Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hhasny
Staff
Staff

Created on ‎12-01-2024 09:23 PM Edited on ‎12-01-2024 09:23 PM By Community Manager

Article Id 361563

Technical Tip: FortiGate BGP flapping due to IPv6 advertisement

Description This article describes a BGP peer flapping due to an IPv6 advertisement
Scope FortiGate,
Solution

When FortiGate peers with other devices there are instances where the BGP peering with IPV4 would flap even though the link is stable.

 

When the BGP is configured using the GUI the 'config network6' would be added.

The BGP debug would also show 'Update MP Reach: Prefix ::/128'.

 

From the BGP error message could be seen 'UPDATE Message Error/Optional Attribute Error.' from the peer. 

This would cause the peer to bring down the peering due to not accepting the IPv6 prefix.

 

To avoid the advertisement of the IPv6 prefix over BGP, the following command can be configured:

 

config router bgp

    config neighbor

        edit "NEIGHBOR-PEER-IP"

            set activate6 disable

        next

     end

  end

 

The FortiGate will stop advertising the IPv6 prefix to the neighbor.
74
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.