Description
This article describes the use of Virtual IP to redistribute in BGP to advertise to other BGP peers.
It is helpful in scenarios where the VIP IP is out of the subnet range of exit interface subnet/peer.
Scope
BGP is setup and peering is up between 2 units.
VIP range or VIP is configured and policies configured for VIP to work.
Solution
BGP requires the network to be known in the network table to advertise to its peer, which does not happen in case of VIP (with different subnet than exit interface IP) as virtual IP does not show in network routing table.
Since this is impossible to redistribute such Virtual IP in BGP, create a static black hole route and redistribute static route in the BGP as per below:
VIP subnet : 10.98.8.0/24 is configured on 'FGT1'.
Exit interface IP is 10.106.0.62.
This subnet 10.98.8.0/24 is required to be advertised to BGP peer so the VIP IP is reachable from remote 'FGT2'.
This article describes the use of Virtual IP to redistribute in BGP to advertise to other BGP peers.
It is helpful in scenarios where the VIP IP is out of the subnet range of exit interface subnet/peer.
Scope
BGP is setup and peering is up between 2 units.
VIP range or VIP is configured and policies configured for VIP to work.
Solution
BGP requires the network to be known in the network table to advertise to its peer, which does not happen in case of VIP (with different subnet than exit interface IP) as virtual IP does not show in network routing table.
Since this is impossible to redistribute such Virtual IP in BGP, create a static black hole route and redistribute static route in the BGP as per below:
VIP subnet : 10.98.8.0/24 is configured on 'FGT1'.
Exit interface IP is 10.106.0.62.
This subnet 10.98.8.0/24 is required to be advertised to BGP peer so the VIP IP is reachable from remote 'FGT2'.
Configuration Steps.
'FGT1':
Verification command.
'FGT1':
# config router static'FGT2' no config changes is required as the route will be advertised from 'FGT1' BGP peer.
edit 0
set dst 10.98.8.0 255.255.255.0
set blackhole enable
next
end
# config router bgp
# config redistribute "static"
set status enable
end
Verification command.
FGT1# get router info routing de 10.98.8.0
Routing table for VRF=0
Routing entry for 10.98.8.0/24
Known via "static", distance 10, metric 0, best
* directly connected, Null
FGT1 # get router info bgp neighbors 10.106.0.113 advertised-routes
VRF 0 BGP table version is 7, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path
*>i10.56.240.0/22 10.91.1.1 100 32768 0 ? <-/->
*>i10.80.1.0/24 10.106.0.62 100 32768 0 i <-/->
*>i10.98.8.0/24 10.106.0.62 100 32768 0 ? <-/->
FGT2(root) # get router info routing de bgp
B 10.98.8.0/24 [200/0] via 10.106.0.62, port4, 00:31:10
FGT2(root) # get router info bgp network 10.98.8.0/24
BGP routing table entry for 10.98.8.0/24
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
Local
10.106.0.62 from 10.106.0.62 (4.4.4.4)
Origin incomplete metric 0, localpref 100, valid, internal, best
Last update: Thu Aug 6 10:20:48 2020
Related Articles
Configuration Example: Using VIP (Virtual IP) for Port Translation only
