Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Valued Contributor

BGP does not install route in RIB if the next hop is a blackhole, RTBH configuration

Good day everyone,

I am trying to understand why  - is it a bug/normal behavior/or my misunderstanding, and your help is much appreciated.

Problem: FGVM learns via BGP some route, then using route-map, sets its next hop to dummy address, which in turn exists as Static route with type blackhole on the very same FG. But FG refuses to actually install this learned route in RIB.

The idea is to implement Remotely Triggered Black Hole Routing (RTBH). 

The route in question is

Present in routing DB, but missing in RIB:

NYC-brdr # get router info routing all

S [10/0] is a summary, Null
B [200/0] via (recursive via, 05:35:14



NYC-brdr # get router info routing-table database
S    *> [10/0] is a summary, Null
B *> [200/0] via (recursive via, 05:18:09
B > [200/0] via, Null0 (recursive is a summary, Null, 00:00:39


NYC-brdr # get router info bgp network

BGP routing table entry for
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
  Not advertised to any peer
  Local from (
      Origin incomplete metric 0, localpref 110, valid, internal, best
      Community: no-export
      Originator:, Cluster list:
      Last update: Thu Aug  6 10:28:49 2020


config router static
    edit 1
        set dst
        set blackhole enable


Route-map that sets the next-hop (just in case, don't think related):

config router route-map
    edit "core-in"
        config rule
            edit 1
                set match-community "blackhole-777" <-- the route comes to this FG with this community set
                set set-community "no-export"
                set set-ip-nexthop


If I change the static route from blackhole to regular one, to say point to Loopback, FG does install the learned route in RIB:

config router static
    edit 1
        set status disable
        set dst
        set blackhole enable
    edit 2
        set dst
        set device "Loop1"



# get router info routing all

S [10/0] is directly connected, Loop1
B [200/0] via (recursive via, 03:23:19
B [200/0] via (recursive is directly connected, Loop1), 00:02:49


Thanks in advance.



Yuri blog: All things Fortinet, no ads.

All opinions are mine only.

Hello Yurisk,

FortiOS kernel does not support routes whose next hops resolve to black hole route; same as Linux kernel

The solution is to create a loop back interface and adding the static route for the nexthop ip 
pointing to the loopback interface