Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ppatel
Staff
Staff

Created on ‎07-30-2021 07:59 AM Edited on ‎11-04-2024 10:03 PM By Community Manager

Article Id 195932

Technical Tip: BGP route selection process

Description


This article describes the BGP route selection process.

 

Scope

 

FortiGate.

Solution


Consider only routes with no AS loops and a valid next hop, and then:

  1. Prefer Highest Weight: FortiGate uses the weight attribute to prioritize routes, but it is only relevant locally on the FortiGate. Higher weights take precedence over lower ones.
  2. Prefer Highest Local Preference: This attribute is used within the same AS to determine the preferred path for outbound traffic. FortiGate allows setting local preference values, which apply only to paths within the AS.
  3. Prefer Route Originated by Local Router: FortiGate will prioritize routes originated locally (next hop = 0.0.0.0). This means routes created directly on the FortiGate are preferred over routes learned from external peers.
  4. Prefer Shortest AS Path: FortiGate will choose the path with the fewest AS hops, minimizing the number of networks traversed to reach the destination. Shorter AS paths are preferred as they are typically faster or more direct.
  5. Prefer Lowest Origin Code: Routes learned through IGP (Internal Gateway Protocol) are prioritized over EGP (External Gateway Protocol) and incomplete (unknown origin) routes. This ensures more reliable route selection based on protocol.
  6. Prefer Lowest MED: The Multi-Exit Discriminator (MED) attribute helps control inbound traffic from external autonomous systems. FortiGate favors the route with the lowest MED if MEDs are exchanged between peers.
  7. Prefer EBGP Over IBGP: FortiGate prefers EBGP (external) paths over IBGP (internal) paths, optimizing inter-AS traffic flow and reducing latency.
  8. Prefer Path Through Closest IGP Neighbor: If multiple IBGP paths exist, FortiGate will prefer the one through the closest IGP neighbor (lowest IGP metric), improving network efficiency.
  9. Prefer Oldest Route for EBGP Paths: FortiGate will choose the oldest route for stability in EBGP paths, preventing frequent route changes.
  10. Prefer Lowest Neighbor BGP Router ID: When all attributes are equal, FortiGate selects the path from the neighbor with the lowest BGP router ID.
  11. Prefer Lowest Neighbor IP Address: If BGP router IDs are the same, FortiGate defaults to the path with the lowest neighbor IP address as the tie-breaker.
Labels:
21324
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.