GoBFD
Production-grade BFD protocol daemon for Go
GoBFD is a production-oriented Bidirectional Forwarding Detection (BFD) protocol daemon written in Go 1.26. It detects forwarding path failures between adjacent systems in milliseconds, enabling fast convergence for BGP, OSPF, and other routing protocols.
Four binaries: gobfd (daemon), gobfdctl (CLI), gobfd-haproxy-agent (HAProxy bridge), gobfd-exabgp-bridge (ExaBGP bridge).
- Standalone daemon, decoupled from any control plane. GoBFD watches BFD state and drives external actuators (GoBGP
DisablePeer/EnablePeer, HAProxy agent-check, ExaBGP route announcements) over a typed gRPC API. A daemon restart does not flap the routing control plane. - Zero-allocation hot path. Packet codec, FSM transitions, timer dispatch, and session demultiplexing run at 0 B/op, 0 allocs/op (28 micro-benchmarks enforce the policy). GC pauses cannot cause BFD session flapping.
- RFC coverage beyond the basics. RFC 5880/5881/5882/5883/7419/9384/9468/9747/9764 implemented; RFC 7130 (Micro-BFD), RFC 8971 (VXLAN), RFC 9521 (Geneve) ship with userspace backends. See RFC Compliance.
- Production-ready surfaces. ConnectRPC/gRPC API, Prometheus metrics, structured
sloglogging, systemdType=notifywith watchdog and SIGHUP hot reload, Go 1.26 flight recorder for post-mortem. - Verified interop. 4-peer interop suite (FRR, BIRD3, aiobfd, Thoro/bfd) and BGP+BFD coupling tests against FRR, BIRD3, ExaBGP. Containerlab profiles for Arista cEOS, Nokia SR Linux, SONiC-VS, VyOS.
Background and benchmarks: Competitive Analysis and Performance Analysis.
git clone https://github.com/dantte-lp/gobfd.git && cd gobfd
make build # builds all 4 binaries with version ldflags
sudo ./gobfd -config configs/example.ymlLocal Podman stack with Prometheus + Grafana:
make test
podman-compose -f deployments/compose/compose.yml up -dRequires Linux with
CAP_NET_RAWandCAP_NET_ADMINcapabilities. See Deployment.
graph TB
subgraph "gobfd daemon"
SRV["ConnectRPC<br/>:50051"]
BFD["BFD Core<br/>FSM + Sessions"]
NET["Raw Sockets<br/>UDP 3784/4784"]
BGP["GoBGP Client"]
MET["Prometheus<br/>:9100"]
end
CLI["gobfdctl<br/>CLI"] --> SRV
HAP["gobfd-haproxy-agent"] --> SRV
EXA["gobfd-exabgp-bridge"] --> SRV
SRV --> BFD
NET --> BFD
BGP --> GOBGP["GoBGP :50052"]
NET --> PEER["BFD Peers"]
style BFD fill:#1a73e8,color:#fff
Full documentation is available in docs/:
| # | Document | Description |
|---|---|---|
| 01 | Architecture | System architecture, package diagram, packet flow |
| 02 | BFD Protocol | FSM, timers, jitter, packet format, authentication |
| 03 | Configuration | YAML config, env vars, GoBGP integration, hot reload |
| 04 | CLI Reference | gobfdctl commands, interactive shell |
| 05 | Interop Testing | 4-peer testing: FRR, BIRD3, aiobfd, Thoro |
| 06 | Deployment | systemd, Podman Compose, packages, production |
| 07 | Monitoring | Prometheus metrics, Grafana dashboard, alerting |
| 08 | RFC Compliance | RFC compliance matrix, implementation notes |
| 09 | Development | Dev workflow, make targets, testing, linting |
| 10 | Changelog Guide | How to maintain CHANGELOG.md, semantic versioning |
| 11 | Integrations | BGP failover, HAProxy, observability, ExaBGP, Kubernetes |
| 16 | Production Runbooks | Kubernetes, BGP, Prometheus, packet verification, failure drills |
Documentation is also available in Russian at docs/ru/.
Full RFC texts are available in docs/rfc/:
RFC 5880 |
RFC 5881 |
RFC 5882 |
RFC 5883 |
RFC 5884 |
RFC 5885 |
RFC 7130 |
RFC 7419 |
RFC 9384 |
RFC 9468 |
RFC 9747 |
RFC 8971 |
RFC 9521 |
RFC 9764
| RFC | Title | Status |
|---|---|---|
| RFC 5880 | BFD Base Protocol | Implemented |
| RFC 5881 | BFD for IPv4/IPv6 Single-Hop | Implemented |
| RFC 5882 | Generic Application of BFD | Implemented |
| RFC 5883 | BFD for Multihop Paths | Implemented |
| RFC 7419 | Common Interval Support | Implemented |
| RFC 9468 | Unsolicited BFD | Implemented |
| RFC 9747 | Unaffiliated BFD Echo | Implemented |
| RFC 7130 | Micro-BFD for LAG | Protocol implemented; production integration partial |
| RFC 8971 | BFD for VXLAN | Userspace backend implemented; owner backends planned |
| RFC 9521 | BFD for Geneve | Userspace backend implemented; owner backends planned |
| RFC 9764 | BFD Large Packets | Implemented |
| RFC 5884 | BFD for MPLS LSPs | Stub |
| RFC 5885 | BFD for PW VCCV | Stub |
Details: RFC Compliance
GoBFD processes ~16M packets/sec on the full receive path with zero heap allocations. O(1) session demultiplexing via Swiss table maps scales linearly -- demux latency is ~60 ns/op whether managing 1 or 1000 concurrent sessions.
28 micro-benchmarks enforce the zero-allocation policy across all hot paths: packet codec, FSM transitions, timer operations, overlay encapsulation (VXLAN/Geneve), and session management. See BENCHMARKS.md for detailed results.
- Table-driven FSM matching RFC 5880 Section 6.8.6 (no if-else chains)
- Five authentication modes (Simple Password, Keyed MD5/SHA1, Meticulous MD5/SHA1)
- RFC 9747 Echo, RFC 7130 Micro-BFD protocol, RFC 8971 VXLAN userspace backend, and RFC 9521 Geneve userspace backend support
- BFD flap dampening for BGP integration (RFC 5882 Section 3.2)
- Zero-allocation packet codec with pre-built cached packets
- ConnectRPC/gRPC API + CLI with interactive shell
- Prometheus metrics + Grafana dashboard
- systemd integration (Type=notify, watchdog, SIGHUP hot reload)
- 4-peer interop testing (FRR, BIRD3, aiobfd, Thoro/bfd) + 5 integration examples
- Go 1.26 flight recorder for post-mortem debugging
Advanced Linux modes are explicit about dataplane ownership: Micro-BFD detects
per-member LAG state but needs a bond/team/OVS actuator for enforcement, while
VXLAN/Geneve BFD defaults to an explicit userspace-udp backend. Reserved
kernel, OVS/OVN, Cilium, Calico, and NSX backend names fail closed until
owner-specific integrations are implemented.
See Development for the full workflow. Repository participation is governed by CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md, SUPPORT.md, and GOVERNANCE.md.
make up && make all # Build + test + lint
make interop # Interoperability tests