Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tedauction
New Contributor III

BGP default route announcement problem.

Hello we have a BGP WAN connection with two interfaces - primary and secondary. We use weighting and prepending on these to prioritise the primary interface over the secondary. See below config. We have just tried to advertise a statically configured default route out this pair of WAN interfaces by simply adding the command 'set-capability-default-originate enable' on each one (see attached screenshot). The default route was advertised. However this seemed to result in default route flapping i.e. BGP neighbours were sending default route traffic in to us via both our primary and secondary WAN interfaces (inconsistent behaviour). I do not understand how this could happen as we are using prepending on our secondary interface to force inbound traffic to only use the primary interface. Are there some commands we were missing on our WAN interfaces ? To clarify, we are advertising a default route on both our primary and backup WAN connections from this Fortigate because this particular Fortigate is the Internet gateway for the WAN.

The reason I am advertising it on both links is in case of us losing the primary connection and the secondary taking over i.e. redundancy.

As per my config, we are using AS prepending and weight to prefer the primary connection.

 

config router bgp set as 65100 set router-id 192.168.3.105 set network-import-check disable config neighbor edit "192.168.3.110" set remote-as 7714 set weight 100 next edit "192.168.3.118" set remote-as 7714 set route-map-out "xxx-prepend" next end config router route-map edit "xxx-prepend" config rule edit 10 set set-aspath "65100 65100 65100" next end next end

1 Solution
tedauction
New Contributor III

I think I have found the answer. It appears that standard route-maps used for BGP AS prepending do not work with default routes i.e.

 

https://kb.fortinet.com/kb/documentLink.do?externalID=FD45618

 

Please let me know if anyone thinks otherwise.

A real trap !

View solution in original post

4 REPLIES 4
lobstercreed
Valued Contributor

Are you an ISP?  I'm confused as to why you would be advertising a default route on your WAN connections (presumably where you SEND your default traffic, no?)....

 

No screenshot was attached, but maybe give us a rough network drawing...

tedauction
New Contributor III

I think I have found the answer. It appears that standard route-maps used for BGP AS prepending do not work with default routes i.e.

 

https://kb.fortinet.com/kb/documentLink.do?externalID=FD45618

 

Please let me know if anyone thinks otherwise.

A real trap !

ellocodelacommencal
New Contributor

Hi there!

I have the same issue! Did you found a solution for it?

Regards

Toshi_Esumi

For the original poster's case, if you have control of BGP config on the default route receiving side, setting a lower local preference on the secondary side is much more consistent way to differentiate between primary and secondary learned routes.

 

Toshi