BFD flap intermittently with 'flow_bfd_tx_err' and 'flow_bfd_tx_l2' error counters
10206
Created On 08/22/22 02:12 AM - Last Modified 02/07/25 22:10 PM
Symptom
Events seen with intermittent BFD flaps
System log:
xxxx/xx/xx xx:xx:xx critical bfd xxxx session 0 BFD state changed to Up for BFD session xxxx to neighbor x.x.x.x on interface xxxx. Protocol: BGP
Global counters:
:flow_bfd_tx_err 200 0
:flow_bfd_tx_l2 200 0
'flow_bfd_tx_l2' means that while trying to send out BFD packet, firewall could not get ARP entry for the next hop, so it could not send BFD packet out and instead sent the ARP packet for resolution.
'show arp xxxx':
Output would show arp entry expiring and eventually to an 'incomplete' status.
Further you can take packet capture on the firewall, for non-ip and showing there is no arp response.
Environment
- PAN-OS
- All platforms supporting BFD
Cause
This is usually caused by a network issue resulting in firewall not getting the MAC address for its ARP entry of its BFD peer.
Resolution
- A temporary workaround solution can be applied by configuring static ARP on the firewall.
- Long term solution would require the investigation and fixing of the underlying network condition or issue causing this.