When I enable BFD on a BGP peer (both sides), the BFD neighbor status is OK and the link works fine.
When I drop UDP to port 3784 in the INPUT firewall filter, as expected BFD declares the link down and
immediately the BGP peering is closed and the traffic re-routed. Fine.
However, after a minute or so (I think the BGP Peer re-connection interval) the BGP peering comes back
up even with the BFD state being DOWN on one side and INIT at the other side. Traffic flows over the
link.
Is that correct and expected behaviour or is it a bug?
I would think that as long as BFD considers the link DOWN at least at one side, the link would not be
used for routing.
What version of RouterOS are you seeing this on?
6.39.1 and 6.39.2
I now think it is intended behaviour. When BFD sees the connection is down it immediately notifies BGP,
so the link is taken out of the route tables immediately, but then it leaves it to BGP to see if it is usable.
In normal circumstances it should work OK, only when “testing” using the firewall entry it does not work.
Nice work and thanks for the info. We’ve been doing more and more with BFD in MikroTik now that it’s been patched.
I also asked support and they tell me it will all work better in version 7.
But we have heard that one before 
Of course no release date…