Technical Tip: How to check VXLAN(cloud) BGP neighbor advertised routes are not received on the FortiGate
| Description | This article describes how to check VXLAN ( Cloud) BGP neighbor advertised routes that are not received on the FortiGate. |
| Scope | FortiGate |
| Solution | Assume the following scenario: VXLAN(cloud)-------BGP --------FortiGate
get router info bgp neighbor's <neighbor ip> <received -routes or advertise routes>
Note: If the VXlan BGP neighbor set up then need to disable the below step under BGP. disable 'set enforce-first-as' on FortiGate Also, check any filter and route-map configured for denied traffic.
Configure BGP:
config router bgp set router-id {ipv4 address} set keepalive-timer {integer} set holdtime-timer set enforce-first-as [enable|disable] <----- Here enforce-first-as disable it.
Once disabled, the enforce-first-as option soft clears the BGP particular neighbor and checks the routes.
execute router clear bgp ip <neighbor ip> soft
Note: For implementing soft BGP reset, make sure Soft reconfiguration is enabled on FortiGate BGP neighbor configuration. Most of the BGP configuration is the same as in a normal BGP setup. An IPsec VPN interface on the VXLAN interface setting should have net-device disable. It is also recommended to use this setup with VXLAN tunnel endpoints.
|
