|
Route Selection Behavior:
When a FortiGate includes multiple paths to reach a specific destination IP address via different VRFs, it follows a defined selection process. The device will always choose the route associated with the lowest VRF number.
Example Scenario:
To illustrate this behavior, consider the following example where the FortiGate needs to reach the DNS server IP address '8.8.8.8'. The routing tables indicate that there are two available paths:
- Through port1 with VRF 11.
- Through port2 with VRF 30.
In this case, the FortiGate will select the route via 'Port1' (VRF 11) since it has the lower VRF number.
Routing Table Output:
The following command can be used to check the routing details for the destination IP address:
get router info routing-table details 8.8.8.8 <- The output will display the routing entries for both VRFs.
Routing table for VRF=11
Routing entry for 8.8.8.8/32
Known via "static", distance 10, metric 0, best
* vrf 11 10.5.63.254, via port1
Routing table for VRF=30
Routing entry for 8.8.8.8/32
Known via "static", distance 10, metric 0, best
* vrf 30 10.5.31.254, via port2
Packet Sniffer Output:
To observe the traffic flow, The sniffer command mentioned below can be used. (The command output confirms that the FortiGate is indeed routing traffic through the selected interface (port1)):
di sniffer packet any "host 8.8.8.8 and port 53" 4
Using Original Sniffing Mode
interfaces=[any]
filters=[host 8.8.8.8 and port 53]
5.175623 port1 out 10.5.63.82.1510 -> 8.8.8.8.53: udp 29
5.189339 port1 in 8.8.8.8.53 -> 10.5.63.82.1510: udp 45
|
