Troubleshooting Tip: Stop advertising all routes learned from one BGP peer to other BGP peer(s)

JianWu · ‎05-12-2024

Description

This article describes how to do not advertise all routes received from one BGP peer to other peers.

Scope

FortiGate v6.0, v6.2, v6.4, v7.0.

Solution

Topology:

By default, routes learned from eBGP are advertised to other eBGP peers. This can be confirmed by two useful commands that is run on both the advertising router and the receiving router:

get router info bgp neighbors x.x.x.x received-routes

get router info bgp neighbors x.x.x.x advertised-routes

The idea is to use route-map to first tag all routes learned from one peer to a number and then deny advertising all routes match to such tag number.

In this topology, 200 on routes received will be tagged from eBGP peer FGTA, 300 on routes received from eBGP peer FGTB, and will apply routes removal for routes that match such tag.

In the end, routes learned from FGTA will not be advertised to FGTB, and routes learned from FGTB will not be advertised to FGTA.

config router route-map

edit "tag200"

config rule

edit 1

set set-tag 200

config rule

edit 1

set action deny

set match-tag 200

config rule

edit 1

set set-tag 300

config rule

edit 1

set action deny

set match-tag 300

config router bgp

set as 65001

set router-id 192.168.1.1

set graceful-restart enable

config neighbor

edit "192.168.1.150" <-----(FGT-B).

set capability-graceful-restart enable

set capability-default-originate enable

set soft-reconfiguration enable

set remote-as 65003

set route-map-in "tag300"

set capability-graceful-restart enable

set soft-reconfiguration enable

set remote-as 65000

set route-map-in "tag200"

set route-map-out "remove-tag300"

end

Result of the analysis.

Below is the route learned from FGTA:

FGT1 (root) # get router info bgp neighbors 192.168.1.58 received-route
VRF 0 BGP table version is 5, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight RouteTag Path
*> 10.200.13.0/24 192.168.1.58 0 0 65000 ? <-/->

Before the config changes, this is the default behavior:

FGT1 (root) # get router info bgp neighbors 192.168.1.150 adv
VRF 0 BGP table version is 5, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight RouteTag Path
*> 0.0.0.0/0 192.168.1.1 100 32768 0 i <-/->
*> 10.10.21.0/24 192.168.1.1 100 32768 0 i <-/->
*> 10.10.22.0/24 192.168.1.1 100 32768 0 i <-/->
*> 10.10.58.0/24 192.168.1.1 100 32768 0 i <-/->
*> 10.11.61.0/24 192.168.1.1 100 32768 0 i <-/->
*> 10.200.13.0/24 192.168.1.58 0 0 65000 ? <-/-> <----- This is the route learned from FGTA advertising to FGTB.

Total number of prefixes 6

After applying the changes, run the following command to clear the BGP neighbors:

execute router clear bgp all

FGT1 (root) # get router info bgp neighbors 192.168.1.150 advertised-route
VRF 0 BGP table version is 1, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight RouteTag Path
*> 0.0.0.0/0 192.168.1.1 100 32768 0 i <-/->
*> 10.10.21.0/24 192.168.1.1 100 32768 0 i <-/->
*> 10.10.22.0/24 192.168.1.1 100 32768 0 i <-/->
*> 10.10.58.0/24 192.168.1.1 100 32768 0 i <-/->
*> 10.11.61.0/24 192.168.1.1 100 32768 0 i <-/->

Total number of prefixes 5

In the case that FGTA and FGTB belong to the same AS #, the method mentioned above would still work, but may be unnecessary as the FGTA/B will see the routes come from its own AS # and drop such routes. This means routes will be received but will not get inserted into the RIB.

Troubleshooting Tip: Stop advertising all routes learned from one BGP peer to other BGP peer(s)

You are leaving our website