Description
Support is included for internal and external border gateway protocols (IBGP and EBGP) in virtual routing and forwarding (VRF).
This article describes this feature.
Scope
For version 6.4.3.
Solution
FortiGate can establish neighbor connections with other FortiGates or routers, and the learned routes are put into different VRF tables according to the neighbor's settings.
This example uses the following topology:
Using the above topology:
Both Router1 and Router2 establish OSPF and BGP neighbor with the FortiGate.
Support is included for internal and external border gateway protocols (IBGP and EBGP) in virtual routing and forwarding (VRF).
This article describes this feature.
Scope
For version 6.4.3.
Solution
FortiGate can establish neighbor connections with other FortiGates or routers, and the learned routes are put into different VRF tables according to the neighbor's settings.
This example uses the following topology:
BGP routes learned from the Router1 neighbor are put into vrf10.
BGP routes learned from the Router2 neighbor are put into vrf20.
BGP routes learned from the Router2 neighbor are put into vrf20.
To configure this example:
# config system interfaceResults.
edit port1
set vrf 10
next
edit port2
set vrf 20
next
end
# config router bgp
# config neighbor
edit "192.168.1.1"
set update-source port1
next
edit "192.168.2.1"
set interface port2
next
end
end
Using the above topology:
Both Router1 and Router2 establish OSPF and BGP neighbor with the FortiGate.
Router1 advertises 10.10.1.0/24 into OSPF and 10.10.2.0/24 into BGP.
Router2 advertises 20.20.1.0/24 into OSPF and 20.20.2.0/24 into BGP.
Router2 advertises 20.20.1.0/24 into OSPF and 20.20.2.0/24 into BGP.
When port1 and port2 have not set VRF, all of the routing is in VRF=0:
Routing table for VRF=0
# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
Routing table for VRF=0
S* 0.0.0.0/0 [5/0] via 10.0.1.254, port9After VRF is set for BGP, BGP routes are added to the VRF tables along with OSPF and connected routes:
C 10.0.1.0/24 is directly connected, port9
O 10.10.1.0/24 [110/10] via 192.168.1.1, port1, 00:18:31
B 10.10.2.0/24 [20/200] via 192.168.1.1, port1, 00:01:31
O 20.20.1.0/22 [110/10] via 192.168.2.1, port2, 00:19:05
B 20.20.2.0/24 [20/200] via 192.168.2.1, port2, 00:01:31
C 192.168.1.0/24 is directly connected, port1
C 192.168.2.0/24 is directly connected, port2
# get router info routing-table allRouting table for VRF=0.
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [5/0] via 10.0.1.254, port9Routing table for VRF=10.
C 10.0.1.0/24 is directly connected, port9
O 10.10.1.0/24 [110/10] via 192.168.1.1, port1, 00:18:31Routing table for VRF=20.
B 10.10.2.0/24 [20/200] via 192.168.1.1, port1, 00:01:31
C 192.168.1.0/24 is directly connected, port1
O 20.20.1.0/22 [110/10] via 192.168.2.1, port2, 00:19:05BGP neighbor groups.
B 20.20.2.0/24 [20/200] via 192.168.2.1, port2, 00:01:31
C 192.168.2.0/24 is directly connected, port2
This feature is also supported in the BGP neighbor groups. For example:
# config router bgpNote that the set interface command is not supported.
# config neighbor-group
edit "FGT"
set update-source "port1"
next
end
# config neighbor-range
edit 1
set prefix 172.16.201.0 255.255.255.0
set neighbor-group "FGT"
next
end
end
