BFD vs IP SLA

chhayheng · ‎10-05-2015

Dear All,

What are different between BFD and IP SLA?

Thank you

al3allvarenga · ‎04-21-2020

BFD (Bidirectional Forwarding Detection) is a super fast protocol that is able to detect link failures within milliseconds or even microseconds.. All (routing) protocols have some sort of mechanism to detect link failures. OSPF uses hello packets and a dead interval, EIGRP uses hello packets and a holddown timer etc.

Networks that use real-time traffic like VoIP require fast convergence times. Routing protocols like OSPF or EIGRP are able to quickly select another path once they lose a neighbor but it takes a while for them to realize that something is wrong.

BFD runs independent from any other (routing) protocols. Once it’s up and running, you can configure protocols like OSPF, EIGRP, BGP, HSRP, MPLS LDP etc. to use BFD for link failure detection instead of their own mechanisms.

BFD is a high-speed "are you up" protocol that other routing protocols subscribe to. It can detect link failures in milliseconds, with the potential for microseconds on the right platform. All routing protocols have some way of detecting failure, usually timer-related. Tuning the timers can theoretically get you sub-second failure detection in some protocols, but this produces unnecessary high overhead as the average IGP wasn't designed with that in mind. BFD was specifically built for fast/low CPU detection, and in the case of single-hop, can offload a great deal of the checks to CEF (by using echo mode - more later), even on a typical router. Some high-end platforms can even offload the entire BFD process to the linecard. The CEF or hardware offload makes BFD a major improvement over the other obvious choice, IP SLA.

For more please check:
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fs_bfd.html#wp1053447
https://networklessons.com/cisco/ccie-routing-switching/bidirectional-forwarding-detection-bfd
http://brbccie.blogspot.com/2014/06/everything-bfd.html

Joseph W. Doherty · ‎04-22-2020

BFD is a lightweight, to the hardware, protocol for "fast" detection of a network link/path outage between a pair of devices running BFD. It's used where the hardware cannot be relied upon to detect the outage.

For example, if you directly connect a pair of routers with Ethernet, a link or port fault should show as a port down on both routers. (NB: a routing protocol will be "notified" of the hardware outage.) However if both those routers connect to a switch (or switches), if one router<>switch link has a problem the other router<>switch link might not.

As noted by Al3allvcarenga, routing protocols generally have their own protocol way to also detect an outage but it often is much, much slower to detect the outage (hardware 50 ms vs. perhaps as much as half a minute or more for routing protocol).

Although some routing protocols can be configured to dramatically reduce their outage detection period (e.g. subsecond), often using these routing protocol options will also dramatically increase the device's CPU load. BFD is designed to minimize the CPU impact.

IP SLA is really designed to run a set of re-occurring network performance tests that can be monitored. Unlike BFD which requires devices to both support it, some IP SLA tests don't require the other side to have any special support (for example, IP SLA might set up an on-going ping test).

Cisco has added some IOS features that routers can "react" to the results of an IP SLA test, such as detecting when a far side router isn't responding. Such tests can be use when there's no dynamic routing protocol being used (i.e. static routing being used) and again when the hardware topology is such that you might have a outage to the far side that won't be reflected on all router hardware (again, consider routers separated by one, or more, switches).

Generally, IP SLA, use for the foregoing purpose, has an even slower response time than normally provided by a dynamic routing protocol, but this is better than having an unnoticed "black hole".