Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sachin_Alex_Cherian_
Staff
Staff

Created on ‎03-21-2019 12:47 AM Edited on ‎10-17-2022 05:20 AM By Moderator

Article Id 194776

Technical Note: BGP multiple local-AS configuration and advertisement

Description


The article explains how the correct AS paths can be advertised in case of scenarios where multiple local AS needs to be configured.

Scope


Note: This article only concerns versions greater than or equal to FortiOS 5.4.2 since the local-AS functionality has only been implemented since that version.


Solution

 

BGP routers advertise routes that originate within its autonomous system (AS) with an AS path length of one, listing only its own AS number specified under BGP  configuration (e.g. set as 12345).
 
Note: The local-as command does not replace the AS number advertised to peers, it prepends it to the actual AS number, resulting in an AS path length of two. Routes advertised to neighbors with a local AS configured will appear to arrive via the specified AS, but will still be known to have originated from the actual AS.

 

BGP Configuration:


# config router bgp
    set as 12345
    set router-id 5.5.5.5

 

# config neighbor
        edit "10.40.51.61"
            set remote-as 60000
            set local-as 56300
            set local-as-replace-as enable
            set send-community6 disable
        next
    end

 

# config network
        edit 1
            set prefix 5.5.5.5 255.255.255.255
        next
    end

 

Output verification:

 

get router info bgp neighbors 10.40.51.11 routes

BGP table version is 8, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight RouteTag Path
*> 5.5.5.5/32       10.40.51.11              0             0        0 56300 i

Total number of prefixes 1


If the specified command 'set local-as-replace-as enable' is not added, then the peer will receive the routes with two AS numbers as seen below:

 

get router info bgp neighbors 10.40.51.11 routes

BGP table version is 7, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight RouteTag Path
*> 5.5.5.5/32       10.40.51.11              0             0        0 56300 12345 i

Total number of prefixes 1


Notes:


- This particular configuration can only be done over the CLI until FortiOS version 7.0.

- This option is made available on GUI also from FortiOS version 7.2.0 and above.

- Specifying only the local-as alone and leaving the global command 'set as 12345' will not work as the global command is required to initiate the BGP session.

 

akileshc_0-1666007611013.png

 

Related Articles:

Technical Note: Adding BGP community string to route updates and control BGP routes advertisements b...

23172
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.