Technical Tip: How to implement BGP route summary (aggregation) on a FortiGate

Xav_FTNT · ‎07-01-2009

Description

This article describes the steps to announce multiple routes with one summary route in BGP.

Scope

All FortiGate or VDOM running in NAT mode.

Diagram

Expectations, Requirements

In this article is the summary of the following connected networks:

* 10.162.0.0/255.255.254.0
* 10.162.2.0/255.255.254.0
* 10.162.4.0/255.255.254.0

=> As the following summarized route:
* 10.162.0.0/16

Configuration

FGT-AS162 is the FortiGate on which is the configuration of the route summary.

# FGT-AS162 (bgp) # show

config router bgp
        config aggregate-address
            edit 1
                set prefix 10.162.0.0 255.255.0.0
                set summary-only enable
            next
        end
    set as 162

        config neighbor
            edit 10.142.0.110
                set remote-as 1
            next
        end

        config network
            edit 1
                set prefix 10.162.0.0 255.255.254.0
            next
            edit 2
                set prefix 10.162.2.0 255.255.254.0
            next
            edit 3
                set prefix 10.162.4.0 255.255.254.0
            next
        end

        config redistribute "connected"
        end

        config redistribute "rip"
        end

        config redistribute "ospf"
        end

        config redistribute "static"
        end

    set router-id 10.142.0.114
end

Verification

FGT_ISP is ISP's border router.

FGT-AS162 is the FortiGate on which is the configuration to the route summary.

The following commands will be used:

# get router info bgp summary
# get router info bgp neighbors
# get router info bgp network
# get router info routing-table all

FGT-AS162

FGT-AS162 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

S* 0.0.0.0/0 [10/0] via 192.168.183.254, port1
B 1.1.1.1/32 [20/0] via 10.142.0.110, port2, 01:03:29
C 10.142.0.0/23 is directly connected, port2
B 10.160.0.0/23 [20/0] via 10.142.0.110, port2, 00:02:07
B 10.162.0.0/16 [20/0] is a summary, Null, 00:12:16
C 10.162.0.0/23 is directly connected, port3
C 10.162.2.0/23 is directly connected, port5
C 10.162.4.0/23 is directly connected, port6
B 192.168.0.0/16 [20/0] via 10.142.0.110, port2, 01:03:29
B 192.168.0.0/21 [20/0] via 10.142.0.205, port2, 01:03:29
B 192.168.168.0/24 [20/0] via 10.142.0.110, port2, 01:03:29
C 192.168.182.0/23 is directly connected, port1

See above the null route in the routing table in order to prevent routing loops.

FGT-AS162 # get router info bgp network
BGP table version is 9, local router ID is 10.142.0.114
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.142.0.110 0 0 1 ?
*> 10.160.0.0/23 10.142.0.110 0 0 1 i
*> 10.162.0.0/16 0.0.0.0 32768 i <<<< THIS IS THE SUMMARY THAT WILL BE SENT
s> 10.162.0.0/23 0.0.0.0 100 32768 i
s> 10.162.2.0/23 0.0.0.0 100 32768 i
s> 10.162.4.0/23 0.0.0.0 100 32768 i
*> 192.168.0.0/16 10.142.0.110 0 0 1 ?
*> 192.168.0.0/21 10.142.0.205 0 0 1 2 i
*> 192.168.168.0 10.142.0.110 0 0 1 ?
Total number of prefixes 9

See above the 's' letter that is preceding each route that is suppressed by BGP.

FGT_ISP

FGT_ISP (bgp) # get router info bgp network
BGP table version is 18, local router ID is 10.142.0.110
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.183.254 32768 ?
*> 10.160.0.0/23 0.0.0.0 100 32768 i
*> 10.162.0.0/16 10.142.0.114 0 0 162 i
*> 192.168.0.0/16 192.168.183.254 32768 ?
*> 192.168.0.0/21 10.142.0.205 0 0 2 i
*> 192.168.168.0 192.168.183.254 32768 ?

Total number of prefixes 6

FGT_ISP (bgp) # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

S 1.1.1.1/32 [10/0] via 192.168.183.254, port1
C 10.142.0.0/23 is directly connected, port6
C 10.160.0.0/23 is directly connected, port2
B 10.162.0.0/16 [20/0] via 10.142.0.114, port6, 01:04:08 <<<< THIS IS THE SUMMARY RECEIVED ON THE PEER
S 192.168.0.0/16 [10/0] via 192.168.183.254, port1
B 192.168.0.0/21 [20/0] via 10.142.0.205, port6, 19:30:25
S 192.168.168.0/24 [10/0] via 192.168.183.254, port1
C 192.168.182.0/23 is directly connected, port1

Troubleshooting