Description
Under BGP, the '# config network' statement forces advertisement of a prefix. iBGP should only advertise a prefix if it is present in the routing table with an exact match.
The BGP option 'network-import-check' allows to advertise a prefix even if it is not in the routing table or if the associated interface is down. This parameter should be used with caution. The option "network-import-check" is enabled by default.
Solution
On FGT1, there are no interfaces configured with IP Address 1.1.1.1, and no route is in the routing table for 1.1.1.1.
By default, network-import-check is enable:
FGT1 (bgp) # get | grep network-import-check
network-import-check: enable
Add a config network statement for 1.1.1.1 as shown below:
config router bgp
config network
edit 1
set prefix 1.1.1.0 255.255.255.0
next
end
FGT1 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [10/0] via 172.16.19.65, port6
C 10.0.0.0/30 is directly connected, port8
C 192.168.152.48/28 is directly connected, port9
C 172.16.19.64/28 is directly connected, port6
Disable the check to import a network:
config router bgp
set network-import-check disable
end
Get the following BGP network table entry, and note that the route shows up on an iBGP peer.
FGT1 # get router info bgp network
BGP table version is 1, local router ID is 192.168.152.49
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 100 32768 I
Total number of prefixes 1
FGT1 #
On the BGP peer:
FGT2 # get router info bgp network
BGP table version is 10, local router ID is 192.168.152.50
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.0/24 10.0.0.1 0 100 0 i
Total number of prefixes 1
FGT2 #
FGT2 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [10/0] via 172.16.20.66, port6
B 1.1.1.0/24 [200/0] via 10.0.0.1, port8, 00:00:38
C 10.0.0.0/30 is directly connected, port8
C 192.168.152.48/28 is directly connected, port9
C 172.16.20.64/28 is directly connected, port6
The network-import-check setting can be configured globally or per prefix, allowing flexibility in route synchronization. It can disable network-import-check for specific prefixes to do not apply it globally.
Note:
This setting is available starting from firmware version 7.0.4.
Global Configuration:
config router bgp
set network-import-check {enable | disable} (enabled by Default)
end
Per Prefix Configuration:
config router bgp
config {network | network6}
edit <id>
set prefix x.x.x.x/zz
set network-import-check {global | enable | disable}
next
end
end
Parameter Explanation:
`network-import-check {enable | disable}`
Enables or disables the check to ensure that a BGP network route exists in IGP (default = enable).
`network-import-check {global | enable | disable}`
Specifies the behavior of network synchronization for BGP network routes:
- `global`: Uses the global network synchronization value (default).
- `enable`: Enables network synchronization per prefix.
- `disable`: Disables network synchronization per prefix.
Example:
config router bgp
config network
edit 1
set prefix 2.2.2.3 255.255.255.255
set network-import-check disable
next
edit 2
set prefix 3.3.3.4 255.255.255.255
set network-import-check disable
next
end
end
Related article:
Technical Note: Common issue when trying to advertise a subnet to BGP peers
