Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
subramanis
Staff
Staff

Created on ‎08-11-2021 04:26 AM Edited on ‎03-20-2025 11:39 PM By Community Manager

Article Id 194698

Technical Tip: BGP routes not added into the routing table when OSPF is active

Description


This article describes that he BGP route with better AD 20 is not installed into the routing table while the OSPF route with AD 110 is preferred (if any BGP link fails the BGP routes will not come back as long as OSPF is online).

The route received from OSPF is redistributed into BGP.

 

Scope

 

FortiGate.

Solution


Diagram.


 
 
 


FGT1 receives 10.0.0.0/24 network via FGT2 over BGP.                                                    <----- Primary Route.
FGT1 receives 10.0.0.0/24 network via FGT3 over OSPF.                                                  <----- Backup path.

 

FGT1 # show router  ospf
# config router ospf
    set router-id 172.16.16.1
    # config area
        edit 0.0.0.0
    next
end
    # config ospf-interface
        edit "1"
            set interface "port2"
        next
    end
    # config network
        edit 1
            set prefix 172.16.16.0 255.255.255.0
        next
    end

Hub # show router bgp
# config router bgp
    set as 64512
    set router-id 172.17.17.1
    # config neighbor
        edit "172.17.17.2"
            set remote-as 64513
        next
    end
    # config redistribute "ospf"                                           <----- Redistributed OSPF into BGP.
        set status enable
    end


Before the BGP link failure/manually clear the BGP neighbourship.

 

FGT1 # get router info bgp neighbors 172.17.17.2 received-routes | grep 10.0.0.0/24
*> 10.0.0.0/24      172.17.17.2                            0        0 64513 i <-/->

FGT1 # get router info routing-table details | grep 10.0.0.0/24
B       10.0.0.0/24 [20/0] via 172.17.17.2, port3, 00:00:22

 

The route received from BGP is installed in the routing table and the OSPF route kept in the database table.

 

FGT1 # get router info ospf route | grep 10.0.0.0/24
O  10.0.0.0/24 [101] via 172.16.16.2, port2, Area 0.0.0.0

FGT1# get router info routing-table database | grep 10.0.0.0/24
O       10.0.0.0/24 [110/101] via 172.16.16.2, port2, 00:01:05             <----- OSPF in the database.
B    *> 10.0.0.0/24 [20/0] via 172.17.17.2, port3, 00:02:55


After the BGP link failure/manually cleared the BGP neighbourship.

 

FGT1 # get router info routing-table details | grep 10.0.0.0/24
O       10.0.0.0/24 [110/101] via 172.16.16.2, port2, 00:09:44

 

The OSPF route in the database table installed into the routing table once the BGP link down.

the BGP link is restored but it’s not installing into the routing table, still the OSPF route with higher AD 110 is preferred over BGP AD 20.

 

FGT1 # get router info bgp neighbors 172.17.17.2 received-routes | grep 10.0.0.0/24
*> 10.0.0.0/24      172.17.17.2                            0        0 64513 i <-/->

FGT1 # get router info routing-table details | grep 10.0.0.0/24
O       10.0.0.0/24 [110/101] via 172.16.16.2, port2, 00:17:38

 

The issue is redistributing the OSPF route into BGP.

 

Hub # get router info bgp  network
VRF 0 BGP table version is 2, local router ID is 172.17.17.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight RouteTag Path
*  10.0.0.0/24      172.17.17.2              0             0        0 64513 i <-/->
*>                  172.16.16.2            101         32768        0 ? <-/1>
Total number of prefixes 1

 

The network 10.0.0.0/24 leaned via its peer 172.17.17.2 is having default weight 0 but the redistributed network from OSPF (next hop 172.16.16.2) to BGP has 32768.

When the eBGP link went down, the OSPF route was installed into the routing table and redistributed into BGP routing table.
The redistributed route in BGP is considered locally originated so it has a default weight of 32768.

When the eBGP link comes back up, the BGP routing table will have 2 entries for the same network so, considering the best path selection, BGP chooses the one with the higher weight so it will remain with the route learned from OSPF.

It is possible to avoid this by configuring the BGP weight for the route to be higher than the locally injected routes (OSPF).

Example.

 

config router prefix-list
    edit "Test-Network"
    # config rule
        edit 1
            set prefix 10.0.0.0/24
        end
    end

config router route-map
    edit "test-map"
    # config rule
        edit 1
            set match-ip-address "Test-Network"
            set set-weight 32769
        end

config router bgp
config neighbor
    edit 172.17.17.2
        set route-map-in "test-map"
    next
end

Hub # get router info bgp  network
VRF 0 BGP table version is 2, local router ID is 172.17.17.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight RouteTag Path
*> 10.0.0.0/24      172.17.17.2              0         32769        0 64513 i <-/1>
*                          172.16.16.2            101         32768        0 ? <-/->

Total number of prefixes 1

 

Now the weight has changed to 32769 which is higher than the redistributed network.

Labels:
11354
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.