expected 255 [mhop:no peer:fd00:101::2 local:fd00:101::1 port:2]
2026-03-04 19:25:54 [DEBG] bfdd: [YA0Q5-C0BPV] control-packet: invalid TTL: 60 expected 255 [mhop:no peer:fd00:101::a local:fd00:101::9 port:3]
```
@taspelund
Read my lips. No. New. UdpSockets.
d1d3adf 
Stop allocating a new UdpSocket for every BFD packet we transmit. That's
horribly inefficient and unnecessary. Restructures egress() to use
nested loops with different break conditions based on the type of error:
socket errors trigger a new socket creation while channel errors still
break out of the egress function.

Fixes: #655
@taspelund
mgd: add TTL/Hop Limit unit tests for BFD sockets
cf7673a
@taspelund
Use BfdEndpoint type alias everywhere
c40a9a1
@taspelund taspelund self-assigned this Mar 9, 2026
@taspelund taspelund added Bug bfd Bidirectional Forwarding Detection mgd Maghemite daemon labels Mar 9, 2026
@taspelund
Copy link
Copy Markdown
Contributor Author

taspelund commented Mar 10, 2026

Manual testing confirmed this branch fixes BFD for IPv6 and doesn't break IPv4.

Switch1:

root@oxz_switch:~# mgadm bfd get-peers
Peer           Listen   Required Rx  Detection Threshold  Mode       Status
198.51.101.13  0.0.0.0  1000000      3                    SingleHop  Up
fd00:101::d    ::       1000000      3                    SingleHop  Up
fd00:101::5    ::       1000000      3                    SingleHop  Up
198.51.101.5   0.0.0.0  1000000      3                    SingleHop  Up

FRR:

cfw# show bfd peers brief
Session count: 8
SessionId  LocalAddress                             PeerAddress                             Status
=========  ============                             ===========                             ======
1905043705 fd00:101::9                              fd00:101::a                             up
3819958073 fd00:101::1                              fd00:101::2                             up
4052257816 198.51.101.13                            198.51.101.14                           up
4119951142 fd00:101::d                              fd00:101::e                             up
2303089209 198.51.101.5                             198.51.101.6                            up
3531983686 198.51.101.1                             198.51.101.2                            up
1367301662 198.51.101.9                             198.51.101.10                           up
3010181911 fd00:101::5                              fd00:101::6                             up
cfw# show bfd static route
Showing BFD monitored static routes:

  Next hops:
    VRF default IPv4 Unicast:
        198.51.100.0/24 peer 198.51.101.14 (status: installed)
        198.51.100.0/24 peer 198.51.101.10 (status: installed)
        198.51.100.0/24 peer 198.51.101.6 (status: installed)
        198.51.100.0/24 peer 198.51.101.2 (status: installed)

    VRF default IPv4 Multicast:

    VRF default IPv6 Unicast:
        fd00:100::/64 peer fd00:101::e (status: installed)
        fd00:100::/64 peer fd00:101::6 (status: installed)
        fd00:100::/64 peer fd00:101::a (status: installed)
        fd00:100::/64 peer fd00:101::2 (status: installed)

internet-diglett
internet-diglett approved these changes Mar 11, 2026
View reviewed changes
@morlandi7 morlandi7 added this to the 19 milestone Mar 12, 2026
@morlandi7 morlandi7 mentioned this pull request Mar 12, 2026
Merged
@taspelund
Merge branch 'main' into trey/bfd-hippity-hop
0563891
@taspelund
mgd: use slog::o instead of custom log macro
44509f6 
Reduce the amount of times we supply default args to logger by creating
a child logger with the k/v attributes attached.
@taspelund taspelund merged commit b603c9f into main Mar 12, 2026
15 checks passed
@taspelund taspelund deleted the trey/bfd-hippity-hop branch March 12, 2026 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@internet-diglett internet-diglett internet-diglett approved these changes

@zeeshanlakhani zeeshanlakhani Awaiting requested review from zeeshanlakhani

@rcgoodfellow rcgoodfellow Awaiting requested review from rcgoodfellow

Assignees

@taspelund taspelund

Labels

bfd Bidirectional Forwarding Detection Bug mgd Maghemite daemon

Projects

None yet

Milestone

19

3 participants

@taspelund @internet-diglett @morlandi7