Troubleshooting Tip: BGP next hop not changing for an eBGP peer
| Description | This article describes why an eBGP peer may not change the next hop to itself due to the BGP NEXT_HOP attribute. |
| Scope | FortiGate. |
| Solution | An eBGP router always uses its own IP address as the next hop address when advertising a route.
Consider the following network topology:
Router 1 advertises 10.0.1.0/24 subnet to FortiGate with the next hop of virtual IP 192.168.1.1.
FortiGate advertises BGP route 10.0.1.0/24 learned from Router 1 to Router 2 with a next hop IP address of 192.168.1.1. Ideally, eBGP peering advertises its own IP address as the next hop when it sends a prefix to another eBGP peer. However, this does not occur because the BGP next hop (192.168.1.6) belongs to the same subnet (192.168.1.0/29) as the eBGP neighbor (192.168.1.x). BGP next hop optimization ensures that no unnecessary intermediate ASNs are added to the BGP AS_PATH attribute, and the shortest path is preferred. FortiGate chooses to advertise the next hop address of Router1 instead of its own when advertising Router1 subnets to Router2.
This is explained in BGP RFC 4271 under Section 5.1.3 - NEXT_HOP. |
