Technical Tip: Difference between BGP 'received-routes' and 'routes' commands

ojacinto · ‎09-07-2023

Description

This article describes the difference between BGP 'received-routes' and 'routes' commands.

Scope

FortiGate.

Solution

get router info bgp neighbors x.x.x.x received-routes

This command displays all received routes (both accepted and rejected) from the specified neighbor.

get router info bgp neighbors x.x.x.x routes

This command shows the routes coming from the x.x.x.x BGP neighbor after any inbound policy has been applied for that specific neighbor.
In other words, it displays all routes that are received and accepted from neighbors. The information displayed is a subset of the output displayed by the received-routes command.

Validation:

In this example, BGP is configured on two FortiGate devices:

FG-SPOKE1 is receiving the prefixes from its FGT BPG peering 172.16.30.1:

10.212.134.0/24
172.16.0.0/24
192.168.10.0
192.168.11.0
192.168.12.0

On FG-SPOKE1, filter the prefixes to accept only 192.168.10.0/24,192.168.11.0/24 and 192.168.12.0/24.

Before applying any inbound policy on FG-SPOKE1, received-routes and routes commands show the same prefixes information:

FG-SPOKE1 # get router info bgp neighbors 172.16.30.1 received-routes
VRF 0 BGP table version is 8, local router ID is 192.168.101.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Route Tag Path
*>i10.212.134.0/24 172.16.30.1 100 0 0 i <1/->
*>i172.16.0.0/24 172.16.30.1 100 0 0 i <1/->
*>i192.168.10.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.11.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.12.0 172.16.30.1 100 0 0 i <1/->

Total number of prefixes 5

FG-SPOKE1 # get router info bgp neighbors 172.16.30.1 routes
VRF 0 BGP table version is 8, local router ID is 192.168.101.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Route Tag Path
*>i10.212.134.0/24 172.16.30.1 100 0 0 i <1/->
*>i172.16.0.0/24 172.16.30.1 100 0 0 i <1/->
*>i192.168.10.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.11.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.12.0 172.16.30.1 100 0 0 i <1/->

Total number of prefixes 5

Let's apply the following prefix-list and route-map to filter the prefixes on FG-SPOKE1:

config router prefix-list
edit "blocked_inbound"
config rule
edit 1
set action deny
set prefix 10.212.134.0 255.255.255.0
unset ge
unset le
next
edit 2
set action deny
set prefix 172.16.0.0 255.255.255.0
unset ge
unset le
next
edit 3
set prefix any
unset ge
unset le
next
end
next
end

config router route-map
edit "Blocked_Inbound_prefix"
config rule
edit 1
set match-ip-address "blocked_inbound"
next
end
next
end

And apply the route-map into BGP neighbor's setting (route-map-in):

config router bgp
set as 65001
set router-id 192.168.101.254
config neighbor
edit "172.16.30.1"
set soft-reconfiguration enable
set remote-as 65001
set route-map-in "Blocked_Inbound_prefix" <--
next

It is possible to run the BGP debug after applying the route-map-in to the BGP neighbor to see how the prefixes are filtered:

diagnose ip router bgp all enable

diagnose ip router bgp nsm enable
diagnose ip router bgp level info
diagnose debug console timestamp enable

2023-09-07 15:09:09 BGP: 172.16.30.1-Outgoing [FSM] State: OpenSent Event: 19
2023-09-07 15:09:09 BGP: 172.16.30.1-Outgoing [ENCODE] Msg-Hdr: Type 4
2023-09-07 15:09:09 BGP: 172.16.30.1-Outgoing [ENCODE] Keepalive: 1236 KAlive msg(s) sent
2023-09-07 15:09:09 BGP: bgp_keepalive_proc: notif_rcv 4-4
2023-09-07 15:09:09 BGP: 172.16.30.1-Outgoing [DECODE] Msg-Hdr: type 4, length 19
2023-09-07 15:09:09 BGP: 172.16.30.1-Outgoing [DECODE] KAlive: Received!
2023-09-07 15:09:09 BGP: 172.16.30.1-Outgoing [FSM] State: OpenConfirm Event: 26
2023-09-07 15:09:09 id=20300 msg="BGP: %BGP-5-ADJCHANGE: VRF 0 neighbor 172.16.30.1 Up "
2023-09-07 15:09:10 BGP: 172.16.32.1-Outgoing [FSM] State: Connect Event: 9
2023-09-07 15:09:11 BGP: 172.16.31.1-Outgoing [FSM] State: Connect Event: 9
2023-09-07 15:09:19 BGP: [RIB] Scanning BGP Network Routes for VRF 0...
2023-09-07 15:09:29 BGP: 172.16.32.1-Outgoing [FSM] State: Connect Event: 9
2023-09-07 15:09:30 BGP: 172.16.31.1-Outgoing [FSM] State: Connect Event: 9
2023-09-07 15:09:34 BGP: [RIB] Scanning BGP Network Routes for VRF 0...
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [DECODE] Msg-Hdr: type 2, length 84
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [DECODE] Update: Starting UPDATE decoding... Bytes To Read (65), msg_size (65)
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [DECODE] Update: NLRI Len(40)
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [FSM] State: Established Event: 27
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [RIB] <----- Update: Prefix 10.212.134.0/24 path_id 1 denied due to route-map.
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [RIB] Update: Received Prefix 192.168.12.0/24 path_id 1
2023-09-07 15:09:34 BGP: [NSM] Verified NH 172.16.30.1 with NSM
2023-09-07 15:09:34 BGP: VRF 0 NSM announce: 192.168.12.0/24
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [RIB] Update: Received Prefix 192.168.11.0/24 path_id 1
2023-09-07 15:09:34 BGP: VRF 0 NSM announce: 192.168.11.0/24
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [RIB] Update: Received Prefix 192.168.10.0/24 path_id 1
2023-09-07 15:09:34 BGP: VRF 0 NSM announce: 192.168.10.0/24
2023-09-07 15:09:34 BGP: 172.16.30.1-Outgoing [RIB] <----- Update: Prefix 172.16.0.0/24 path_id 1 denied due to route-map.
2023-09-07 15:09:39 BGP: 172.16.30.1-Outgoing [FSM] State: Established Event: 34
2023-09-07 15:09:39 BGP: 172.16.30.1-Outgoing [ENCODE] Msg-Hdr: Type 2
2023-09-07 15:09:39 BGP: 172.16.30.1-Outgoing [ENCODE] Attr IP-Unicast: Tot-attr-len 21
2023-09-07 15:09:39 BGP: 172.16.30.1-Outgoing [ENCODE] Update: Msg #8 Size 68

Then, it is possible to see the difference between 'get router info bgp neighbors x.x.x.x received-routes' and 'get router info bgp neighbors x.x.x.x routes':

FG-SPOKE1 # get router info bgp neighbors 172.16.30.1 received-routes
VRF 0 BGP table version is 8, local router ID is 192.168.101.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Route Tag Path
*>i10.212.134.0/24 172.16.30.1 100 0 0 i <1/->
*>i172.16.0.0/24 172.16.30.1 100 0 0 i <1/->
*>i192.168.10.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.11.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.12.0 172.16.30.1 100 0 0 i <1/->

Total number of prefixes 5

FG-SPOKE1 received 5 prefixes (accepted and rejected prefixes before applying the inbound policy).

FG-SPOKE1 # get router info bgp neighbors 172.16.30.1 routes
VRF 0 BGP table version is 8, local router ID is 192.168.101.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Route Tag Path
*>i192.168.10.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.11.0 172.16.30.1 100 0 0 i <1/->
*>i192.168.12.0 172.16.30.1 100 0 0 i <1/->

Total number of prefixes 3

Here, only 3 prefixes are accepted after applying the inbound-policy to BGP peering.