Technical Tip: How to check BGP advertised and received routes on a FortiGate

mthakur01 · ‎10-29-2019

Description

This article explains how to check BGP advertised and received routes on a FortiGate.

Scope

FortiGate.

Solution

Topology:

EBGP peering between FGT1 and FGT2 is up. In this lab setup, both FortiGates are advertising their Loopback interfaces via eBGP to each other.
Outputs from FGT1:

FGT1# get router info bgp summary
BGP router identifier 3.3.3.3, local AS number 65003
BGP table version is 11
2 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.56.240.2 4 65004 670 667 10 0 0 2d15h37m 2

Total number of neighbors 1

FGT1 is advertising and is learning two routes. Command to verify the routes FGT1 is advertising to FGT2 is:

get router info bgp neighbors <neighbor IP> advertised-routes

For example:

FGT1 # get router info bgp neighbors 10.56.240.2 advertised-routes
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf   Weight   RouteTag Path
*> 3.3.3.3/32       10.56.240.1                     100     32768        0              i
*> 50.50.50.50/32   10.56.240.1               100     32768        0              i

Total number of prefixes 2

Commands to verify routes that FGT1 is receiving from the BGP peer FGT2 are:

get router info bgp neighbors <neighbor IP> received-routes
get router info bgp neighbors <neighbor IP> routes --> Command 'get router info bgp neighbors <neighbor IP> routes' shows only filtered (in) received routes. If received routes aren’t filtered, then the output of these commands will be the same.

For example:

FGT1 # get router info bgp neighbors 10.56.240.2 received-routes
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight RouteTag Path
*> 4.4.4.4/32       10.56.240.2                               0           0        65004 i
*> 75.75.75.75/32   10.56.240.2                          0          0         65004 i

Total number of prefixes 2

FGT1 # get router info bgp neighbors 10.56.240.2 route
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network          Next Hop            Metric LocPrf Weight RouteTag Path
*> 4.4.4.4/32       10.56.240.2                              0           0       65004 i
*> 75.75.75.75/32   10.56.240.2                        0            0       65004 i

Total number of prefixes 2

FGT1# get router info routing-table bgp

Routing table for VRF=0
B       4.4.4.4/32 [20/0] via 10.56.240.2, port1, 00:50:26
B       75.75.75.75/32 [20/0] via 10.56.240.2, port1, 00:50:26

For testing purposes, filtering received routes on FGT1. Applied a prefix-list to allow only 75.75.75.75/32:

FGT1 # config router prefix-list
    edit "ALLOW-ONLY-75"
        config rule
            edit 1
                set prefix 75.75.75.75 255.255.255.255
                unset ge
                unset le
            next
        end
    next
end

FGT1 # config router bgp
    set as 65003
    set router-id 3.3.3.3
config neighbor
edit "10.56.240.2"
set soft-reconfiguration enable
set prefix-list-in "ALLOW-ONLY-75"   <----------------- prefix-list filtering received routes.
set remote-as 65004
next
end

The below output is showing all received routes.

FGT1 # get router info bgp neighbors 10.56.240.2 received-routes
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight RouteTag Path
*> 4.4.4.4/32       10.56.240.2                                0          0         65004 i
*> 75.75.75.75/32   10.56.240.2                           0          0          65004 i

Total number of prefixes 2

The below output shows only filtered(in) received routes.

FGT1 # get router info bgp neighbors 10.56.240.2 route
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network                   Next Hop            Metric LocPrf Weight RouteTag Path
*> 75.75.75.75/32   10.56.240.2               0                    0          0             65004 i

Total number of prefixes 1

FGT1 # get router info routing-table bgp

Routing table for VRF=0
B 75.75.75.75/32 [20/0] via 10.56.240.2, port1, 00:55:45

Can filter specific subnets or routes based on AS number, etc, with the 'grep' keyword:

get router info bgp neighbors <x.x.x.x> advertised-routes | grep < network subnet>
get router info bgp neighbors <x.x.x.x> advertised-routes | grep <AS number>

Note:

If an error occurs after running the 'get router info bgp neighbors <neighbor IP> received-route', then enable the 'set soft-reconfiguration enable' command under the BGP neighbor.

For example:

FGT1 # get router info bgp neighbors 10.56.240.2 received-routes
% Inbound soft reconfiguration not enabled

To enable soft configuration:

config router bgp
config neighbor
edit "10.56.240.2
set soft-reconfiguration enable
end

set soft-reconfiguration {enable | disable}: Enable/disable allow IPv4 inbound soft reconfiguration. Once enabled, FortiGate starts storing BGP neighbor-received updates.

Note:

For BGP to advertise any prefixes, the prefixes need to be installed on the RIB first, either by static routes, directly connected, or learned by other dynamic routing protocols. This is not a FortiOS design but how the BGP protocol works.

Related article:

Technical Tip: FortiOS BGP Resource List

Technical Tip: How to check BGP advertised and received routes on a FortiGate

You are leaving our website