Description
This article only demonstrates how to include BGP path attributes in the BGP community list.
It is not required to use BGP community list to perform AS-PATH prepend in BGP routing table.
AS-Path prepend can be done without BGP community list.
Diagram:
Expectations, and Requirements:
Network 5.1.1.0/24 is advertised in the routing update of BGP by FGT1 & FGT2.
· FGT1 will set the community list 65002:1 to the route 5.1.1.0/24 to its neighbor 10.1.1.2.
· FGT2 will set the community list 65003:1 to the route 5.1.1.0/24 to its neighbor 10.1.2.2.
· FGT3 will first match the community list with the route received and accordingly prepend the AS-PATH to it.
Configuration:
FGT3:
FGT3 # show router community-list
config router community-list
edit "65002:1"
config rule
edit 1
set action permit
set match "65002:1"
next
end
next
edit "65003:1"
config rule
edit 1
set action permit
set match "65003:1"
next
end
next
end
FGT3:
FGT3 # show router route-map
config router route-map
edit "route_map_1"
config rule
edit 1
set match-community "65002:1"
set set-aspath "65002 65002 65002"
unset set-ip-nexthop
unset set-ip6-nexthop
unset set-ip6-nexthop-local
unset set-originator-id
next
edit 2
set match-community "65003:1"
unset set-ip-nexthop
unset set-ip6-nexthop
unset set-ip6-nexthop-local
unset set-originator-id
next
end
next
end
FGT3 #
FGT3 # show router bgp
config router bgp
set as 65001
set router-id 3.3.3.3
config neighbor
edit "10.1.1.1"
set remote-as 65002
set route-map-in "route_map_1"
next
edit "10.1.2.1"
set remote-as 65003
set route-map-in "route_map_1"
next
end
FGT1:
FGT1 # show router access-list
config router access-list
edit "net_5.1.1.0"
config rule
edit 1
set prefix 5.1.1.0 255.255.255.0
set exact-match enable
next
end
next
end
FGT1 # show router route-map
config router route-map
edit "community_set"
config rule
edit 1
set match-ip-address "net_5.1.1.0"
set set-community "65002:1"
unset set-ip-nexthop
unset set-ip6-nexthop
unset set-ip6-nexthop-local
unset set-originator-id
next
end
next
end
FGT1 #
FGT1 # show router bgp
config router bgp
set as 65002
set router-id 1.1.1.1
config neighbor
edit "10.1.1.2"
set remote-as 65001
set route-map-out "community_set"
next
end
config network
edit 1
set prefix 5.1.1.0 255.255.255.0
next
end
FGT2:
FortiGate-VM64-KVM # show router access-list
config router access-list
edit "net_5.1.1.0"
config rule
edit 1
set prefix 5.1.1.0 255.255.255.0
set exact-match enable
next
end
next
end
FortiGate-VM64-KVM # show router route-map
config router route-map
edit "communit_set"
config rule
edit 1
set match-ip-address "net_5.1.1.0"
set set-community "65003:1"
unset set-ip-nexthop
unset set-ip6-nexthop
unset set-ip6-nexthop-local
unset set-originator-id
next
end
next
end
FortiGate-VM64-KVM #
FortiGate-VM64-KVM # show router bgp
config router bgp
set as 65003
set router-id 2.2.2.2
config neighbor
edit "10.1.2.2"
set remote-as 65001
set route-map-out "communit_set"
next
end
config network
edit 1
set prefix 5.1.1.0 255.255.255.0
next
end
FGT3 snippets:
Failover is performed by disconnection of link between FGT3 and FGT2:
The routing table of FGT3 is changed:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.