ACLs Applied to Filtering BFD Passive Echo
ACLs can be applied to control the range of BFD sessions that to enable with passive echo. By default, passive echo is not enabled.
The BFD echo packet is looped back through ICMP redirect at the remote end. In the IP packet that encapsulates the BFD echo packet, the destination address and the source address are the IP address of the outgoing interface of the local end. Therefore, in the ACL rule, both the source addresses of the remote end and the local end must be permitted.
BFD passive echo supports only basic ACLs, instead of advanced ACLs.
If the ACL applied to an established BFD session is modified, or a new ACL is applied to an established BFD session, the ACL takes effect only when the session re-establishes or the parameters of the session is modified.
| ACL Matching Result | Processing Result |
|---|---|
| The session matches the permit rule | Passive echo is enabled for the session |
| The session matches the deny rule | Passive echo is not enabled for the session |
| The session mismatches all rules | |
| The relative ACL does not exist | Passive echo is not enabled for all sessions |
| The relative ACL exists but there is no rule in the ACL |