BGP Set Community command

Bubbabowski · ‎03-18-2019

We're configuring our Internet circuit for BGP. I've been instructed by our Network Provider to set our community to 100:999. The 999 will allow for a subnet smaller than /24 to be announced. What is the command or process to do this on the Fortigate 500e?

I believe it would be the Cisco equivalent of 'set community 100:999'

Thanks!

Toshi_Esumi · ‎03-18-2019

I'm not sure if your provider accepts all your internal prefixes/routes advertised toward their end with the community, or just public subnets you got assigned from them. The community needs to be defined under "config router community-list". If you can/want to advertise all of them, you can follow the KB below:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD31516

But even if it works for now, soon or later you need/want to control what to be advertised. At that time, you need to define prefix-lists and match them in the same route-map and filter out the rest.

View solution in original post

Toshi_Esumi · ‎03-18-2019

No. That's for filtering prefixes that already have a community attached. More like below:

config router prefix-list

edit "public-net"

config rule

edit 1

set prefix 12.34.56.78 255.255.255.192

unset ge

unset le

config router route-map

edit "announce-public"

config rule

edit 1

set match-ip-address "public-net"

set set-community "COMM_LIST_NAME"

If it's assigned to one of FGT's interface, don't forget to enable "redistribute connected". If it's not in BGP table, above scheme wouldn't work.

View solution in original post

Toshi_Esumi · ‎03-18-2019

I'm not sure if your provider accepts all your internal prefixes/routes advertised toward their end with the community, or just public subnets you got assigned from them. The community needs to be defined under "config router community-list". If you can/want to advertise all of them, you can follow the KB below:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD31516

But even if it works for now, soon or later you need/want to control what to be advertised. At that time, you need to define prefix-lists and match them in the same route-map and filter out the rest.

Bubbabowski · ‎03-18-2019

You are correct. We want to advertise the prefix of a public IP Block that we own. Example, but not really our IP Block:

config neighbor

edit 1.1.1.1

set local-as 65001

set prefix 12.34.45.67/26

Is this how you are recommending making the route-map change:

http://help.fortinet.com/cli/fos50hlp/56/Content/FortiOS/fortiOS-cli-ref-56/config/router/community-...

Toshi_Esumi · ‎03-18-2019

No. That's for filtering prefixes that already have a community attached. More like below:

config router prefix-list

edit "public-net"

config rule

edit 1

set prefix 12.34.56.78 255.255.255.192

unset ge

unset le

config router route-map

edit "announce-public"

config rule

edit 1

set match-ip-address "public-net"

set set-community "COMM_LIST_NAME"

If it's assigned to one of FGT's interface, don't forget to enable "redistribute connected". If it's not in BGP table, above scheme wouldn't work.

Bubbabowski · ‎03-18-2019

Thank you for the explanation. Please forgive my ignorance, but how would I apply this to bgp?

Like this?

config router bgp

config neighbor

edit 1.1.1.1

set route-map-out "announce-public"

Also, where to enable "redistribute connected"?

Toshi_Esumi · ‎03-18-2019

You have to cofigure the neighbor as in the first KB I referred. Then you can refer to the route-map in the "route-map-out" statement.

BGP Set Community command

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website