1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Implementing Azure ExpressRoute

Implementing Bidirectional Forwarding Detection

Start course

As dependency on cloud services grows, so does the need for a reliable, low-latency network connection to the cloud. Also, some organizations and government agencies require a dedicated connection that does not pass network traffic over the public internet. Azure ExpressRoute provides a dedicated, redundant connection to Azure cloud services.  

In this course, we examine Azure ExpressRoute. Azure ExpressRoute creates a reliable, dedicated connection between an organization's on-premises environment and Microsoft Azure. We cover design considerations when planning for ExpressRoute, requirements for installing ExpressRoute, and management and troubleshooting tasks. The learning objectives for this course map to the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam.

Learning Objectives

  • Choose between provider and direct model (ExpressRoute Direct)
  • Design and implement Azure cross-region connectivity between multiple ExpressRoute locations
  • Select an appropriate ExpressRoute SKU and tier
  • Design and implement ExpressRoute Global Reach and ExpressRoute FastPath 
  • Choose between private peering only, Microsoft peering only, or both
  • Configure private peering and Microsoft peering
  • Create and configure an ExpressRoute gateway
  • Connect a virtual network to an ExpressRoute circuit
  • Recommend a route advertisement configuration
  • Configure encryption over ExpressRoute
  • Implement Bidirectional Forwarding Detection
  • Diagnose and resolve ExpressRoute connection issues

Intended Audience

  • System or network administrators with responsibilities for connecting an on-premises network to Azure
  • Anyone preparing for the Azure AZ-700: Designing and Implementing Microsoft Azure Networking Solutions exam


  • A basic understanding of networking, routing, and VPN concepts

No network is fault-proof. Hardware has issues and sometimes misconfigurations happen. In this lecture, we look at bidirectional forwarding detection with ExpressRoute and how it can help should ExpressRoute encounter an error. To understand bidirectional forwarding detection, let's review a basic ExpressRoute circuit. All ExpressRoute circuits are deployed in an HA pair. On one side is the customer or partner edge equipment, depending on who manages it. And on the other side is the Microsoft edge equipment.

Routing is handled by BGP. BGP has a hold time that acts as a heartbeat for BGP neighbors to ensure that they're available. It specifies how long routers should wait before it marks the neighbor as offline and initiates a failover to another link. There is also keepalive sent to keep the BGP session active. The keepalive time is typically one-third of the hold time. The default hold time for ExpressRoute is 180 seconds, and the keepalive is 60 seconds. With this setting, it could take up to three minutes before a failure is detected and traffic moves to another link.

Lowering the hold time and keepalive time may be a consideration. However, the hold and keepalive operation is process-intensive and setting a more aggressive hold time is not recommended. Instead, we can use Bidirectional Forwarding Detection, or BFD, to detect failed links. BFD establishes a low-overhead connection with BGP neighbors and can detect a link failure in under a second. BFD is enabled on all ExpressRoute private peering interfaces by default. It will need to be enabled on customer or partner edge equipment as well. The actual steps will be different depending on the hardware manufacturer, but at a high level, BFD has to be configured on the interface first, then linked to the BGP session.

That is how bidirectional forwarding detection helps speed up a link failover, decreasing the time for a link failover from up to three minutes to under a second. Thank you for joining me in this lecture.

About the Author
Travis Roberts
Cloud Infrastructure Architect

Travis Roberts is a Cloud Infrastructure Architect at a Minneapolis consulting firm, a Microsoft MVP, MCT, and author. Travis has 20 years of IT experience in the legal, pharmaceutical, and marketing industries and has worked with IT hardware manufacturers and managed service providers. In addition, Travis has held numerous technical certifications throughout his career from Microsoft, VMware, Citrix, and Cisco.