Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ksmithaz1
New Contributor

Route selection with BGP not working as expected

I have an issue with BGP and routing on a 60E.

Issue is on a 60E (7.0 upgrade made no change). Two connected paths:
- to a 60F via IKE/IPSEC 10.10.1.1
- to a Linux appliance running FRR 10.29.127.5

Both advertise 10.31.1.0/24, path should be via 10.10.1.1 because of AS-PATH but is not

home-gw # get router info bgp network 10.31.1.0/24
VRF 0 BGP routing table entry for 10.31.1.0/24
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
10.10.1.1
Original VRF 0
65497 4200090001 4200090001 4200090001
10.29.127.5 from 10.29.127.5 (10.29.127.5)
Origin incomplete metric 20, localpref 200, valid, external, best
Last update: Tue Jul 19 22:26:19 2022

Original VRF 0
65495 4200090001
10.10.1.1 from 10.10.1.1 (10.29.1.1)
Origin incomplete metric 0, localpref 100, valid, external
Last update: Tue Jul 19 22:37:35 2022

Route selected is from the **longest** AS-PATH. I've tried pushing and setting local pref/med/...,
I don't know where the shown metric and localpref on it are even coming from.

home-gw # get router info bgp neighbors 10.29.127.5 received-routes
...
*> 10.29.127.254/32 10.29.127.5 0 0 0 65497 ? <-/->
*> 10.31.1.0/24 10.29.127.5 0 0 65497 4200090001 4200090001 4200090001 ? <-/->
*> 10.31.1.1/32 10.29.127.5 0 0 65497 65496 65495 4200090001 ? <-/->
...
home-gw # get router info bgp neighbors 10.10.1.1 received-routes
*> 10.29.127.252/30 10.10.1.1 0 0 65495 ? <-/->
*> 10.31.1.0/24 10.10.1.1 0 0 65495 4200090001 ? <-/->
*> 10.31.1.1/32 10.10.1.1 0 0 65495 4200090001 ? <-/->


nothing will make the stupid thing route to 10.10.1.1 short of taking down the 10.29.127.5 link.

home-gw # get router info routing-table all
. . .
B 10.29.127.254/32 [20/20] via 10.29.127.5 (recursive is directly connected, VLAN-4001), 09:19:24, [1/0]
B 10.31.1.0/24 [20/20] via 10.29.127.5 (recursive is directly connected, VLAN-4001), 09:19:24, [1/0]
B 10.31.1.1/32 [20/0] via 10.10.1.1 (recursive via HM-VPN-SPOKE tunnel 66.37.4.14 vrf 0), 09:08:08, [1/0]
. . .

Any ideas?

8 REPLIES 8
Toshi_Esumi
Esteemed Contributor III

You must have a route-map to raise the local preference to 200 (default 100) for the routes from 10.29.127.5 neighbor. Local preference has higher priority than AS path.

 

Toshi

Toshi_Esumi
Esteemed Contributor III

aionescu
Staff
Staff

Hi @ksmithaz1,

 

Welcome to the community.

 

Can you share the BGP configuration?

 

Looking at your output:

 

home-gw # get router info bgp network 10.31.1.0/24
VRF 0 BGP routing table entry for 10.31.1.0/24
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:

 

10.10.1.1

Original VRF 0
65497 4200090001 4200090001 4200090001
10.29.127.5 from 10.29.127.5 (10.29.127.5)
Origin incomplete metric 20, localpref 200, valid, external, best
Last update: Tue Jul 19 22:26:19 2022

 

Original VRF 0
65495 4200090001
10.10.1.1 from 10.10.1.1 (10.29.1.1)
Origin incomplete metric 0, localpref 100, valid, external
Last update: Tue Jul 19 22:37:35 2022

 

We can see that the prefix received from 10.29.127.5 has a metric of 20 and localpref of 200.

BGP selects the best path based on a list of attributes:

  • Weight.
  • Local Preference.
  • Originate.
  • AS path length.
  • Origin code.
  • MED (metric)
  • eBGP path over iBGP path.
  • Shortest IGP path to BGP next hop.

In your case, based on the output, the path via 10.29.127.5 is selected because of the local preference (probably configured on home-gw and applied as route-map-in).

MED (Multi Exit Discriminator) Attribute is the BGP Path attribute which provides information to the external neighbors, about how to come their AS (probably configured on the 10.29.127.5 and 10.10.1.1 and applied, probably, as route-map-out).

 

Looking at the config would provide more insight.

 

 

Preview
 
 
 
 
 
 
 
ksmithaz1

Apologies, when configured this breaks some access, so I had really mangled the configuration trying to make something work.
I need to reset the configuration to broken sanity. Then I'll walk thru it more thouroughly.  Will take a bit, I have to end-around to get into things.

ksmithaz1
New Contributor

config router bgp
   set as 65496
   set router-id 10.29.127.1
   set always-compare-med enable
   config neighbor
       edit "10.29.127.5"
           set soft-reconfiguration enable
           set remote-as 65497
           set route-map-in "RM-IANA"
           set route-map-out "RM-IANA"
       next
       edit "10.29.127.9"
           set remote-as 65409
       next
       edit "10.10.1.1"
           set ebgp-enforce-multihop enable
           set soft-reconfiguration enable
           set remote-as 65495
           set route-map-in "RM-IANA-100"
           set route-map-out "RM-IANA-100"
       next
   end
   config network6
       edit 1
           set prefix6 ::/128
       next
   end
   config redistribute "connected"
       set status enable
   end
   config redistribute "rip"
   end
   config redistribute "ospf"
   end
   config redistribute "static"
       set status enable
   end
   config redistribute "isis"
   end
   config redistribute6 "connected"
   end
   config redistribute6 "rip"
   end
   config redistribute6 "ospf"
   end
   config redistribute6 "static"
   end
   config redistribute6 "isis"
   end
end

Toshi_Esumi
Esteemed Contributor III

What's the difference between two route-maps "RM-IANA" and "RM-IANA-100"? My assumption is the former sets local-pref 200 while the latter sets 100.
But it's not useful/correct to use the same route-map for both inbound and outbound. Local-pref setting is meaningful only for inbound.

 

Toshi

ksmithaz1

So, ...  Unfortunately I had mangled the configuration to manually try and get this to do something, originally there were NO route-maps when I posted..., I generally avoid using local pref,   However you would have found that in an effort to make things work as expected I added ...

 

   edit "RM-IANA"
       config rule
           edit 1
               set match-ip-address "PL-IANA"
               set set-local-preference 50
           next
       end
   next
   edit "RM-IANA-100"
       config rule
           edit 1
               set match-ip-address "PL-IANA"
               set set-local-preference 100
           next
       end
   next

PL-IANA was all the RFC1918 space, and I still had the problem, in fact the above route selection still showed 200/100.

 

Sooo... in an effort to be more thorough, I removed everything from HM-GW and restarted from from the FRR, opening up the advertisements, documenting each step to post in this forum.    I won't post all of it at this point because it's working now as expected . . .

 

home-gw # get router info bgp network 10.31.1.0/24
VRF 0 BGP routing table entry for 10.31.1.0/24
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
10.29.127.5
Original VRF 0
65497 4200090001 4200090001 4200090001
10.29.127.5 from 10.29.127.5 (10.29.127.5)
Origin incomplete metric 0, localpref 100, valid, external
Last update: Wed Jul 20 21:26:58 2022

Original VRF 0
65495 4200090001
10.10.1.1 from 10.10.1.1 (10.29.1.1)
Origin incomplete metric 0, localpref 100, valid, external, best
Last update: Tue Jul 19 22:37:35 2022

-- WTF?

I will keep an eye on this.  It was broken.   There may have been something stale lingering around from the 6.x to 7.x to 7.2 upgrade that ripping and replacing fixed.

 

Thank you.

NorbertoGoyette
New Contributor

Your post has piqued my interest greatly, and I am really impressed with it. I'm hoping for more excellent posts. basketball stars

Labels
Top Kudoed Authors