BGP AS Path Prepend

ddskier · ‎10-12-2012

Guys, I am running the fortinet 4.3.9 firmware and I am trying to have my AS-Path be prepended so that I can encourage most of the internet to us my primary internet line for communication. I followed this Fortinat KB Article: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31868&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=38608497&stateId=0 0 38610093 Unforunately, even after following these steps the ASP Path isn' t being prepended. I can tell this by the output of the " get router info bgp network" command. Here is my config: (ASN Number has be replaced with XXX) config router route-map edit " xxx-routemap" config rule edit 1 set set-aspath " xxx xxx xxx xxx xxx" next end next end config router bgp set as xxxx config neighbor edit " yyy:yyyy:::1" set remote-as DDD set weight 200 next edit " zzzz:zzzzz::1" set remote-as DDDD set route-map-out " xxx-routemap" set weight 100 next end Any ideas on this one?

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

emnoc · ‎10-12-2012

" get router info bgp network"

I don' t think that would should you if pre-path pending is taking place.The route would look local to you. What you need todo is to have the peer validate show ip bgp x.x.x.x/x where x.x.x.x/x is your prefix or validate by using a public facing route-sever ( route-server.he.net route-server.host.net route-server.ip.att.net or any of the other route-servers or any other BGP router out in the wild )

PCNSE

NSE

StrongSwan

ddskier · ‎10-12-2012

Unfortunately, my ISP has confirmed that they are not seeing the prepend either. I have actually openned a ticket with Fortinet to see what the issue is.

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

emnoc · ‎10-13-2012

One other thing, when you applied the route-map did you reset the BGP peering? Some times updates like path prepend or sending metrics must be soft-reset for those changes to apply.

PCNSE

NSE

StrongSwan

ddskier · ‎10-15-2012

Yeah. I did reset the peer, but there was no difference. Fortinet is still researching the issue.

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

ddskier · ‎10-15-2012

Figured out the issue: For IPv6 the following line: set route-map-out " xxx-routemap" should be changed to: set route-map-out6 " xxx-routemap"

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

emnoc · ‎10-16-2012

cool I didn' t recognize those address as ipv6

PCNSE

NSE

StrongSwan

ddskier · ‎10-16-2012

Yeah I felt stupid was I saw it.

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

emnoc · ‎10-16-2012

Don' t feel bad, fortigate TAC didn' t know that diag debug flow cmd required the filtter6 option for ipv6 diagnostic

I spent 3 days awaiting for them once, and found out the delay was they had no ideal on how I diagnostic my ipv6 flow issue.

PCNSE

NSE

StrongSwan

ddskier · ‎10-16-2012

Yep. I' m finding that a lot of my vendors are still struggling with the IPv6 concept. More often than not I end up getting to Level 4 support within the various ISPs to do anything with IPv6. It is going to take a few years for everyone to catch up.

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D