New Member

Question

BGP Distance Question

Forum|Forum|14 years ago
March 19, 2012
6 replies
14406 views

Hey Everyone, Is it possible to modify the BGP distance of a network that is advertised by a fortigate? Here is background of my problem: First off, I am no BGP expert but I do have it setup and working fine advertising routes to our MPLS provider. The problem is that all the fortigates on our network show the distance of the learned BGP routes as 20, the default value from the documents i' ve found. I would like to be able to advertise the same network at two different sites but one having a higher distance (backup route). The only way i have been able to modify the BGP distance is by applying an access rule at one of the sites. The biggest problem is that this seems to only affect incoming routes, not outgoing routes. It would be much better if I could advertise the route with a higher distance so I only have to modify it on one router instead of every router that learns the route. Any help would be appreciated. Thanks

emnoc

New Member

First off, I am no BGP expert but I do have it setup and working fine advertising routes to our MPLS provider. The problem is that all the fortigates on our network show the distance of the learned BGP routes as 20, the default value from the documents i' ve found. I would like to be able to advertise the same network at two different sites but one having a higher distance (backup route). The only way i have been able to modify the BGP distance is by applying an access rule at one of the sites. The biggest problem is that this seems to only affect incoming

1st off your thinking is right. You can' t modifiy the distance on an outgoing route. distance is internal and not a bgp well known_attribute 2nd what you need to look at is to set as_path_prepend or if internal to the same ISP provider, you set Metrics for the path that you want to prefer. 3rd, if your peering with 2 different providers, than you can' t 100% control how some one routes into you. I would suggest you review the FGT routing documentations.

ddskier

New Member

You can make one BGP route look longer by using " Route-Maps" and weights. (e.g. Prepend the route.) See example below: (The XXX is your ASN number) config router route-map edit " xxx-routemap" config rule edit 1 set set-aspath " xxx xxx xxx xxx xxx" next end next config router bgp edit " 1.2.3.4" set remote-as <Vendor 1 Supplied ASN> set weight 200 next edit " 2.3.4.5" set remote-as <Vendor 2 Supplied ASN> set route-map-out " xxx-routemap" set weight 100 next end end

rb400

New Member

ddskier wrote:
You can make one BGP route look longer by using " Route-Maps" and weights. (e.g. Prepend the route.) See example below: (The XXX is your ASN number) config router route-map edit " xxx-routemap" config rule edit 1 set set-aspath " xxx xxx xxx xxx xxx" next end next config router bgp edit " 1.2.3.4" set remote-as <Vendor 1 Supplied ASN> set weight 200 next edit " 2.3.4.5" set remote-as <Vendor 2 Supplied ASN> set route-map-out " xxx-routemap" set weight 100 next end end

Does anyone know if this still the best way to influence one route over another for Outbound traffic? Thanks in advance.

emnoc

New Member

locl_pref , weights for traffic outbound ( from your perspective )

as_path pre-pending for traffic inbound ( from your perspective )

metrics for traffic inbound if you have 2 links to the same ISP ( it stays with in the ISP metrics are localize and non transit between ISPs )

Ken

emnoc

New Member

I would caution the use of weights. Weights is not a known BGP attribute for path selection outside of your ASN. AS_path pre-pend, traffic policy mangement via provider communities-sets, and metrics are the only options you have.

ddskier

New Member

ORIGINAL: emnoc I would caution the use of weights. Weights is not a known BGP attribute for path selection outside of your ASN. AS_path pre-pend, traffic policy mangement via provider communities-sets, and metrics are the only options you have.

I believe n this case the weight attribute is used by the firewall for which outbound route is preferred. Helps keep all outbound and inbound traffic using the same connection.

emnoc

New Member

Correct but it has no bearing on inbound and you can' t fully control how the internet routes inbound to you 100%.

snowman386Author

New Member

Thanks for the help guys. The problem seems that I only have one neighbor. I tried setting the weights of the single neighbor to be different at each site but it didnt influence route selection. The only option on the " config networks" is something called " backdoor" but when i enabled that, the route disappeared completely. I will try the outbound route-map. Is that equivalent to the prepend setting emnoc was talking about because i looked through the cli guide and cannot find any command referring to AS prepending?

snowman386Author

New Member

route-map-out seemed to do the trick. " get router info bgp network" now showed my test network with a path containing our AS repeated several times. Once I added the test network to the other site without the route-map-out, it became the preferred route. Strange thing is that the preexisting routes at the site where i added the route-map-out do not show the path with the repeated AS numbers, only the single AS.

emnoc

New Member

Did you bgp establishment require a reload for the new route-map to push the changes? This is typically the case with cisco and most other layer3 devices. Also if your peer within the same AS-provider , metric of MEDs is your friend. i.e ____________ISP-ASN1-link#1-Metric 400 | | | your_AS | | |_____________ISP-ASN1-link#2-Metric 500 That would enforce what link the ISP-ASN1 routes back to you on. I hope that helps. Also MED is local to the ISP your peering with and not annouce outside of that AS. So if ASN1 is peer' d with ASN2 3 4 5 6 7 8 9 10 , your metric has no bearing .

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded