Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hhasny
Staff
Staff

Created on ‎12-01-2024 09:23 PM Edited on ‎09-22-2025 06:05 AM By Moderator

Article Id 361563

Technical Tip: FortiGate BGP flapping due to IPv6 advertisement

Description This article describes a BGP peer flapping due to an IPv6 advertisement.
Scope FortiGate.
Solution

When FortiGate peers with other devices, there are instances where the BGP peering with IPV4 would flap even though the link is stable.

 

When the BGP is configured using the GUI, the 'config network6' would be added.

The BGP debug would also show 'Update MP Reach: Prefix ::/128'.

 

Enable BGP debugs: 

 

diagnose ip router bgp all enable

diagnose ip router bgp level info

diagnose debug enable

 

To disable BGP debugs:

 

diagnose ip router bgp all disable

diagnose ip router bgp level none

diagnose debug reset

 

From the BGP error message, it could be seen that 'UPDATE Message Error/Optional Attribute Error.' was received from the peer. 

This would cause the peer to bring down the peering due to not accepting the IPv6 prefix.

 

To avoid the advertisement for the IPv6 prefix over BGP, the following command can be configured:

 

config router bgp

    config neighbor

        edit "NEIGHBOR-PEER-IP"

            set activate6 disable

        next

     end

  end

 

The FortiGate will stop advertising the IPv6 prefix to the neighbor.
417
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.