Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lgupta
Staff
Staff

Created on ‎11-20-2022 10:08 PM Edited on ‎09-21-2025 10:24 PM By Community Manager

Article Id 230377

Technical Tip: Verify BGP Prefix received from peer with BGP Debugs

Description

 

This article explains how to verify the routes/prefix received from the BGP Peer using Debugs.

 

Scope

 

FortiGate.

 

Solution

 

Topology:

 

kb1.png

 

Hub: Router ID- 192.168.2.110.

Spoke_1: Router ID – 192.168.2.121.

Prefix Advertised: – 121.121.10.0/24, 121.121.20.0/24, 121.121.30.0/24.

 

Steps to follow:

Debugs will be run on the HUB FortiGate to confirm the prefix received from Spoke_1 Peer:

 

diagnose ip router bgp all enable

diagnose ip router bgp level info

diagnose debug console timestamp enable

diagnose debug enable

 

Note:

Starting from v7.2.0+, it is possible to collect BGP debugs for a specific neighbor by using the filter command: 'diagnose ip router bgp set-filter neighbor <neighbor address>'.

 

Follow this KB article for more details: Technical Tip: Capture BGP debugs for a specific neighbor.

 

It is possible to use the command to do a soft reset of the Incoming routes:

 

execute router clear bgp all soft in

 

Output:

 

2022-11-15 18:50:42 BGP: 192.168.2.121-Outgoing [FSM] State: OpenConfirm Event: 26

2022-11-15 18:50:42 id=20300 msg="BGP: %BGP-5-ADJCHANGE: VRF 0 neighbor 192.168.2.121 Up <----- Peers are UP confirmation.

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [FSM] State: Established Event: 34

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [ENCODE] Msg-Hdr: Type 2

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [ENCODE] Update: Msg #1 Size 23

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [DECODE] Msg-Hdr: type 2, length 56

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [DECODE] Update: Starting UPDATE decoding... Bytes To Read (60), msg_size (37)

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [DECODE] Update: NLRI Len(12)

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [DECODE] Msg-Hdr: type 2, length 23

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [DECODE] Update: Starting UPDATE decoding... Bytes To Read (4), msg_size (4)

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [FSM] State: Established Event: 27

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [RIB] Update: Received Prefix 121.121.10.0/24 path_id 0 <----- Prefix received.

2022-11-15 18:50:43 BGP: [NSM] Verified NH 192.168.2.121 with NSM

2022-11-15 18:50:43 BGP: VRF 0 NSM announce: 121.121.10.0/24

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [RIB] Update: Received Prefix 121.121.30.0/24 path_id 0 <----- Prefix received.

2022-11-15 18:50:43 BGP: VRF 0 NSM announce: 121.121.30.0/24

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [RIB] Update: Received Prefix 121.121.20.0/24 path_id 0 <----- Prefix received.

2022-11-15 18:50:43 BGP: VRF 0 NSM announce: 121.121.20.0/24

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [FSM] Update: IPv4 Unicast End-Of-Rib Marker Received <----- End-of-RIB Marker MUST be sent by a BGP speaker to its peer once it completes the initial routing update.

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [FSM] Process End-of-RIB: Received for afi/safi: 1/1

2022-11-15 18:50:43 BGP: 192.168.2.121-Outgoing [FSM] State: Established Event: 27

 

Check the BGP routing table on HUB: 

 

HUB # get router info routing-table bgp

Routing table for VRF=0

B       121.121.10.0/24 [200/0] via 192.168.2.121 (recursive is directly connected, port1), 00:08:02, [1/0]

B       121.121.20.0/24 [200/0] via 192.168.2.121 (recursive is directly connected, port1), 00:08:02, [1/0]

B       121.121.30.0/24 [200/0] via 192.168.2.121 (recursive is directly connected, port1), 00:08:02, [1/0]

 

CLI command to view received routes from a specific neighbor:

 

get router info bgp neighbors <neighbor IP> received-routes

 

Note.

If an error shows up after running 'get router info bgp neighbors <neighbor IP> received-route', then enable the 'set soft-reconfiguration enable' command under the BGP neighbor.

 

get router info bgp neighbors <neighbor IP> routes

 

Command 'get router info bgp neighbors <neighbor IP> routes' shows only filtered(in) received routes.

 

The command 'get router info bgp neighbors' shows details of the neighbors, including: Peer IP address, router ID, remote AS, BGP state, and the negotiated capabilities.

 

Related articles:

Technical Tip: BGP Neighbor Adjacency States

Technical Tip: How to check BGP advertised and received routes on a FortiGate

6305
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.