Description
This article only demonstrates how to include BGP path attributes in the BGP community list.
It is not required to use BGP community list to perform AS-PATH prepend in BGP routing table.
AS-Path prepend can be done without BGP community list.
Diagram:
Expectations, Requirements:
Network 5.1.1.0/24 is advertised in routing update of BGP by FGT1 & FGT2.
· FGT1 will set the community list 65002:1 to the route 5.1.1.0/24 to its neighbor 10.1.1.2.
· FGT2 will set the community list 65003:1 to the route 5.1.1.0/24 to its neighbor 10.1.2.2.
· FGT3 will first match the community list with the route received and accordingly prepend the AS-PATH to it.
Configuration
FGT3:
FGT3 # show router community-list
config router community-list
edit "65002:1"
config rule
edit 1
set action permit ß
set match "65002:1" ß
next
end
next
edit "65003:1"
config rule
edit 1
set action permit ß
set match "65003:1" ß
next
end
next
end
FGT3 #
FGT3 # show router route-map
config router route-map
edit "route_map_1"
config rule
edit 1
set match-community "65002:1" ß
set set-aspath "65002 65002 65002" ß
unset set-ip-nexthop
unset set-ip6-nexthop
unset set-ip6-nexthop-local
unset set-originator-id
next
edit 2
set match-community "65003:1" ß
unset set-ip-nexthop
unset set-ip6-nexthop
unset set-ip6-nexthop-local
unset set-originator-id
next
end
next
end
FGT3 #
FGT3 # show router bgp
config router bgp
set as 65001
set router-id 3.3.3.3
config neighbor
edit "10.1.1.1"
set remote-as 65002
set route-map-in "route_map_1" ß
next
edit "10.1.2.1"
set remote-as 65003
set route-map-in "route_map_1" ß
next
end
FGT1:
FGT1 # show router access-list
config router access-list
edit "net_5.1.1.0" ß
config rule
edit 1
set prefix 5.1.1.0 255.255.255.0
set exact-match enable
next
end
next
end
FGT1 # show router route-map
config router route-map
edit "community_set"
config rule
edit 1
set match-ip-address "net_5.1.1.0" ß
set set-community "65002:1" ß
unset set-ip-nexthop
unset set-ip6-nexthop
unset set-ip6-nexthop-local
unset set-originator-id
next
end
next
end
FGT1 #
FGT1 # show router bgp
config router bgp
set as 65002
set router-id 1.1.1.1
config neighbor
edit "10.1.1.2"
set remote-as 65001
set route-map-out "community_set" ß
next
end
config network
edit 1
set prefix 5.1.1.0 255.255.255.0
next
end
FGT2:
FortiGate-VM64-KVM # show router access-list
config router access-list
edit "net_5.1.1.0" ß
config rule
edit 1
set prefix 5.1.1.0 255.255.255.0
set exact-match enable
next
end
next
end
FortiGate-VM64-KVM # show router route-map
config router route-map
edit "communit_set"
config rule
edit 1
set match-ip-address "net_5.1.1.0" ß
set set-community "65003:1" ß
unset set-ip-nexthop
unset set-ip6-nexthop
unset set-ip6-nexthop-local
unset set-originator-id
next
end
next
end
FortiGate-VM64-KVM #
FortiGate-VM64-KVM # show router bgp
config router bgp
set as 65003
set router-id 2.2.2.2
config neighbor
edit "10.1.2.2"
set remote-as 65001
set route-map-out "communit_set"
next
end
config network
edit 1
set prefix 5.1.1.0 255.255.255.0
next
end
FGT3 snippets:
Failover is performed by disconnection of link between FGT3 & FGT2:
Routing table of FGT3 is changed:
