Technical Tip: 0.0.0.0/0 on Route-Tag Objects

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 379069

Description

This article describes how to handle a specific case where 0.0.0.0 is tagged on BGP route-tags.

Scope

FortiGate, BGP.

Solution

When 0.0.0.0/0 is received via BGP and the route-tag is applied:

get router info bgp network <--- Shows the BGP database.

Network Next Hop Metric LocPrf Weight RouteTag Path
* i0.0.0.0/0 10.100.72.2 0 100 0 44 ? <-/->

*>i10.0.0.0 10.100.72.1 20 200 0 44 ? <-/1>

*>i10.0.0.0/16 10.100.72.1 20 200 0 44 ? <-/1>

*>i10.0.10.0/24 10.100.72.83 20 100 0 44 ? <-/1>

*>i10.0.21.0/24 10.100.72.101 20 100 0 44 ? <-/1>

*>i10.0.31.0/25 10.100.72.64 20 100 0 44 ? <-/1>

* i10.0.255.208/29 10.100.72.87 2 100 0 44 ? <-/->

It will suppress the other routes. Therefore, on the output of the diagnose firewall route_tag list, only one route can be seen:

diagnose firewall route_tag list
list route tag info(vf(root)):
route tag address, route_tag(44) vrf_num(1):
vrf id(0), num(1): 0.0.0.0-255.255.255.255

The above output does not mean that the route tag will apply to all routes in the RIB or to none of them.
The address object will only be subject to the tagged routes (which can be verified via get router info bgp network).

250

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: 0.0.0.0/0 on Route-Tag Objects

You are leaving our website