Staff

Technical Note : Identical next hops in the routing table, over different FortiGate interfaces

Forum|Forum|16 years ago
June 15, 2010
0 replies
8580 views

Description

This article describes a solution addressing specific or occasional requirements where a FortiGate has got multiple identical routes configured with the same next-hop but on different interfaces.

This scenario is illustrated in the following diagram.

                                                  ISP1
     [        ] port1 --[ L2 switch ]-- [ router1 ] == INTERNET
LAN ===[ FortiGate ] port2 --[ L2 switch ]-- [ router1 ]
     [        ]
     [        ] port5 --[ PPPoE ]---- [ router2 ] == INTERNET
     [        ] port6 --[ PPPoE ]---- [ router2 ]
                                                 ISP2

Assumptions and requirements:

to reach the Internet, four default routes are used for this example.
router1 is the next-hop from ISP1 configured with 2 static default routes via port1 and port2. This assumes that port1 and port2 are in the same subnet if the next-hop is the same (see related articles about next-hop validity).
port5 and port6 are connected to the same ISP (ISP2) with PPPoE, and will/may therefore acquire the same default gateway: router2.

The related articles at the end of this document contain more details about next-hop validity and dual link scenario.

Scope
Example provided for FortiOS 4.0 MR2.
Solution
The following CLI configuration will apply to this network scenario:

config system settings
    set allow-subnet-overlap enable     <<< this is for port1 and port2
end

config system interface
    edit "port1"
        set vdom "root"
        set ip 192.168.182.136 255.255.254.0
        set allowaccess ping https ssh http telnet
        set type physical
    next
    edit "port2"
        set vdom "root"
        set ip 192.168.182.137 255.255.254.0
        set allowaccess ping
        set type physical
    next
    edit "port5"
        set vdom "root"
        set mode pppoe
        set allowaccess ping
        set type physical
        set username "username"
        set password ENC <pass>
        set defaultgw enable
    next
    edit "port6"
        set vdom "root"
        set mode pppoe
        set allowaccess ping
        set type physical
        set username "username"
        set password ENC <pass>
        set defaultgw enable
    next
end

config router static
    edit 1
        set device "port1"
        set distance 5
        set gateway 192.168.183.254
    next
    edit 2
        set device "port2"
        set distance 5
        set gateway 192.168.183.254
    next
end

Routing table verification

The following table shows the four default routes with twice the same next-hop

FGT# get router info routing-table all

S*      0.0.0.0/0 [5/0] via 172.31.231.254, ppp0
              [5/0] via 172.31.231.254, ppp1
              [5/0] via 192.168.183.254, port1
                  [5/0] via 192.168.183.254, port2
C       172.31.230.20/32 is directly connected, ppp0
C       172.31.230.21/32 is directly connected, ppp1
C       172.31.231.254/32 is directly connected, ppp1
                          is directly connected, ppp0
C       192.168.182.0/23 is directly connected, port2
                         is directly connected, port1

Related Articles

Technical Tip: FortiGate routing table conditions

Technical Note: Configuring link redundancy - Traffic load-balancing / load-sharing - ECMP (Equal Cost Multiple Path) - Dual Internet or WAN scenario

FortiGate

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded