Description | This article explains why a route-map-out does not modify BGP attributes when FortiGate is acting as a BGP Route Reflector. |
Scope | FortiGate v6.4.2 and later. |
Solution |
BGP Route Reflection, defined in RFC 4456, is a method to avoid the IBGP requirement that each BGP peer within an Autonomous System (AS) form neighborships with every other BGP peer in the AS.
A BGP speaker acting as a Route-Reflector advertises any prefix learned from IBGP peers to all its route-reflector clients within the same local AS. According to Section 10 of RFC 4456, a route reflector should not modify NEXT_HOP, AS_PATH, LOCAL_PREF, or MED (metric) for reflected routes. FortiOS implements this recommendation by not applying any attribute changes from a route-map-out, including any changes to other BGP attributes such as community.
The next hop for reflected routes can be changed to the reflector's IP address without using a route-map, as described in the article 'Technical Tip: How to modify BGP next hop for route reflector peering'. Example:
Configuration of the HUB FortiGate configured as route reflector:
config router bgp set as 65000 config neighbor edit "172.16.255.29" <--- SPOKE1 IP address. set remote-as 65000 next edit "172.16.255.32" <--- SPOKE2 IP address. set remote-as 65000 next end config network edit 1 set prefix 10.255.255.1 255.255.255.255 <--- Network injected into BGP by HUB. next end end
SPOKE1 has advertised the networks 10.29.100.0/24 and 10.255.255.29/32 to HUB.
HUB # get router info bgp neighbors 172.16.255.29 routes
Network Next Hop Metric LocPrf Weight RouteTag Path Total number of prefixes 2
Since HUB is a route reflector, it advertises both networks learned from SPOKE1 to SPOKE2 as reflected routes.
HUB # get router info bgp neighbors 172.16.255.32 advertised-routes
Network Next Hop Metric LocPrf Weight RouteTag Path Total number of prefixes 3
However, BGP diagnostics on SPOKE2 show this modification is only performed for the non-reflected prefix 10.255.255.1/32.
config router route-map edit "HUB-RM_SPOKE2-OUTBOUND" set comments "Hub route-map for routes advertised to Spoke 2." config rule edit 1 set set-community "65000:1" unset set-ip-prefsrc set set-local-preference 500 next end next end
SPOKE2 # get router info bgp neighbors 172.16.255.1 routes
Network Next Hop Metric LocPrf Weight RouteTag Path Total number of prefixes 3
SPOKE2 # get router info bgp network 10.255.255.1 Not advertised to any peer 172.16.255.1 from 172.16.255.1 (10.255.255.1) Origin IGP metric 0, localpref 500, valid, internal, best
Local Preference is not changed for the other reflected routes, and no community attribute was added. This is by design. Reflected routes can be identified by whether they include the 'Originator' and 'Cluster list' attributes.
SPOKE2 # get router info bgp network 10.29.100.0 Not advertised to any peer 172.16.255.29 from 172.16.255.1 (10.255.255.29) Origin IGP metric 0, localpref 100, valid, internal, best
SPOKE2 # get router info bgp network 10.255.255.29 Not advertised to any peer 172.16.255.29 from 172.16.255.1 (10.255.255.29) Origin IGP metric 0, localpref 100, valid, internal, best
Modifying BGP attributes of reflected routes:
Note that route-map changes only take effect after a route flap or BGP soft reset and advertisement-interval, see the article 'Technical Tip: BGP soft reset...'.
The restriction on modifying BGP attributes does not apply to removing reflected routes. A route reflector can block a reflected route from being advertised to a specific route reflector client using route-map-out, distribute-list, or any other BGP route filtering method. |