Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
maulishshah
Staff
Staff

Created on ‎12-05-2023 05:51 AM

Article Id 287305

Technical Tip: BGP Prefix Withdrawn entries in BGP logs

Description This article describes why BGP peer withdrawn prefixes from the routing table.
Scope

FortiGate, BGP.
Solution

If the BGP has a route missing in the routing table, it is necessary to run the following commands to collect the logs:

 

diagnose debug disable

diagnose debug reset

diagnose ip router bgp all enable

diagnose ip router bgp level info

diagnose debug enable

 

BGP: 10.1.1.92-Outgoing [DECODE] Update: NLRI Len(4)
BGP: 10.1.1.92-Outgoing [FSM] State: Established Event: 27
BGP: 10.1.1.92-Outgoing [RIB] Update: Received Prefix 10.25.69.0/23 path_id 0
BGP: [DAMP] bgp_rfd_rt_withdraw(): No dampening reqd
BGP: [DAMP] bgp_rfd_rt_withdraw(): Route State: NONE, ret=0
BGP: [DAMP] bgp_rfd_rt_update(): Route State: NONE, ret=0

BGP: 10.1.1.92-Outgoing [FSM] State: Established Event: 34
BGP: 10.1.1.92-Outgoing [ENCODE] Msg-Hdr: Type 2
BGP: 10.1.1.92-Outgoing [ENCODE] Attr IP-Unicast: Tot-attr-len 24
BGP: 10.1.1.92-Outgoing [ENCODE] Update: Msg #2033 Size 51
BGP: [RIB] Scanning BGP Network Routes for VRF 0...
BGP: 10.1.1.92-Outgoing [FSM] State: Established Event: 34
BGP: 10.1.1.92-Outgoing [ENCODE] Msg-Hdr: Type 2
BGP: 10.1.1.92-Outgoing [ENCODE] Update Withdrawn: Prefix 10.25.69.0/23
BGP: 10.1.1.92-Outgoing [ENCODE] Update: Msg #1907 Size 27

 

This log shows that the route has been withdrawn from the routing table, and the BGP peer sending out the update.

 

This could be possible because of three reasons:

  1. The IP prefix, which designates destinations for a previously advertised route, can be included in the WITHDRAWN ROUTES field within the UPDATE message. This action effectively marks the associated route as unavailable for use.

  2. A BGP speaker can advertise a replacement route containing the same Network Layer Reachability Information (NLRI) as the route being withdrawn. By sharing this replacement route, the speaker signals that the previous route is no longer available.

  3. Closing the connection between BGP speakers results in the implicit removal from service of all routes that were previously advertised between the pair of speakers. This action signifies the withdrawal of all routes shared between those specific peers.

These methods enable BGP speakers to effectively communicate the unavailability of routes to their peers, ensuring efficient routing within the network.
350
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.