Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nwynn
Staff
Staff

Created on ‎03-19-2025 10:59 AM

Article Id 383198

Technical Tip: ECMP neighbor flap causes all routes to refresh

Description This article describes the FortiOS route refresh logic that applies when you have BGP neighbors with ecmp routes, and one neighbor flaps. Causing all ecmp routes to refresh.
Scope FortiOS 5.x, 6.x and 7.x.
Solution

The following cli output shows the routing table behavior of a BGP ecmp neighbor flap, and all routes on both neighbors refreshing.

 

2 BGP neighbors are configured:

 

FGT-1 # show router bgp
config router bgp
    set as 65024
        set ebgp-multipath enable
            config neighbor
                edit "100.64.100.48"
                    set advertisement-interval 1
                    set soft-reconfiguration enable
                    set remote-as 19855
                    set send-community standard
                    set send-community6 disable
                    set keep-alive-timer 3
                    set holdtime-timer 9
                next
            edit "100.65.100.48"
                set advertisement-interval 1

                set soft-reconfiguration enable
                set remote-as 19855
                set send-community standard
                set send-community6 disable
                set keep-alive-timer 3
                set holdtime-timer 9
            next
        end


Neighbor 100.64.100.48 recently went down at 00:34:54 uptime.

Neighbor 100.65.100.48 remained stable at 02:02:27 uptime.

 

FGT-1 # get router info bgp summary
VRF 0 BGP router identifier 100.126.0.24, local AS number 65024
BGP table version is 134
23 BGP AS-PATH entries
1 BGP community entries

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
100.64.100.48 4 19855 324888 362342 133 0 0 00:34:54 263
100.65.100.48 4 19855 324226 364067 132 0 0 02:02:27 263

Total number of neighbors 2

 

Note that all BGP routes reset uptime. Even though only one neighbor flapped.

 

FGT-1 # get router info routing-table bgp
Routing table for VRF=0
B 10.4.7.0/24 [20/0] via 100.65.100.48, wan1, 00:34:27
[20/0] via 100.64.100.48, wan2, 00:34:27
B 10.10.152.0/24 [20/0] via 100.65.100.48, wan1, 00:34:27
[20/0] via 100.64.100.48, wan2, 00:34:27
B 10.11.12.0/24 [20/0] via 100.65.100.48, wan1, 00:34:27
[20/0] via 100.64.100.48, wan2, 00:34:27
B 10.11.112.0/24 [20/0] via 100.65.100.48, wan1, 00:34:27
[20/0] via 100.64.100.48, wan2, 00:34:27
B 10.11.212.0/24 [20/0] via 100.65.100.48, wan1, 00:34:27
[20/0] via 100.64.100.48, wan2, 00:34:27
B 10.14.0.0/16 [20/0] via 100.65.100.48, wan1, 00:34:27
[20/0] via 100.64.100.48, wan2, 00:34:27
B 10.18.240.0/24 [20/0] via 100.65.100.48, wan1, 00:34:27
[20/0] via 100.64.100.48, wan2, 00:34:27
B 10.18.241.0/24 [20/0] via 100.65.100.48, wan1, 00:34:27
[20/0] via 100.64.100.48, wan2, 00:34:27
B 10.18.243.96/27 [20/0] via 100.65.100.48, wan1, 00:34:27
[20/0] via 100.64.100.48, wan2, 00:34:27

 

This is the expected behavior since they are ECMP route with 2 paths. A change of one path will make the whole route update, but there will not be any traffic disturbance on the other link.
Labels:
92
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.