Single-hop BFD session is not restored after reboot or power outage

korobeynikov · April 12, 2024, 3:01pm

We use the single-hop BFD protocol to control the availability of the ISP link.

BFD configuration:

[korobeynikov@MikroTik] /routing/bfd> export
# 2024-04-12 23:52:46 by RouterOS 7.14.2
# software id = XXXX-XXXX
#
# model = RB3011UiAS
# serial number = XXXXXXXXXXXX
/routing bfd configuration
add disabled=no interfaces=static min-rx=1s min-tx=1s
add addresses=203.0.113.153/32 disabled=no interfaces=ether1 min-rx=1s min-tx=1s multiplier=3

I have a route created via WinBox for network 0.0.0.0/0 via gateway 203.0.113.153%ether1 and the property Check Gateway = bfd.

After creating the route, the BFD session is activated:

[korobeynikov@MikroTik] /routing/bfd/session> print
Flags: U - up, I - inactive 
 0 U multihop=no vrf=main remote-address=203.0.113.153%ether1 local-address="" state=up state-changes=2 
     uptime=12s desired-tx-interval=1s actual-tx-interval=1s required-min-rx=1s remote-min-rx=1s remote-min-tx=1s 
     multiplier=5 hold-time=3s packets-rx=12 packets-tx=1

Moreover, if we print the route, we will get the following:

[korobeynikov@MikroTik] /ip/route> export
/ip route
add check-gateway=“(unknown)” disabled=no distance=10 dst-address=0.0.0.0/0 gateway=203.0.113.153%ether1 pref-src=“” routing-table=main scope=30 suppress-hw-offload=no target-scope=10

What means check-gateway=“(unknown)”?

But the saddest thing happens after the device is overloaded or the lights are turned off/on - the BFD session does not recover.
Using the Torch tool, I see that the ISP is sending packets via UDP to port 3784, but my device is not.

To activate a BFD session, you must first turn off the route and then turn it on.
Packets begin to flow in both directions.

I believe this is a serious software bug.

P.S. I know about other ways to control the gateway, but this topic is about BFD.

loloski · April 12, 2024, 3:09pm

I don’t think check-gateway = bfd is already implemented

https://help.mikrotik.com/docs/display/ROS/Routing+Protocol+Overview

korobeynikov · April 13, 2024, 6:49am

Thanks for the link!

It is worth noting that the service itself is implemented and works perfectly when blocking UDP packets on port 3784.
The only question is to start the service after booting the device and write it in the configuration.

I would like to get some feedback from the developers.

BrateloSlava · April 15, 2024, 10:00am

As far as I can see from the documentation:

Features not yet supported

echo mode

enabling BFD for ip route gateways

authentication

Larsa · April 15, 2024, 12:51pm

Since this is a user forum, I believe you have a better chance of getting a response if you direct your question to: support@mikrotik.com.

mrz · April 15, 2024, 1:51pm

As it was already mentioned here, BFD for static routes is not ready. Currently BFD session can be created by routing protocols with enabled BFD, static route may use existing session, if destination address match, but it cannot create the new session.

korobeynikov · April 16, 2024, 8:16am

Maybe if you explicitly specify the interface. The only question is the launch after loading.
I cannot refuse the protocol at the moment, since the operator turned it on for us and we coordinated it for a long time.

Dartmaul · January 29, 2026, 9:54am

Not to start yet another thread, I’d like to revive this one.

I’m currently running few ROS devices, 7.19.6, 7.20.7 and 7.21.1, all do support static route BFD check gateway as a separate task (initialize BFD session), but often fail to recover it after link failure (have to toggle static route to restart BFD session)

Since Mikrotik website redesign, it is hard to see changelog several versions deep, but I think I saw some changes related BFD check gateway.

Official BFD help page wasn’t updated in years, and BFD part of Protocol Overview isn’t much better.

Could we have an update on this indeed welcomed feature?

pe1chl · January 29, 2026, 10:15am

Maybe you can use check-gateway=ping instead, it has had some updates in the meantime.

Dartmaul · January 29, 2026, 10:37am

I’d love to, if it could be configured the same way as ICMP netwatch probe.

But honestly, the whole point of BFD is to keep endpoints in sync, which ping simply cannot achieve.

pe1chl · January 29, 2026, 12:36pm

I use BFD on BGP peers (which receive routes from eachother) and ping on generic ISP routes (where the important thing is “can we set default route via this ISP” and not “can the ISP route traffic to our IPs to us”).

As it is now, with settable ping interval parameters, and combined with “recursive routing” to allow ping tests both to the ISP gateway and to some arbitrary destination(s) on internet before the default route is set, it is fine for us. We use this for failover and it is reliable.

Dartmaul · January 29, 2026, 1:11pm

I decided to use BFD on static routes purely because ROS doesn’t support LFA FRR for OSPF and I need fast convergence for backup routes.