Technical Tip: Difference between BGP 'received-routes' and 'routes' commands

ojacinto · ‎09-07-2023

Description

This article describes the difference between BGP 'received-routes' and 'routes' commands.

Scope

FortiGate.

Solution

When soft-reconfiguration has been enabled, FortiGate maintains an unaltered table of routes received from remote peer. The table can be viewed using the following command.

get router info bgp neighbors x.x.x.x received-routes

The following command displays routes coming from the x.x.x.x BGP neighbor after any inbound policy has been applied for that specific neighbor.

get router info bgp neighbors x.x.x.x routes

Note:

If soft-reconfiguration was never enabled for a neighbor, received-routes will always show no prefix and the message 'Inbound soft reconfiguration is not enabled'. This is expected since the FortiGate does not maintain an unaltered database of prefixes in this case. See the article 'Technical Tip: BGP - Soft Reconfiguration vs. Route Refresh' for more information.

FG-SPOKE1 # get router info bgp neighbors 172.16.30.1 received-routes
% Inbound soft reconfiguration not enabled
% No prefix for neighbor 172.16.30.1

Validation:

In this example, BGP is configured on two FortiGate devices:

FG-SPOKE1 receives the following prefixes from its FGT BPG peering with 172.16.30.1:

10.212.134.0/24
172.16.0.0/24
192.168.10.0
192.168.11.0
192.168.12.0

On FG-SPOKE1, filter the prefixes to accept only 192.168.10.0/24, 192.168.11.0/24 and 192.168.12.0/24.

Before applying any inbound policy on FG-SPOKE1, the received-routes and routes commands show the same prefix information:

FG-SPOKE1 # get router info bgp neighbors 172.16.30.1 received-routes
VRF 0 BGP table version is 8, local router ID is 192.168.101.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Route Tag Path
*>i10.212.134.0/24 172.16.30.1 100 0 0 i <1/->
*>i172.16.0.0/24 172.16.30.1 100 0 0 i <1/->
*>i192.168.10.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.11.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.12.0 172.16.30.1 100 0 0 i <1/->

Total number of prefixes 5

FG-SPOKE1 # get router info bgp neighbors 172.16.30.1 routes
VRF 0 BGP table version is 8, local router ID is 192.168.101.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Route Tag Path
*>i10.212.134.0/24 172.16.30.1 100 0 0 i <1/->
*>i172.16.0.0/24 172.16.30.1 100 0 0 i <1/->
*>i192.168.10.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.11.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.12.0 172.16.30.1 100 0 0 i <1/->

Total number of prefixes 5

Apply the following prefix-list and route-map to filter the prefixes on FG-SPOKE1:

config router prefix-list
edit "blocked_inbound"
config rule
edit 1
set action deny
set prefix 10.212.134.0 255.255.255.0
unset ge
unset le
next
edit 2
set action deny
set prefix 172.16.0.0 255.255.255.0
unset ge
unset le
next
edit 3
set prefix any
unset ge
unset le
next
end
next
end

config router route-map
edit "Blocked_Inbound_prefix"
config rule
edit 1
set match-ip-address "blocked_inbound"
next
end
next
end

And apply the route-map to the BGP neighbor setting (route-map-in):

config router bgp
set as 65001
set router-id 192.168.101.254
config neighbor
edit "172.16.30.1"
set soft-reconfiguration enable
set remote-as 65001
set route-map-in "Blocked_Inbound_prefix"
next

end

It is possible to run the BGP debug after applying the route-map-in to the BGP neighbor to see how the prefixes are filtered:

diagnose ip router bgp all enable

diagnose ip router bgp nsm enable
diagnose ip router bgp level info
diagnose debug console timestamp enable

diagnose debug enable

Note:

Starting from v7.2.0+, it is possible to collect BGP debugs for a specific neighbor by using the filter command 'diagnose ip router bgp set-filter neighbor <neighbor address>'. Follow this KB article for more details: Technical Tip: Capture BGP debugs for a specific neighbor

2023-09-07 15:09:09 BGP: 172.16.30.1-Outgoing [FSM] State: OpenSent Event: 19
2023-09-07 15:09:09 BGP: 172.16.30.1-Outgoing [ENCODE] Msg-Hdr: Type 4
2023-09-07 15:09:09 BGP: 172.16.30.1-Outgoing [ENCODE] Keepalive: 1236 KAlive msg(s) sent
2023-09-07 15:09:09 BGP: bgp_keepalive_proc: notif_rcv 4-4
2023-09-07 15:09:09 BGP: 172.16.30.1-Outgoing [DECODE] Msg-Hdr: type 4, length 19
2023-09-07 15:09:09 BGP: 172.16.30.1-Outgoing [DECODE] KAlive: Received!
2023-09-07 15:09:09 BGP: 172.16.30.1-Outgoing [FSM] State: OpenConfirm Event: 26
2023-09-07 15:09:09 id=20300 msg="BGP: %BGP-5-ADJCHANGE: VRF 0 neighbor 172.16.30.1 Up "
2023-09-07 15:09:10 BGP: 172.16.32.1-Outgoing [FSM] State: Connect Event: 9
2023-09-07 15:09:11 BGP: 172.16.31.1-Outgoing [FSM] State: Connect Event: 9
2023-09-07 15:09:19 BGP: [RIB] Scanning BGP Network Routes for VRF 0...
2023-09-07 15:09:29 BGP: 172.16.32.1-Outgoing [FSM] State: Connect Event: 9
2023-09-07 15:09:30 BGP: 172.16.31.1-Outgoing [FSM] State: Connect Event: 9
2023-09-07 15:09:34 BGP: [RIB] Scanning BGP Network Routes for VRF 0...
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [DECODE] Msg-Hdr: type 2, length 84
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [DECODE] Update: Starting UPDATE decoding... Bytes To Read (65), msg_size (65)
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [DECODE] Update: NLRI Len(40)
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [FSM] State: Established Event: 27
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [RIB] <-----Update: Prefix 10.212.134.0/24 path_id 1 denied due to route-map.
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [RIB] Update: Received Prefix 192.168.12.0/24 path_id 1
2023-09-07 15:09:34 BGP: [NSM] Verified NH 172.16.30.1 with NSM
2023-09-07 15:09:34 BGP: VRF 0 NSM announce: 192.168.12.0/24
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [RIB] Update: Received Prefix 192.168.11.0/24 path_id 1
2023-09-07 15:09:34 BGP: VRF 0 NSM announce: 192.168.11.0/24
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [RIB] Update: Received Prefix 192.168.10.0/24 path_id 1
2023-09-07 15:09:34 BGP: VRF 0 NSM announce: 192.168.10.0/24
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [RIB] <----- Update: Prefix 172.16.0.0/24 path_id 1 denied due to route-map.
2023-09-07 15:09:39 BGP: 172.16.30.1-Outgoing [FSM] State: Established Event: 34
2023-09-07 15:09:39 BGP: 172.16.30.1-Outgoing [ENCODE] Msg-Hdr: Type 2
2023-09-07 15:09:39 BGP: 172.16.30.1-Outgoing [ENCODE] Attr IP-Unicast: Tot-attr-len 21
2023-09-07 15:09:39 BGP: 172.16.30.1-Outgoing [ENCODE] Update: Msg #8 Size 68

Then, it is possible to see the difference between 'get router info bgp neighbors x.x.x.x received-routes' and 'get router info bgp neighbors x.x.x.x routes':

FG-SPOKE1 # get router info bgp neighbors 172.16.30.1 received-routes
VRF 0 BGP table version is 8, local router ID is 192.168.101.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Route Tag Path
*>i10.212.134.0/24 172.16.30.1 100 0 0 i <1/->
*>i172.16.0.0/24 172.16.30.1 100 0 0 i <1/->
*>i192.168.10.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.11.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.12.0 172.16.30.1 100 0 0 i <1/->

Total number of prefixes 5

FG-SPOKE1 received 5 prefixes (accepted and rejected prefixes before applying the inbound policy).

FG-SPOKE1 # get router info bgp neighbors 172.16.30.1 routes
VRF 0 BGP table version is 8, local router ID is 192.168.101.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Route Tag Path
*>i192.168.10.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.11.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.12.0 172.16.30.1 100 0 0 i <1/->

Total number of prefixes 3

Here, only 3 prefixes are accepted after applying the inbound-policy to BGP peering.

Technical Tip: Difference between BGP 'received-routes' and 'routes' commands

You are leaving our website