Technical Tip: How to check VXLAN(cloud) BGP neighbor advertised routes are not received on the FortiGate

knaveenkumar · ‎12-26-2024

Description

This article describes how to check VXLAN ( Cloud) BGP neighbor advertised routes that are not received on the FortiGate.

Scope

FortiGate

Solution

Assume the following scenario:

VXLAN(cloud)-------BGP --------FortiGate

Check the BGP neighbor reachability.
Check the BGP neighbor status is up.
Check the other end (cloud VXLAN) advertising the network on particular in BGP neighbor:

get router info bgp neighbor's <neighbor ip> <received -routes or advertise routes>

Note:

If the VXlan BGP neighbor set up then need to disable the below step under BGP. disable 'set enforce-first-as' on FortiGate

Also, check any filter and route-map configured for denied traffic.

Configure BGP:

config router bgp

set router-id {ipv4 address}

set keepalive-timer {integer}

set holdtime-timer

set enforce-first-as [enable|disable] <----- Here enforce-first-as disable it.

Once disabled, the enforce-first-as option soft clears the BGP particular neighbor and checks the routes.

execute router clear bgp ip <neighbor ip> soft