FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msingh_FTNT
Staff
Staff
Article Id 330125
Description This article provides a list of debug commands for which the output should be captured when trying to solve routing issues.
Scope FortiGate.
Solution

Daemon(s):

  • zebos_launcher (zebos launcher daemon)
  • imi (routing related)
  • bgpd (bgp)
  • ospfd (ospf)
  • ospf6d (ospfv3)
  • ripd (rip)
  • ripngd (ripv6)
  • radvd (router adv daemon

 

Administrative Distances:

Routing protocol Default administrative distance.

Direct physical connection 1.

Administrative Distances  
Routing Protocol Default administrative distance
Direct physical connection 1
Static 10
EBGP 20
IBGP 200
OSPF 110
RIP 120

 

General Debugs:

 

Static Routing:


get router info routing-table all <----- Displays all the active routes in the routing table.
get router info routing-table database <----- Get full routing-table information.
- all routes learned by unit from different sources: BGP, OSPF, RIP, IS-IS, static and connected.

get router info routing-table details x.x.x.x <----- Routing entry for x.x.x.x. Known via 'connected' or OSPF etc.
diagnose ip route list <- To check if the route is injected in kernel.
get router info routing-table connected <----- Displays all directly connected routes.
get router info routing-table static <----- Displays static routes configured.
diagnose ip arp list
get system arp
diagnose ip rtcache list
execute router restart <----- Will restart the routing table. Check with the customer before executing this command as it might cause interruption.

 

Identify the source Interface for a particular IP Address:

 

get router info routing-table details 8.8.8.8 <----- Subnet.

Routing table for VRF=0
Routing entry for 0.0.0.0/0
Known via "static", distance 10, metric 0, best
* vrf 0 10.9.15.254, via port1

 

The default static routing is configured for port1 and to the internet:

 

config router static

show
config router static
    edit 1

        set dst 0.0.0.0 0.0.0.0
        set gateway 10.9.15.254
        set device "port1"
    next
end

 

OSFP Routing: 

 

get router info routing all <----- See all the directly connected routes, OSPF routes, BGP routes etc.
get router info protocols <----- Find information networks being advertised.
get router info ospf database router lsa <- Gives information about the router LSA and individual networks received by the router.
get router info ospf database self-originate <- Gives information about router LSAs advertised by the router
get router info routing-table ospf <- Gives information about the OSPF routes.
get router info ospf database brief <- Displays the OSPF LSDB.
get router info ospf neighbor all <- Show all neighbors.

 

BGP Routing: 

 

get router info bgp summary <- Verify BGP peering status, number of prefixes received/sent and peering up time.
get router info bgp neighbors <neighbour_address> advertised-routes <- Know which networks are advertised to specific neighbors.
get router info bgp network <- Show routes injected into the BGP table.
get router info bgp community-info <- Show BGP community strings in use.
get router info routing-table all <- Get active routing-table information (routes in use by unit).

get router info routing-table bgp <- Get BGP active routing-table information (BGP routes in use by unit.
get router info routing-table database <- Get full routing-table information (all routes learned by unit from different sources: BGP, OSPF, RIP, IS-IS, static and connected. Some of them are in use, some of them not.)
get router info bgp neighbors x.x.x.x received-routes <- Get the received routes from the neighbour.
get router info bgp neighbors x.x.x.x routes <- Routes being injected into our routing table after filtration.

     execute router clear bgp ip IP_ADDRS   <- to clear the specific route to IP address

     execute router clear bgp as AS_Number <-to remove all routes for a specific AS number

 

Troubleshooting:
 

Debugging OSPF LSAs:

 

Run these debug commands to check the LSA, as well as information on Hello/Dead Timers.

 

diagnose ip router ospf all enable
diagnose ip router ospf level info
diagnose debug console timestamp enable
diagnose debug enable

 

OSPF Sniffer:

 

A sniffer that can be used to troubleshoot OSPF issues.

 

diagnose sniffer packet any "proto 89" 3

 

Debugging BGP Hello/Dead Timers and more:

 

Run these debug commands to check information on Hello/DeadTimers and more.

 

diagnose ip router bgp all enable
diagnose ip router bgp level info
diagnose debug console timestamp enable
diagnose debug enable

 

From v7.2.x onwards, filtering specific neighbors or VRF is possible :

 

   diagnose ip router bgp set-filter vrf <vrf_id>
   diagnose ip router bgp set-filter neighbor <neighbor_address>

 

To reset or show the filter :


   diagnose ip router bgp set-filter reset

     diagnose ip router bgp show
   get router info filter show

 

BGP Sniffer:

 

BGP uses port number 179. Run the sniffer on port 179 to analyze BGP Traffic:

 

diagnose sniffer packet any "port 179" 3

 

To check the routing entry in Zebos (kernel):

 

Sometimes, it is also important to examine the ZebOS configuration if FortiOS is not parsing the routing configuration correctly into ZebOS.

 

diagnose ip router command show-vrf <vdom> <zebos command>
diagnose ip router command show-vrf root show run
diagnose ip router command show-vrf root show run int <name>
diagnose ip router command show-vrf root show interface <name>
diagnose ip router command show-vrf root show ip route
diagnose ip router command show-vrf root show ip route x.x.x.x