Troubleshooting Tip: How to check if BGP prefix is blocked by Route-Map

To verify if a BGP prefix is being denied by an inbound route-map, use the following debug method, which applies to all supported FortiOS versions.

Run BGP debug as below:

diagnose ip router bgp all enable

diagnose debug enable

diagnose ip router bgp level info

Observe the denied Prefixes in the debug output.

The following debug logs indicate a denial of prefixes received from a BGP neighbor:

BGP: 10.10.2.3-Outgoing [FSM] State: Established Event: 27

BGP: 10.10.2.3-Outgoing [RIB] Update: Prefix 1.1.1.1/32 path_id 0 denied due to route-map

BGP: 10.10.2.3-Outgoing [RIB] Update: Prefix 192.168.191.0/24 path_id 0 denied due to route-map

BGP: 10.10.2.3-Outgoing [RIB] Update: Prefix 192.168.210.0/24 path_id 0 denied due to route-map

Despite the log saying 'Outgoing', this message appears during RIB updates. In context, this means the prefixes were not installed into the routing table because of the inbound route-map.

To verify which route is being installed in the routing table, below command would be helpful:

  get router info bgp neighbors x.x.x.x  routes (x.x.x.x is neighbor ip)

The output of the above command will show the routes added in the FIB post route-map check. 

Other helpful commands:

get router info routing-table details

get router info bgp summary

get router info bgp neighbors x.x.x.x received-routes  <--- x.x.x.x is neighbor IP.

To advertise the routes in the prefix list or to remove the article can be followed: Technical Tip: How to control BGP route advertisement with prefix-list.