Technical Tip: FortiGate BGP flapping due to overlapping peer IP
| Description | This article provides a scenario where there is a BGP setup between 2 devices: One or both FortiGates' BGP is flapping up and down, and it was found that it was due to a third device with an overlapping IP address causing the reset on the BGP connection. |
| Scope | FortiGate. |
| Solution | To narrow down this problem, a concurrent packet capture on both FortiGates is required to review the BGP connection when it flaps.
Here is the example scenario : FortiGate A IP address: 10.52.50.1. FortiGate B IP address: 10.52.50.2.
It is shown that it was receiving a TCP reset from FortiGate B IP address, terminating the BGP connection (TCP 179), thus causing the flap. Looking at the packet details in Wireshark, it is shown that the RST packet is sourced from another device's MAC address, not directly from FortiGate A MAC address.
Side note: Looking at the BGP debug logs on FortiGate A, it will show this message :
2025-12-19 14:45:12 BGP: 10.52.50.2-Outgoing [ENCODE] Keepalive: 888054 KAlive msg(s) sent
Looking at the packet capture file that was captured at the same time and the same specific BGP session (TCP port: 16920). It is shown that it never sent the RST packet at all.
Looking at the packet details in Wireshark, it is expected to show the correct source and destination mac-address. In this scenario, it is shown that 00:09:0f:09:00:13 should be the correct source MAC address.
From here, trace the unexpected non-Fortinet vendor mac-address and check the IP address set on its physical port settings.
In this particular scenario, these packet capture findings lead to the root cause :
|
