Description
This article provides some explanations regarding the multipath capability used by Fortinet and describes the way to read and understand the values from the 'get router info bgp network' output.
External link:
https://tools.ietf.org/html/rfc7911
Scope
FortiGate.
Solution
The implementation of BGP used by Fortinet has the capability and support for the advertisement of multiple paths.
In terms of that Fortinet has implemented the option for path identifier (Path ID), which can be observed when executing 'get router info bgp network' (other BGP network commands like 'get router info bgp network-longer-prefixes' etc.).
In the example, FortiGate has no 'ibgp-multipath' enabled and only one route is marked with '-/1', this is the route that is installed in the routing table and this is the reason why FortiGate marked the route with '1'.
<x/y>
<x/y>
'x' means the received path ID (set by peer).
'y' means the sending path ID (set by this FortiGate).
When 'ibgp-multipath' + 'additional-path' is enabled, the output from the network command has changed:
config router bgp
set ibgp-multipath enable
set additional-path enable
set ibgp-multipath enable
set additional-path enable
Again, the route marked with '<-/1>' will be put on top of the preferred routes.
The route with '<-/3>' will be considered an active route and will be installed in the routing table, but will be on the bottom.
The assignment of the Path Identifier for a path by a BGP speaker is purely a local matter.
The Path Identifier is assigned in such a way that the BGP speaker can uniquely identify a path advertised to a neighbor.
Note:
Note:
iBGP and eBGP multipath require paths to have matching attributes such as local preference, AS path, Origin, MED, and Next-hop reachability to make it into the routing table as best paths.
- Fortinet implements the requirements in RFC 7911 to provide multipath Advertisement in BGP.
