Troubleshooting Tip: How a duplicated router id in BGP scenario can prevent installation of BGP routes in routing table

vshahrokhkhani · ‎04-01-2025

Description

This article describes how a duplicated router-id can prevent receiving routes from BGP neighbors.

Scope

FortiGate.

Solution

Consider a scenario with ADVPN and IBGP as dynamic routing protocol:

Hub BGP configuration:

config router bgp

set as 100

set router-id 10.253.0.191 <-----

set ibgp-multipath enable

set network-import-check disable

set scan-time 15

set graceful-restart enable

config neighbor-group

edit "remote_sites "

set capability-graceful-restart enable

set capability-default-originate enable

set next-hop-self enable

set soft-reconfiguration enable

set remote-as 100

set update-source "Hub1"

set route-reflector-client enable

config neighbor-range

edit 1

set prefix 10.253.0.0 255.255.255.0

set neighbor-group "remote_sites "

Spoke-1 BGP configuration:

config router bgp

set as 100

set ibgp-multipath enable

set graceful-restart enable

config neighbor

edit "10.253.0.191"

set capability-graceful-restart enable

set link-down-failover enable

set soft-reconfiguration enable

set remote-as 100

config network

edit 1

set prefix 14.14.14.0 255.255.255.0

Spoke-2 BGP configuration:

config router bgp

set as 100

set ibgp-multipath enable

set network-import-check disable

set graceful-restart enable

config neighbor

edit "10.253.0.191"

set capability-graceful-restart enable

set link-down-failover enable

set soft-reconfiguration enable

set remote-as 100

config network

edit 1

set prefix 192.168.200.140 255.255.255.255

set prefix 172.16.5.0 255.255.255.0

In the example above, the router ID has not been configured for spokes. When there is no router-id configured in BGP, it will be selected automatically, based on highest IP address among its active interfaces (loopback interface addresses are preferred over physical addresses). This means, if by mistake, an interface VLAN, loopback interface or even physical interface is added to the spokes with the same IP address, it can lead to change of the router-id.

In this scenario it can be observed that two spokes are not learning each others advertised routes, however the route is being learned on the hub side.

If the following debug commands are used on spokes:

diagnose ip router bgp all enable
diagnose ip router bgp level info
diagnose debug enable

And if the BGP neighborship is cleared, below debug messages will be shown:

BGP: 10.253.0.191-Outgoing [FSM] State: Established Event: 27
BGP: 10.253.0.191-Outgoing [RIB] Update: Prefix 172.16.5.0/24 path_id 0 denied due to originator is us
BGP: 10.253.0.191-Outgoing [RIB] Update: Prefix 192.168.200.140/32 path_id 0 denied due to originator is us
BGP: 10.253.0.191-Outgoing [RIB] Update: Prefix 192.168.210.0/24 path_id 0 denied due to originator is us

This is an indication that the router id is the same on the spokes. This can be verified by running the following command:

Spoke 1:

get router info bgp summary

VRF 0 BGP router identifier 192.168.210.210, local AS number 100
BGP table version is 4
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.253.0.191 4 100 78317 78321 3 0 0 00:20:48 7

Total number of neighbors 1

Spoke 2:

get router info bgp summary

VRF 9 BGP router identifier 192.168.210.210, local AS number 100
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.253.0.191 4 100 95622 95613 1 0 0 00:36:21 7

Total number of neighbors 1

To avoid observing unexpected behaviors such as what discussed in this article, make sure to assign the router-id manually.

Troubleshooting Tip: How a duplicated router id in BGP scenario can prevent installation of BGP routes in routing table

You are leaving our website