Technical Tip: The maximum number of dynamic routes on FortiOS

Background

FortiOS uses ZebOS as its routing engine. ZebOS has no hard limitations on the number of routes. ZebOS protocols are built on the ZebOS Network Services Module (NSM), which plays a key management role. NSM manages the routing tables (RIB) of each configured routing protocol and performs route redistribution and conversion.

By design, FortiOS has no hard limit on maximum dynamic routes it could learn. Consequently, it will depend on the available system memory. In addition, available memory varies by hardware model and system memory utilization, which depends on enabled features. For example, higher end models such as FGT1800F can learn more eBGP routes than FGT60F because it has a larger hardware memory.

Furthermore, it is important to know that in some situations, routing peers that advertise a large number of routes could cause the system to run short of memory, leading to memory conserve mode.  For more info about conserve mode, consult either of the following articles:

• Technical Tip: How conserve mode is triggered.
• Technical Tip: Conserve mode changes.

It is therefore the responsibility of the system admin to make sure that a proper dynamic routing configuration (e.g. access lists, prefix lists, route map policies, and/or route summarization) is configured when necessary to filter and optimize the received routes to preserve system memory.

Solution

To check model hardware memory, run the following:

get hardware memory

MemTotal:        1910884 kB  --> Total hardware memory

MemFree:          469060 kB  --> Available memory

To check if zebos_luncher/nsm/bgpd daemon is a top memory consumer:

diagnose sys top 2 50  <-- Use ‘m’ to sort by memory consumption.

dia sys top-mem 100 <-- May use grep command.

dia sys top-mem 100 | grep zebos

zebos_launcher (128): 8392kB

dia sys top-mem 100 | grep nsm

nsm (129): 9140kB

dia sys top-mem 100 | grep bgp

bgpd (134): 6012kB

Related articles:

• Technical Tip: Create an access list on a route map that would deny specific network on a BGP peerin....
• Technical Tip: How to control BGP route advertisement with prefix-list.
• Technical Tip: Inbound route filtering in OSPF using 'distribute-route-map-in' and TAG value.
• Technical Note: How to control filter OSPF route redistribution with access-list and route-map.
• Technical Tip: How to combine operators 'ge' and 'le' in prefix-list for route-map for filtering BGP....
• Technical Note: OSPF route summarization for LSAs Type3 (on ABR) and Type5 (on ASBR).

Attachment:

The attachment illustrates scenarios where FortiOS with different System Memory compositions can accommodate 100K, 500K and close to 1 Million Dynamic Routes. This applies to both Hardware appliances and Virtual Appliances.

The steps to reproduce this test in any environment are also provided.