Skip to main content
Poseidonn
Poseidonn
New Member
February 19, 2025
Question

Static vs iBGP distance

  • February 19, 2025
  • 5 replies
  • 2629 views

Hello,

 

In a situation with sd-wan with a static route for a zone and via iBGP I receive the same prefix for another zone, even changing the administrative distance of the static route to the same as iBGP, the static prevails.

 

Anything other than administrative distance to consider?

 

Thanks

5 replies

dingjerry_FTNT
Staff
dingjerry_FTNT
Staff
February 19, 2025

Hi @Poseidonn ,

 

Can you run the following?

 

get router info routing-table details x.x.x.x

 

x.x.x.x is the routing entry for the network in this issue.

Poseidonn
PoseidonnAuthor
New Member
February 19, 2025

My database

 

Routing table for VRF=0
S *> 0.0.0.0/0 [200/0] via x.x.x.x, wan2, [1/0]
    *> [200/0] via x.x.x.x, wan1, [1/0]
B 0.0.0.0/0 [200/0] via x.x.x.x (recursive via HUB1VPN1 tunnel x.x.x.x), 00:02:19
                                               (recursive via HUB1VPN2 tunnel x.x.x.x), 00:02:19, [1/0]
                  [200/0] via x.x.x.x (recursive via HUB2VPN1 tunnel x.x.x.x), 00:02:19
                                              (recursive via HUB2VPN2 tunnel x.x.x.x), 00:02:19, [1/0]

 

Thanks

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
February 19, 2025

I tested it with 7.4.6. And looks like a newer route seems to be preferred.

When eBGP route for 10.0.9.0/29 preexists, I put in the same static route with AD 20. Then got below, overriden by the static route:

FortiGate-60F # get router info routing-t detail 10.0.9.0

Routing table for VRF=0
Routing entry for 10.0.9.0/29
  Known via "static", distance 20, metric 0, best
  * vrf 0 x.x.x.x, via wan1

 

Routing entry for 10.0.9.0/29
  Known via "bgp", distance 20, metric 0
  Last update 07:06:01 ago
    vrf 0 10.245.254.225 priority 1 (recursive via ny-corp tunnel x.x.x.x)


However, when I dropped the eBGP once then reintroduced it again, I got below, overriden by the eBGP route:

FortiGate-60F # get router info routing-t detail 10.0.9.0

Routing table for VRF=0
Routing entry for 10.0.9.0/29
  Known via "bgp", distance 20, metric 0, best
  Last update 00:03:24 ago
  * vrf 0 10.245.254.225 priority 1 (recursive via ny-corp tunnel x.x.x.x)

 

Routing entry for 10.0.9.0/29
  Known via "static", distance 20, metric 0
    vrf 0 x.x.x.x, via wan1


So, if you want the FGT to prefer iBGP route, try setting AD for the static route higher than 200, like 201.

Toshi

Poseidonn
PoseidonnAuthor
New Member
February 19, 2025

Yes, if I change it to a smaller distance, it works.

 

I would like to have static iBGP prefixes with the same distance, then in the SD-WAN rules I validate which VLAN makes a local breakout (static route) and which ones don't (iBGP route).

 

Thanks

Poseidonn
PoseidonnAuthor
New Member
February 19, 2025

I know the topic is administrative distance, I put the routing table database in another post.

 

Thanks

jiahoong112
Staff
jiahoong112
Staff
February 22, 2025

you may find this one helpful: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Multiple-Active-Concurrent-Default-Routes/ta-p/368427 

minecraft21
minecraft21
New Member
February 22, 2025

Even with the same administrative distance, static routes typically take precedence over dynamic routes like iBGP. You might also want to check route preference, longest prefix match Minecraft Bedrock Edition, and any route filtering or redistribution policies that could be affecting selection.

Terms & ConditionsAccessibility statement