Description
This article describes how FortiOS supports MP-BGP (Multiprotocol BGP), and with the default settings will advertise IPv6 prefixes over an IPv4-only peering.
For more information about MP-BGP, check RFC 4760.
Scope
FortiOS.
Solution
To demonstrate the behavior, use the following topology:
FGT1 and FGT2 have an IPv4-only peering, and FGT2 is advertising an IPv6 loopback prefix over IPv4.
Relevant configuration:
FGT1:
config router bgp
set as 65001
set router-id 10.0.0.1
config neighbor
edit "10.191.84.155"
set remote-as 65002
next
end
config network
edit 1
set prefix 10.191.80.0 255.255.240.0
next
end
FGT2:
config router bgp
set as 65002
set router-id 10.0.0.2
config neighbor
edit "10.191.83.40"
set remote-as 65001
next
end
config network
edit 1
set prefix 10.191.80.0 255.255.240.0
next
end
config network6
edit 1
set prefix6 2001:beef:beef:cafe::1/128
next
end
If checking the IPv6 subnets received on FGT1 from FGT2, it will show the IPv6 prefix being advertised:
FGT1 # get router info6 bgp network
VRF 0 BGP table version is 2, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path
*> 2001:beef:beef:cafe::1/128
fe80::261:75ff:fe64:3802
0 0 0 65002 i <-/1>
With the command 'get router info bgp neighbors <neighbor IP>', it is possible to confirm that by default IPv6 address family is enabled:
FGT1 # get router info bgp neighbors "10.191.84.155"
VRF 0 neighbor table:
BGP neighbor is 10.191.84.155, remote AS 65002, local AS 65001, external link
BGP version 4, remote router ID 10.0.0.2
BGP state = Established, up for 01:01:57
Last read 00:00:42, hold time is 180, keepalive interval is 60 seconds
Configured hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and received
Address family IPv6 Unicast: advertised and received <<<<<<<<<<<<<<
Received 74 messages, 0 notifications, 0 in queue
Sent 73 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
NLRI treated as withdraw: 0
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
1 accepted prefixes, 1 prefixes in rib
1 announced prefixes
For address family: VPNv4 Unicast
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
0 accepted prefixes, 0 prefixes in rib
0 announced prefixes
For address family: IPv6 Unicast
BGP table version 2, neighbor version 1
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
1 accepted prefixes, 1 prefixes in rib
0 announced prefixes
Connections established 1; dropped 0
Local host: 10.191.83.40, Local port: 179
Foreign host: 10.191.84.155, Foreign port: 18346
Egress interface: 4
Nexthop: 10.191.83.40
Nexthop interface: port2
Nexthop global: fe80::262:65ff:fe6e:2802
Nexthop local: ::
BGP connection: non shared network
If it is not desired to receive IPv6 prefixes over IPv4 peers, it is possible to disable the corresponding IPv6 address family, like so:
FGT1 # config router bgp
FGT1 (bgp) # config neighbor
FGT1 (neighbor) # edit 10.191.84.155
set activate6 disable
end
end
The command 'get router info6 bgp network' will not show any prefixes now:
FGT1 # get router info6 bgp network
<empty>
