Technical Tip: Use BGP backdoor to prefer IGP over EBGP

Description

This article describes the use of BGP backdoor to prefer IGP over EBGP.

Scope

FortiGate.

Solution

The 'Backdoor Feature' is often used to increase the administrative distance of eBGP to 200 to make the IGP learned routes preferred. A backdoor network is treated as a local network, except that it is not advertised. This is configured by using the network backdoor BGP command.

Diagram:

• As illustrated, EBGP is running between 'FGT-A' and 'FGT-C' as well as 'FGT-B' and 'FGT-C'.
  
• As an example, consider an IGP protocol running between 'FGT-A' and 'FGT-B'. It can be OSPF, IS-IS, or RIP protocol.
• EBGP has a distance of 20, which is less than the IGP distances. The IGP protocol default distances are:

• 'FGT-A' will learn the 172.16.20.0/24 via 'FGT-C' EBGP (distance-20) and with IGP from FGT-B with a distance greater than 20. Hence, 'FGT-A' will install the route via 'FGT-C' EBGP as it has a lower distance.
  
• However, the user wants the 'FGT-A' to prefer the 172.16.20.0/24 route via IGP from 'FGT-B'.
• If the user wants 'FGT-A' to prefer the 172.16.20.0/24 route via IGP RIP from 'FGT-B', use BGP backdoor.
• Assume the IGP RIP protocol is running between 'FGT-A' and 'FGT-B'.
• Configure 'set backdoor enable' for network 172.16.20.0/24 under the 'FGT-A' BGP network configuration, as the user wants to prefer this network via IGP.
• Due to the BGP backdoor being enabled, 'FGT-A' will learn the 172.16.20.0/24 route from 'FGT-B' via RIP with distance 120.