Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
Adolfo_Z_H
Staff
Staff

Created on ‎10-23-2024 09:30 AM

Article Id 350304

Troubleshooting Tip: How to diagnose BGP issues on FortiSwitch units

Description

 

This article describes diagnosis commands to troubleshoot BGP issues on FortiSwitch units

 

Scope

 

FortiSwitch OS 7.0 and up.

 

Solution

 

The following FortiSwitch diagnose commands can help with diagnosing most common BGP issues on FortiSwitch units.

 

get router info bgp summary<- EBGP peering between FortiSwitch and the other end is up.

 

get router info bgp neighbors <neighbor IP> advertised-routes <- Command to verify the routes FortiSwith is advertising to the other end.

 

get router info bgp neighbors <neighbor IP> received-routes <- Commands to verify routes that FortiSwitch is receiving from the BGP peer.

 

get router info bgp neighbors <neighbor IP> routes <- Shows only filtered(in) received routes. If received routes aren’t filtered, then the output of these commands will be same. 

 

get router info routing-table bgp <- Check all BGP table.

 

get router info routing-table details // Check full FortiSwitch routing table.

 

Try to clear the route database from offending network prefix, neighbors or even all learned BGP networks

 

execute router clear bgp

 

all                Clear all BGP peers. [Take 0-5 arg(s)]

as                 Clear BGP peer by AS number. [Take 0-6 arg(s)]

dampening          Clear route flap dampening information. [Take 0-1 arg(s)]

external           Clear all external peers. [Take 0-2 arg(s)]

flap-statistics    Clear route flap statistics. [Take 0-1 arg(s)]

ip                 Clear BGP peer by IP address. [Take 0-6 arg(s)]

ipv6               Clear BGP peer by IPv6 address. [Take 0-6 arg(s)]

 

If behavior can be reproduced, it may be useful to gather detailed debug logs from the BGP daemon.

 

diagnose debug reset

 

diagnose  debug enable

 

diagnose ip router bgp all enable

 

diagnose ip router bgp level info

 

Run these until enough data is gathered, or clear BGP routes again and wait until the issue can be reproduced again.

 

To stop debugging, run:

 

diagnose debug disable

 

Try to reproduce several times and compare outputs to find if there is a message pattern on those outputs.

 

If further support from TAC is required, open a new ticket and attach all outputs mentioned in this article, along with a network diagram from the intended topology, an explanation of the behavior observed, and attach all output from the complete FortiSwitch diagnose script gathered when the issue is present.

 

diagnose debug report

 

Be sure to try 2-3 times to reproduce the issue when debugging and include those trials on different files.

 

67
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.