FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ahmed_M
Staff
Staff
Article Id 266742
Description This article describes how there is no hard limit for maximum learned dynamic routes on FortiOS, but explains how the effective maximum depends on the available system memory.
Scope Any supported version of FortiOS.
Solution

Background:

FortiOS uses ZebOS as its routing engine. ZebOS is a virtual router that runs in the user space of the Linux kernel and handles the RIB (Routing Information Base) in FortiOS. ZebOS has no hard limitations on the number of routes. ZebOS protocols are built on the ZebOS Network Services Module (NSM), which plays a key management role. NSM manages the routing tables (RIB) of each configured routing protocol and performs route redistribution and conversion.

 

By design, FortiOS has no hard limit on the maximum dynamic routes it can learn. Consequently, it will depend on the available system memory. In addition, available memory varies by hardware model and system memory utilization, which depends on enabled features. For example, higher-end models such as FortiGate-1800F can learn more eBGP routes than FortiGate-60F because it has a larger hardware memory.

 

Furthermore, it is important to know that in some situations, routing peers that advertise a large number of routes could cause the system to run short of memory, leading to memory conserve mode.  For more info about conserve mode, consult either of the following articles:

Technical Tip: How conserve mode is triggered

Technical Tip: Conserve mode changes

 

It is therefore the responsibility of the system admin to make sure that a proper dynamic routing configuration (e.g. access lists, prefix lists, route map policies, and/or route summarization) is configured when necessary to filter and optimize the received routes to preserve system memory.

 

Solution

 

To check model hardware memory, run the following:

 

get hardware memory

MemTotal:        1910884 kB  --> Total hardware memory

MemFree:          469060 kB  --> Available memory

 

To check if zebos_luncher/nsm/bgpd daemon is a top memory consumer:

 

diagnose sys top 2 50  <-- Use ‘m’ to sort by memory consumption.

dia sys top-mem 100 <-- May use grep command.

dia sys top-mem 100 | grep zebos

zebos_launcher (128): 8392kB

dia sys top-mem 100 | grep nsm

nsm (129): 9140kB

dia sys top-mem 100 | grep bgp

bgpd (134): 6012kB

 

Related articles:

Technical Tip: Create an access list on a route map that would deny specific network on a BGP peerin...

Technical Tip: How to control BGP route advertisement with prefix-list

Technical Tip: Inbound route filtering in OSPF using 'distribute-route-map-in' and TAG value

Technical Note: How to control filter OSPF route redistribution with access-list and route-map

Technical Tip: How to combine operators 'ge' and 'le' in prefix-list for route-map for filtering BGP...

Technical Note: OSPF route summarization for LSAs Type3 (on ABR) and Type5 (on ASBR)

 

Attachment:

The attachment illustrates scenarios where FortiOS with different System Memory compositions can accommodate 100K, 500K, and close to 1 Million Dynamic Routes. This applies to both Hardware appliances and Virtual Appliances.

The steps to reproduce this test in any environment are also provided.