Explorer III

Solved

Why not advertised via BGP?

Forum|Forum|2 years ago
December 16, 2023
5 replies
11273 views

I have a loopback 10.222.80.1 configured (1)

I have advertised the same prefix in BGP. (2)

The BGP neighbor 10.4.10.1 in question is healthy with 159 routes received (3)

Why is this prefix not advertised via BGP? (4)

2023-12-16 18h27m02 Why not advertised via BGP.png

Best answer by srajeswaran

Each VRF routes are isolated so if your route is in VRF7, it will not be present in BGP databse/table on VRF1. You may configure VRF route leaking https://docs.fortinet.com/document/fortigate/6.4.0/new-features/834664/route-leaking-between-vrfs

funkylicious

SuperUser

Hi,

My bet is since you are using another interface as update-source in BGP that you need to advertised that network, 10.4.10.34/32 into BGP, since u are using it as next-hop-self for all network advertised.

"jack of all trades, master of none"

slouwAuthor

Explorer III

Thanks @funkylicious.
10.4.10.34 and 10.4.10.31 can ping each other. They are the 2 ends of the healthy BGP peer.
Below is the BGP summary from the other (hub) side.

2023-12-17 08h55m28 hub get bgp summary.png

I changed the router ID from 10.220.5.48 to the loopback 10.222.80.1 no change in outcome though.
Appreciate the suggestion though.... please share if any more ideas come!

SassiVeeran

Staff

Hi,

You may refer link here to find out possible cause for route not advertise to the neighbor.

https://community.fortinet.com/t5/FortiGate/Technical-Note-Common-issue-when-trying-to-advertise-a-subnet-to/ta-p/193295

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Advertise-a-BGP-route-not-present-in-the-routing/ta-p/197723

slouwAuthor

Explorer III

Post1:

"This command is not used to enable BGP on interfaces (as a matter of fact, there is no such concept in BGP, as there is in IGPs), but it is used to inject routes from the routing table to the BGP table so they can be advertised to BGP peers. For this to happen, an exact route for the prefix that needs to be advertised should be installed in the routing table on the BGP-speaking router."

This condition is met I think. My loopback address is 10.222.80.1/32 and advertised as such

Agree?

Post2: - More of less the same thing but discusses set network-import-check disable.

Thanks though...

Toshi_Esumi

SuperUser

Loopback interfaces are in "connected" routes just like any other interfaces. You have to redistribute them into BGP.

   config redistribute "connected"
       set status enable
   end

Toshi

slouwAuthor

Explorer III

Thanks @Toshi_Esumi
Is this the only way to advertise into BGP?
config network /set prefix as in screenshot does nothing?
Thanks again

Toshi_Esumi

SuperUser

I'm talking about "redistribution" from connected routes into BGP. Not "advertisement", which is inside of BGP domain.
If you run "get router info bgp network", you wouldn't see the loopback interface IP in BGP table. If it's not in the table, you would never be able to "advertise" whatever the command, like "config network", you use. Because it's not there to be advertised.

Toshi

Toshi_Esumi

SuperUser

Ok, I found another option. If you disable "network-import-check" for this loopback network, it still advertises it to neighbors without redistributing connected routes. I referred to below KB.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Advertise-a-BGP-route-not-present-in-the-routing/ta-p/197723

config router bgp
--<snip>--
   config network
       edit 1
           set prefix 10.255.255.129 255.255.255.255
           set network-import-check disable
       next
       edit 2
           set prefix 10.68.3.224 255.255.255.240
       next
       edit 3
           set prefix 10.68.27.0 255.255.255.0
       next
   end
   config redistribute "connected"
   end

fg40f-utm (root) # get router info bgp network 10.255.255.129
VRF 0 BGP routing table entry for 10.255.255.129/32
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
  10.241.128.121
Original VRF 0
Local
   0.0.0.0 from 0.0.0.0 (192.168.199.253)
     Origin IGP, localpref 100, weight 32768, valid, sourced, local, best
     Last update: Sat Dec 16 21:51:46 2023

So it must be filtering out the loopback route with import-check.

Toshi

Toshi_Esumi

SuperUser

It's not conclusive actually. It might have been dragging the state from when I enabled redistibution. When I removed all those config I added to BGP then re-configured from scratch only one network statement for the loopback interface then added "set network-import-check disable", it didn't advertise the route to the neighbor.

Toshi

srajeswaran

Staff

Do you see the loopback address under bgp networks on FG40-Lab-6954S ? Can you run "get router info bgp network" and confirm?

slouwAuthor

Explorer III

@srajeswaran good question thank you. I was wondering/looking into a VRF angle on this matter. The loopback is in vrf=7 (Ref 2 in screenshot) and does in fact appear in the bgp database (is that the right term? BGP database or BGP routing table?) Ref 1 in screenshot

The overlay interface over which BGP is running is in fact in VRF 1 (Ref 3) Might this matter?

What if I build another overlay in vrf 7 (same as loopback)?

2023-12-18 10h42m41 Loopback and VRFs.png

srajeswaranAnswer

Staff

Each VRF routes are isolated so if your route is in VRF7, it will not be present in BGP databse/table on VRF1. You may configure VRF route leaking https://docs.fortinet.com/document/fortigate/6.4.0/new-features/834664/route-leaking-between-vrfs

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded