Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ppatel
Staff
Staff

Created on ‎04-22-2015 07:19 AM Edited on ‎12-26-2024 12:22 AM By Community Manager

Article Id 195347

Technical Tip: Use BGP Weight attribute to prefer default route received from neighbor over 'capability-default-originate' route

Description


This article describes how to use BGP Weight attribute to prefer default route received from BGP neighbor over the default route originated by 'capability-default-originate' command in BGP.

When a FortiGate is receiving a default route from BGP neighbor 11.11.11.143, enabling 'capability-default-originate' for neighbor 100.1.1.141 will cause the FortiGate to stop displaying default route (learnt from neighbor 11.11.11.143) in the routing table.

 

Scope

 

FortiGate.

Solution

 

  • Post enabling 'capability-default-originate' for neighbor 100.1.1.141, the default route is locally originated in the BGP routing table.
  • By default, BGP Weight attribute is set to 32768 for FortiGate locally originated prefixes.
  • Weight is only locally significant in the FortiGate where it is configured, so for the routes received from the BGP neighbors, the weight attribute value is always 0.
  • In the BGP best route selection criteria, weight is the first attribute to be checked.
  • BGP prefers the routes with the highest Weight, hence default route originated using 'capability-  default-originate' command is preferred as its weight is 32768 which is higher than default route received from neighbor 11.11.11.143 which is 0.
  • To prefer the default route from the BGP neighbor 11.11.11.143, apply a route-map matching default route with weight more than 32768.

Create a Prefix set for the default route:

 

config router prefix-list
    edit "acl-143"
            # config rule
                edit 1
                    set prefix 0.0.0.0 0.0.0.0
                    unset ge
                    unset le
                next
            end
    next
end

 

Create route-map matching default prefix-list and set the weight value to 40000:

 

config router route-map
    edit "143-in"
            # config rule
                edit 1
                    set match-ip-address "acl-143"
                    set set-weight 40000
                next
            end
    next
end

 

Apply the route-map against neighbor 11.11.11.143:

 

config router bgp
    set as 142
        # config neighbor
            edit "100.1.1.141"
                set capability-default-originate enable
                set next-hop-self enable
                set soft-reconfiguration enable
                set remote-as 141
            next
            edit "11.11.11.143"
                set next-hop-self enable
                set soft-reconfiguration enable
                set remote-as 143
                set route-map-in "143-in"
            next

 

Check the weight value:

 

vm142 # get router info bgp network 0.0.0.0
BGP routing table entry for 0.0.0.0/0
Paths: (2 available, best 0000002, table Default-IP-Routing-Table)
  Advertised to non peer-group peers:
   100.1.1.141
  143
    11.11.11.143 from 11.11.11.143 (172.18.18.143)
      Origin incomplete metric 0, localpref 100, valid, external
      Last update: Mon Jun 16 14:59:32 2014

  Local
    0.0.0.0 from 0.0.0.0 (172.18.18.142)
      Origin IGP, localpref 100, weight 32768, valid, sourced, local, best
      Last update: Mon Jun 16 14:59:31 2014

 

Still, Weight 40000 is not set against default route received from neighbor 11.11.11.143 though route-map is applied. For route-map to come into effect soft clear the BGP neighbor.

 

execute router clear bgp ip 11.11.11.143 soft

 

Now, weight 40000 applied for the default route received from neighbor 11.11.11.143. Hence displaying as valid & best.

 

vm142 # get router info bgp network 0.0.0.0
BGP routing table entry for 0.0.0.0/0
Paths: (2 available, best 1, table Default-IP-Routing-Table)
  Advertised to non peer-group peers:
   100.1.1.141
  143
    11.11.11.143 from 11.11.11.143 (172.18.18.143)
      Origin incomplete metric 0, localpref 100, weight 40000, valid, external, best
      Last update: Mon Jun 16 15:09:31 2014

  Local
    0.0.0.0 from 0.0.0.0 (172.18.18.142)
      Origin IGP, localpref 100, weight 32768, valid, sourced, local
      Last update: Mon Jun 16 15:09:30 2014

 

The routing table displays the default route from neighbor 11.11.11.143.

 

vm142 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

B* 0.0.0.0/0 [20/0] via 11.11.11.143, port1, 00:02:17
C 11.11.11.0/24 is directly connected, port1
C 100.1.1.0/24 is directly connected, port10
C 172.18.18.0/24 is directly connected, port6

 

The Weight is the first BGP attribute in the list. The weight is not passed between BGP routers and it is local on the router(which means it is not updated in the AS). The path with the highest weight is preferred.

 

Related article:

Technical Tip: Use BGP Weight attribute to prefer default route received from neighbor over 'capabil...

Labels:
33899
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.