FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sagha
Staff
Staff
Article Id 190738

Description


This article describes the behavior of administrative distance and route installation into active routing table when same route is received from a different peer of the same routing protocol.

 

Scope

 

FortiGate.

Solution


BGP in this example has the option of configuring the admin-distance for routes using prefix lists:

 

config router access-list
    edit "int-routes"
     config rule
        edit 1
            set prefix 10.10.10.0 255.255.255.0
            set exact-match enable   
        end
    end

config router bgp
  config admin-distance
      edit 1
            set neighbour-prefix 192.168.79.254 255.255.255.255
            set route-list "int-routes"
            set distance 110
        next
        edit 2
            set neighbour-prefix 192.168.239.254 255.255.255.255
            set route-list "int-routes"
            set distance 120
       end
  end

 

In the above example, same route 10.10.10.0/24 is being received from two BGP peers and the administrative distance being set is different. Normally, the route learned via neighbor 192.168.79.254 is expected to be added to the routing table as it has the smaller AD of 110.

However, since the same routing protocol is used, which is BGP in this case, the comparison is done based on the BGP attributes.

 

get router info bgp network 10.10.10.0/24
BGP routing table entry for 10.10.10.0/24

  65002 65002 65002 65001
    192.168.79.254 from 192.168.79.254 (1.1.1.1)
      Origin IGP metric 10, localpref 99, valid, external
      Community: 3257:2170
      Last update: Wed Jun 24 14:07:38 2020

  65000 65000 65001
    192.168.239.254 from 192.168.239.254 (2.2.2.1)
      Origin IGP metric 10, localpref 100, valid, external, best
      Last update: Wed Jun 24 14:07:40 2020

 

As can be seen from the above output, the second route is selected as the best. Regardless of the distance when checking in the routing table, the route learned via neighbor 192.168.239.254, which has a higher AD of 120, will be added.


This is because this route is selected as preferred whena  comparison was done for routes based on BGP attributes.

 

get router info routing-table details | grep 10.10.
B       10.10.10.0/24[120/10] via 192.168.239.254, ext_vpn

 

The route selection process is as follows:

  1. At the start, the best route is selected within the routing protocol database, in this case, as with BGP.
  2. Then this route is sent to the routing database along with any similar routes learned via OSPF or any static routes.
  3. The comparison takes place between these routes in the routing database and afterwards the best is selected and added to the active routing table.

To sum it up, the functionality of howthe  route gets installed is as follows:

  1. Prefer a subnet learned via two neighbors having the same routing protocol ---> Use the attributes of that routing protocol, for example, for BGP use its attributes and for OSPF to use cost/metric etc.
  2. Prefer a subnet learned via two different routing protocols ---> Route gets installed into the routing table and then based on AD.

Note: 

 By default, BGP Administrative distance is 20 for External BGP and 200 for Internal BGP (iBGP)

 

Related articles:

Troubleshooting Tip: To prefer the specific OSPF route over EBGP