The Bidirectional Forwarding Detection (BFD) protocol can rapidly detect a communication fault between neighboring network devices, and a network device can switch traffic over to a backup link according to the rapidly detected fault, to speed up network convergence, thereby ensuring continuation of a service, reducing impact of a device fault or link fault on the service, and improving network availability. A BFD device includes a control plane formed by a general central processing unit (CPU) processor and a data plane formed by a network processor (NP). To prevent cyberattacks, in the control plane, the BFD protocol supports three security authentication manners: (1) an authentication manner based on a simple password; (2) authentication based on message digest algorithm 5 (MD5); and (3) authentication based on Security Hash Algorithm 1 (SHA1); however, in the data plane, there is no manner of security authenticating a BFD packet by the NP yet in any prior art.