Technical Tip: How to implement BGP route summary (aggregation) on a FortiGate

Xav_FTNT · ‎07-01-2009

Description

This article describes the steps to announce multiple routes with one summary route in BGP.

Scope

All FortiGate or VDOM running in NAT mode.

Solution

Diagram:

Expectations, Requirements

This article contains the summary of the following connected networks:

* 10.162.0.0/255.255.254.0
* 10.162.2.0/255.255.254.0
* 10.162.4.0/255.255.254.0

=> As the following summarized route:
* 10.162.0.0/16

Configuration:

FGT-AS162 is the FortiGate on which is the configuration of the route summary.

FGT-AS162 (bgp) # show

config router bgp
        config aggregate-address
            edit 1
                set prefix 10.162.0.0 255.255.0.0
                set summary-only enable <- Only the aggregate route is advertised.
            next
        end
    set as 162

        config neighbor
            edit 10.142.0.110
                set remote-as 1
            next
        end

For the aggregate address to be advertised to the neighbor, at least one of its specific routes must be injected in the BGP RIB. So:

        config network
            edit 1
                set prefix 10.162.0.0 255.255.254.0
            next
            edit 2
                set prefix 10.162.2.0 255.255.254.0
            next
            edit 3
                set prefix 10.162.4.0 255.255.254.0
            next
        end

        config redistribute "connected"
        end

        config redistribute "rip"
        end

        config redistribute "ospf"
        end

        config redistribute "static"
        end

    set router-id 10.142.0.114
end

Verification:

FGT_ISP is ISP's border router.

FGT-AS162 is the FortiGate on which is the configuration to the route summary.

The following commands will be used:

# get router info bgp summary
# get router info bgp neighbors
# get router info bgp network
# get router info routing-table all

FGT-AS162:

FGT-AS162 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

S* 0.0.0.0/0 [10/0] via 192.168.183.254, port1
B 1.1.1.1/32 [20/0] via 10.142.0.110, port2, 01:03:29
C 10.142.0.0/23 is directly connected, port2
B 10.160.0.0/23 [20/0] via 10.142.0.110, port2, 00:02:07
B 10.162.0.0/16 [20/0] is a summary, Null, 00:12:16
C 10.162.0.0/23 is directly connected, port3
C 10.162.2.0/23 is directly connected, port5
C 10.162.4.0/23 is directly connected, port6
B 192.168.0.0/16 [20/0] via 10.142.0.110, port2, 01:03:29
B 192.168.0.0/21 [20/0] via 10.142.0.205, port2, 01:03:29
B 192.168.168.0/24 [20/0] via 10.142.0.110, port2, 01:03:29
C 192.168.182.0/23 is directly connected, port1

See above the null route in the routing table in order to prevent routing loops.

FGT-AS162 # get router info bgp network
BGP table version is 9, local router ID is 10.142.0.114
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.142.0.110 0 0 1 ?
*> 10.160.0.0/23 10.142.0.110 0 0 1 i
*> 10.162.0.0/16 0.0.0.0 32768 i <- This is the summary that will be sent.
s> 10.162.0.0/23 0.0.0.0 100 32768 i
s> 10.162.2.0/23 0.0.0.0 100 32768 i
s> 10.162.4.0/23 0.0.0.0 100 32768 i
*> 192.168.0.0/16 10.142.0.110 0 0 1 ?
*> 192.168.0.0/21 10.142.0.205 0 0 1 2 i
*> 192.168.168.0 10.142.0.110 0 0 1 ?
Total number of prefixes 9

See above the 's' letter that is preceding each route that is suppressed by BGP. Note that, if the 'summary-only' option is set to disable under the 'aggregate-address' configuration, those routes will not be suppressed.

On FGT_ISP:

FGT_ISP (bgp) # get router info bgp network
BGP table version is 18, local router ID is 10.142.0.110
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.183.254 32768 ?
*> 10.160.0.0/23 0.0.0.0 100 32768 i
*> 10.162.0.0/16 10.142.0.114 0 0 162 i
*> 192.168.0.0/16 192.168.183.254 32768 ?
*> 192.168.0.0/21 10.142.0.205 0 0 2 i
*> 192.168.168.0 192.168.183.254 32768 ?

Total number of prefixes 6

FGT_ISP (bgp) # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

S 1.1.1.1/32 [10/0] via 192.168.183.254, port1
C 10.142.0.0/23 is directly connected, port6
C 10.160.0.0/23 is directly connected, port2
B 10.162.0.0/16 [20/0] via 10.142.0.114, port6, 01:04:08 <- This is the summary received on the peer.
S 192.168.0.0/16 [10/0] via 192.168.183.254, port1
B 192.168.0.0/21 [20/0] via 10.142.0.205, port6, 19:30:25
S 192.168.168.0/24 [10/0] via 192.168.183.254, port1
C 192.168.182.0/23 is directly connected, port1

Related article:

Technical Note: Static NAT VIP accessible from 2 external interfaces with E-BGP peerings (dual-homin...