Description | This article describes how there is no hard limit for maximum learned dynamic routes on FortiOS, but explains how the effective maximum depends on the available system memory. |
Scope | Any supported version of FortiOS. |
Solution |
Background
FortiOS uses ZebOS as its routing engine. ZebOS has no hard limitations on the number of routes. ZebOS protocols are built on the ZebOS Network Services Module (NSM), which plays a key management role. NSM manages the routing tables (RIB) of each configured routing protocol and performs route redistribution and conversion.
By design, FortiOS has no hard limit on maximum dynamic routes it could learn. Consequently, it will depend on the available system memory. In addition, available memory varies by hardware model and system memory utilization, which depends on enabled features. For example, higher end models such as FGT1800F can learn more eBGP routes than FGT60F because it has a larger hardware memory.
Furthermore, it is important to know that in some situations, routing peers that advertise a large number of routes could cause the system to run short of memory, leading to memory conserve mode. For more info about conserve mode, consult either of the following articles:
It is therefore the responsibility of the system admin to make sure that a proper dynamic routing configuration (e.g. access lists, prefix lists, route map policies, and/or route summarization) is configured when necessary to filter and optimize the received routes to preserve system memory.
Solution
To check model hardware memory, run the following:
get hardware memory MemTotal: 1910884 kB --> Total hardware memory MemFree: 469060 kB --> Available memory
To check if zebos_luncher/nsm/bgpd daemon is a top memory consumer:
diagnose sys top 2 50 <-- Use ‘m’ to sort by memory consumption. dia sys top-mem 100 <-- May use grep command. dia sys top-mem 100 | grep zebos zebos_launcher (128): 8392kB dia sys top-mem 100 | grep nsm nsm (129): 9140kB dia sys top-mem 100 | grep bgp bgpd (134): 6012kB
Related articles:
Attachment: The attachment illustrates scenarios where FortiOS with different System Memory compositions can accommodate 100K, 500K and close to 1 Million Dynamic Routes. This applies to both Hardware appliances and Virtual Appliances. The steps to reproduce this test in any environment are also provided. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.