Technical Tip: How to check BGP advertised and received routes on a FortiGate

mthakur01 · ‎10-29-2019

Description

This article explains how to check BGP advertised and received routes on a FortiGate.

Scope

FortiGate.

Solution

Topology:

EBGP peering between FGT1 and FGT2 is up. In this lab setup, both FortiGates are advertising their Loopback interfaces via eBGP to each other.
Outputs from FGT1:

FGT1# get router info bgp summary
BGP router identifier 3.3.3.3, local AS number 65003
BGP table version is 11
2 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.56.240.2 4 65004 670 667 10 0 0 2d15h37m 2

Total number of neighbors 1

FGT1 is advertising and is learning two routes. Command to verify the routes FGT1 is advertising to FGT2 is:

get router info bgp neighbors <neighbor IP> advertised-routes

Eg:

FGT1 # get router info bgp neighbors 10.56.240.2 advertised-routes
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf   Weight   RouteTag Path
*> 3.3.3.3/32       10.56.240.1                     100     32768        0              i
*> 50.50.50.50/32   10.56.240.1               100     32768        0              i

Total number of prefixes 2

Commands to verify routes that FGT1 is receiving from the BGP peer FGT2 are:

get router info bgp neighbors <neighbor IP> received-routes
#et router info bgp neighbors <neighbor IP> routes Command “get router info bgp neighbors <neighbor IP> routes” shows only filtered(in) received routes. If received routes aren’t filtered, then the output of these commands will be same.

Eg:

FGT1 # get router info bgp neighbors 10.56.240.2 received-routes
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight RouteTag Path
*> 4.4.4.4/32       10.56.240.2                               0           0        65004 i
*> 75.75.75.75/32   10.56.240.2                          0          0         65004 i

Total number of prefixes 2

FGT1 # get router info bgp neighbors 10.56.240.2 route
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network          Next Hop            Metric LocPrf Weight RouteTag Path
*> 4.4.4.4/32       10.56.240.2                              0           0       65004 i
*> 75.75.75.75/32   10.56.240.2                        0            0       65004 i

Total number of prefixes 2

FGT1# get router info routing-table bgp

Routing table for VRF=0
B       4.4.4.4/32 [20/0] via 10.56.240.2, port1, 00:50:26
B       75.75.75.75/32 [20/0] via 10.56.240.2, port1, 00:50:26

For testing purpose, filtering received routes on FGT1. Applied a prefix-list to allow only 75.75.75.75/32:

FGT1 # config router prefix-list
    edit "ALLOW-ONLY-75"
        config rule
            edit 1
                set prefix 75.75.75.75 255.255.255.255
                unset ge
                unset le
            next
        end
    next
end

FGT1 # config router bgp
    set as 65003
    set router-id 3.3.3.3
config neighbor
    edit "10.56.240.2"
            set soft-reconfiguration enable
            set prefix-list-in "ALLOW-ONLY-75"   <-----------------prefix-list filtering received routes
            set remote-as 65004
        next
end

The below output is showing all received routes.

FGT1 # get router info bgp neighbors 10.56.240.2 received-routes
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight RouteTag Path
*> 4.4.4.4/32       10.56.240.2                                0          0         65004 i
*> 75.75.75.75/32   10.56.240.2                           0          0          65004 i

Total number of prefixes 2

Below output is showing only filtered(in) received routes.
FGT1 # get router info bgp neighbors 10.56.240.2 route
BGP table version is 11, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network                   Next Hop            Metric LocPrf Weight RouteTag Path
*> 75.75.75.75/32   10.56.240.2               0                    0          0             65004 i

Total number of prefixes 1

FGT1 # get router info routing-table bgp

Routing table for VRF=0
B 75.75.75.75/32 [20/0] via 10.56.240.2, port1, 00:55:45

Can filter specific subnets or routes based on AS number etc with the 'grep' keyword:

get router info bgp neighbors <x.x.x.x> advertised-routes | grep < network subnet>
get router info bgp neighbors <x.x.x.x> advertised-routes | grep <AS number>

Note:

If an error shows up after running 'get router info bgp neighbors <neighbor IP> received-route', then enable 'set soft-reconfiguration enable' command under the BGP neighbor.

Eg:

FGT1 # get router info bgp neighbors 10.56.240.2 received-routes
% Inbound soft reconfiguration not enabled

To enable soft configuration:

config router bgp
config neighbor
edit "10.56.240.2
set soft-reconfiguration enable
end

Command: set soft-reconfiguration {enable | disable} -Enable/disable allow IPv4 inbound soft reconfiguration. Once enabled, FGT starts storing BGP neighbor-received updates.

Note:

For BGP to advertise any prefixes, the prefixes need to be installed on the RIB first, either by static routes, directly connected, or learned by other dynamic routing protocols. This is not a FortiOS design but how the BGP protocol works.

Related article:

Technical Tip: FortiOS BGP Resource List