Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGuard
- FortiGuest
- FortiGate Cloud
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNDR (on-premise)
- FortiNAC
- FortiNAC-F
- FortiNDRCloud
- FortiPhish
- FortiPAM
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiTester
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiVoice
- FortiWAN
- FortiToken
- FortiAppSec Cloud
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- Lacework
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: Difference between BGP neighbor/Rou...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
| Description |
This article describes the difference between 'set weight' under BGP neighbor, and 'set set-weight' under BGP route-map. |
| Scope | FortiGate. |
| Solution |
Using the weight parameter under the route map gives the granular control over each route from/through a neighbor.
To better understand, consider the below-given topology and scenario(s):
HUB: (tunnel ip 10.10.1.1, 10.10.2.1) 6.6.6.0/24
spoke1: (tunnel ip 10.10.1.2, 10.10.2.2 3.3.3.0/24 4.4.4.0/24 3.3.4.0/24
spoke2: (tunnel ip 10.10.1.3, 10.10.2.3) 1.1.1.0/24 2.2.2.0/24 1.1.2.0/24 1.1.3.0/24
The routing table of HUB before making any changes:
HUB # get router info bgp network Network Next Hop Metric LocPrf Weight RouteTag Path * i1.1.1.0/24 10.10.2.3 0 100 0 0 i <-/-> *>i 10.10.1.3 0 100 0 0 i <-/1> *>i1.1.2.0/24 10.10.1.3 0 100 0 0 i <-/1> * i 10.10.2.3 0 100 0 0 i <-/-> * i1.1.3.0/24 10.10.2.3 0 100 0 0 i <-/-> *>i 10.10.1.3 0 100 0 0 i <-/1> * i2.2.2.0/24 10.10.2.3 0 100 0 0 i <-/-> *>i 10.10.1.3 0 100 0 0 i <-/1> * i3.3.3.0/24 10.10.2.2 0 100 0 0 i <-/-> *>i 10.10.1.2 0 100 0 0 i <-/1> * i3.3.4.0/24 10.10.2.2 0 100 0 0 i <-/-> *>i 10.10.1.2 0 100 0 0 i <-/1> * i4.4.4.0/24 10.10.2.2 0 100 0 0 i <-/-> *>i 10.10.1.2 0 100 0 0 i <-/1> *> 6.6.6.0/24 0.0.0.0 100 32768 0 i <-/1>
Total number of prefixes 8
Scenario 1 (BGP neighbor):
Initially based on the BGP route selection process, 10.10.1.3 neighbor’s route will be selected over 10.10.2.3. Once increasing the 'BGP neighbor' weight of neighbor 10.10.2.3, this will eventually prioritize all routes of 10.10.2.3 over 10.10.1.3.
config router bgp config neighbor edit "10.10.2.3" set advertisement-interval 1 set capability-graceful-restart enable set link-down-failover enable set soft-reconfiguration enable set remote-as 65400 set route-map-in "block-map" set route-reflector-client enable next end
(exe router clear bgp all soft) --> soft reset BGP.
Results:
HUB# get router info bgp network
Network Next Hop Metric LocPrf Weight RouteTag Path *>i1.1.1.0/24 10.10.2.3 0 100 32770 0 i <-/1> * i 10.10.1.3 0 100 0 0 i <-/-> * i1.1.2.0/24 10.10.1.3 0 100 0 0 i <-/-> *>i 10.10.2.3 0 100 32770 0 i <-/1> *>i1.1.3.0/24 10.10.2.3 0 100 32770 0 i <-/1> * i 10.10.1.3 0 100 0 0 i <-/-> *>i2.2.2.0/24 10.10.2.3 0 100 32770 0 i <-/1> * i 10.10.1.3 0 100 0 0 i <-/-> * i3.3.3.0/24 10.10.2.2 0 100 0 0 i <-/-> *>i 10.10.1.2 0 100 0 0 i <-/1> * i3.3.4.0/24 10.10.2.2 0 100 0 0 i <-/-> *>i 10.10.1.2 0 100 0 0 i <-/1> * i4.4.4.0/24 10.10.2.2 0 100 0 0 i <-/-> *>i 10.10.1.2 0 100 0 0 i <-/1> *> 6.6.6.0/24 0.0.0.0 100 32768 0 i <-/1>
Total number of prefixes 8
HUB# get router info routing-table bgp Routing table for VRF=0 B 1.1.1.0/24 [200/0] via 10.10.2.3 (recursive is directly connected, HUBWAN2), 00:00:41, [1/0] B 1.1.2.0/24 [200/0] via 10.10.2.3 (recursive is directly connected, HUBWAN2), 00:00:41, [1/0] B 1.1.3.0/24 [200/0] via 10.10.2.3 (recursive is directly connected, HUBWAN2), 00:00:41, [1/0] B 2.2.2.0/24 [200/0] via 10.10.2.3 (recursive is directly connected, HUBWAN2), 00:00:41, [1/0] B 3.3.3.0/24 [200/0] via 10.10.1.2 (recursive is directly connected, HUB), 00:27:06, [1/0] [200/0] via 10.10.2.2 (recursive is directly connected, HUBWAN2), 00:27:06, [1/0] B 3.3.4.0/24 [200/0] via 10.10.1.2 (recursive is directly connected, HUB), 00:27:06, [1/0] [200/0] via 10.10.2.2 (recursive is directly connected, HUBWAN2), 00:27:06, [1/0] B 4.4.4.0/24 [200/0] via 10.10.1.2 (recursive is directly connected, HUB), 00:27:06, [1/0] [200/0] via 10.10.2.2 (recursive is directly connected, HUBWAN2), 00:27:06, [1/0]
Scenario 2 (BGP route-map):
Block 1.0.0.0/24 (i.e 1.1.1.0/24, 1.1.3.0/24) subnet from neighbor 10.10.2.3, however allow 1.1.2.0/24 using higher weight under route map (1.1.2.0/24 should not be routed anymore through 10.10.1.3).
config router access-list edit "1.0.0.0/8" config rule edit 1 set prefix 1.0.0.0 255.0.0.0 next edit "1.1.2.0/24" config rule edit 1 set prefix 1.1.2.0 255.255.255.0 next end
HUB# config router route-map
HUB(route-map) # edit "block-map"
HUB(block-map) # show config router route-map edit "block-map" config rule edit 1 set match-ip-address "1.1.2.0/24" set set-weight 32780 next edit 2 set action deny set match-ip-address "1.0.0.0/8" next end end
Results:
HUB# get router info bgp network VRF 0 BGP table version is 10, local router ID is 6.6.6.6 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path *>i1.1.1.0/24 10.10.1.3 0 100 0 0 i <-/1> *>i1.1.2.0/24 10.10.2.3 0 100 32780 0 i <-/1> * i 10.10.1.3 0 100 0 0 i <-/-> *>i1.1.3.0/24 10.10.1.3 0 100 0 0 i <-/1> *>i2.2.2.0/24 10.10.1.3 0 100 0 0 i <-/1> *>i3.3.3.0/24 10.10.1.2 0 100 0 0 i <-/1> * i 10.10.2.2 0 100 0 0 i <-/-> *>i3.3.4.0/24 10.10.1.2 0 100 0 0 i <-/1> * i 10.10.2.2 0 100 0 0 i <-/-> *>i4.4.4.0/24 10.10.1.2 0 100 0 0 i <-/1> * i 10.10.2.2 0 100 0 0 i <-/-> *> 6.6.6.0/24 0.0.0.0 100 32768 0 i <-/1>
Total number of prefixes 8
HUB# get router info routing-table bgp Routing table for VRF=0 B 1.1.1.0/24 [200/0] via 10.10.1.3 (recursive is directly connected, HUB), 00:00:34, [1/0] B 1.1.2.0/24 [200/0] via 10.10.2.3 (recursive is directly connected, HUBWAN2), 00:00:34, [1/0] B 1.1.3.0/24 [200/0] via 10.10.1.3 (recursive is directly connected, HUB), 00:00:34, [1/0] B 2.2.2.0/24 [200/0] via 10.10.1.3 (recursive is directly connected, HUB), 00:09:17, [1/0] B 3.3.3.0/24 [200/0] via 10.10.1.2 (recursive is directly connected, HUB), 00:16:21, [1/0] [200/0] via 10.10.2.2 (recursive is directly connected, HUBWAN2), 00:16:21, [1/0] B 3.3.4.0/24 [200/0] via 10.10.1.2 (recursive is directly connected, HUB), 00:16:21, [1/0] [200/0] via 10.10.2.2 (recursive is directly connected, HUBWAN2), 00:16:21, [1/0] B 4.4.4.0/24 [200/0] via 10.10.1.2 (recursive is directly connected, HUB), 00:16:21, [1/0] [200/0] via 10.10.2.2 (recursive is directly connected, HUBWAN2), 00:16:21, [1/0]
Note: The above-mentioned scenario could differ based on a sequence of rules in route map. The rule ID will determine which rule will be matched first: Technical Tip: Order of Processing Route-map Rules.
Related article: |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.