Technical Tip: BGP peering over inter-VDOM links
| Description | This article explains how to create BGP peering using inter-VDOM links. |
| Scope | FortiGate. |
| Solution | Inter-VDOM routing allows two VDOMs on the same FortiGate to communicate internally. Traffic between VDOMs flows through an inter-VDOM link, which contains a pair of virtual interfaces, one on each VDOM.
Basic considerations:
CLI CONFIGURATION:
VDOM-A
# config system interface edit "VdomRouting0" set vdom "VDOM-A" set ip 12.12.12.1 255.255.255.0 set allowaccess ping https ssh set type vdom-link set description "VDOM-A link" next edit "loopback_VDOM-A" set vdom "VDOM-A" set ip 10.255.255.1 255.255.255.255 set allowaccess ping set type loopback next edit "port2" set vdom "VDOM-A" set ip 10.10.10.1 255.255.255.0 set allowaccess ping https ssh http set type physical set alias "LAN VDOM-A" next ------------------------------------------------------------
# config router bgp set as 65500 set router-id 10.255.255.1 config neighbor edit "12.12.12.2" set interface "VdomRouting0" set remote-as 65500 next end config network edit 1 set prefix 10.10.10.0 255.255.255.0 next end
VDOM-B
# config system interface edit "VdomRouting1" set vdom "VDOM-B" set ip 12.12.12.2 255.255.255.0 set allowaccess ping https ssh set type vdom-link set description "VDOM-B link" next edit "loopback_VDOM-B" set vdom "VDOM-B" set ip 10.255.255.2 255.255.255.0 set allowaccess ping set type loopback next edit "port3" set vdom "VDOM-B" set ip 10.10.11.1 255.255.255.0 set allowaccess ping https ssh http set type physical set alias "LAN VDOM-B" next
-------------------------------------------------------------
# config router bgp set as 65500 set router-id 10.255.255.2 config neighbor edit "12.12.12.1" set capability-default-originate enable set interface "VdomRouting1" set remote-as 65500 next end config network edit 1 set prefix 10.10.11.0 255.255.255.0 next end
RESULT:
FGT (VDOM-A) # get router info routing-table details Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area V - BGP VPNv4 * - candidate default
Routing table for VRF=0 B* 0.0.0.0/0 [200/0] via 12.12.12.2 (recursive is directly connected, VdomRouting0), 00:04:43, [1/0] C 10.10.10.0/24 is directly connected, port2 B 10.10.11.0/24 [200/0] via 12.12.12.2 (recursive is directly connected, VdomRouting0), 00:05:07, [1/0] C 10.255.255.1/32 is directly connected, loopback_VDOM-A C 12.12.12.0/24 is directly connected, VdomRouting0
FGT (VDOM-B) # get router info routing-table details Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area V - BGP VPNv4 * - candidate default
Routing table for VRF=0 S* 0.0.0.0/0 [10/0] via 15.15.15.2, ISP1, [1/0] B 10.10.10.0/24 [200/0] via 12.12.12.1 (recursive is directly connected, VdomRouting1), 00:06:18, [1/0] C 10.10.11.0/24 is directly connected, port3 C 10.255.255.0/24 is directly connected, loopback_VDOM-B C 12.12.12.0/24 is directly connected, VdomRouting1 C 15.15.15.0/24 is directly connected, ISP1 |
