Fortinet Community

live89 · ‎02-02-2021

Hi

What is the difference between:

set additional-path-select<#>

under config router bgp

and

set adv-additional-path <#>

under config neighbor

attached screenshot

Also, I sow on the other peer this:

set additional-path receive

I disable it by:

set additional-path disable

And even after clearing and restarting BGP I can still see that HQ advertising multiple (three) paths to me

Later I noticed that my local BGP has 'ibgp-multipath' enabled

-- If I only enable 'set additional-path receive' under neighbor I don't see that I can learn additional paths from neighbor -- Only if I enable 'set ibgp-multipath enable' in global BGP settings I can learn additional paths from neighbor -- And if I enable 'set ibgp-multipath enable' alone without 'set additional-path receive' under neighbor I can still learn additional paths from neighbor. Why this behavior? I mean why do we need the 'set additional-path receive' if 'set ibgp-multipath enable' is doing the job alone?

What is the purpose of "set additional-path receive" if HQ still can advertise to me additional paths without it and only with 'set ibgp-multipath enable' ?

Thanks

emnoc · ‎02-02-2021

So lets start with ibgp-multipath. That allows for mpath from iBGP only. That is my understanding of that feature. This allows for ecmp and selection of paths from ibgp.

On set additional-path-select this is for additional paths and the total number of paths.

So what are your goals or desire with mpath? I believe in fortios those should be default disable and additional-path select does NOT come up as an option until you enable ibgp-mpath

I believe the additional path select was put into place to limit bgp resources from learned paths, fwiw

Ken Felix

PCNSE

NSE

StrongSwan

live89 · ‎02-02-2021

Hi Ken Thanks for your answer I did some extra research for the first part of my question regarding 'set additional-path-select' and I think it is only for calculation bestpath process. And the 'set adv-additional-path ' is stating for how many bestpaths already calculated to be advertised to your neighbor. I know what is 'ibgp-multipath' and I know its purpose is ECMP for iBGP. But my question is why do I need the 'set additional-path receive' under neighbor settings if it is not doing anything? All I need is enabling 'ibgp-multipath' under BGP global settings and I can receive multiple paths without enabling 'set additional-path receive' under neighbor section. And if I enable 'set additional-path receive' under neighbor section alone without 'ibgp-multipath' I see no results. So what is the purpose of 'set additional-path receive' ?

Thanks

emnoc · ‎02-02-2021

Open a ticket with support. I personally never used it from what I can recall.

Ken Felix

PCNSE

NSE

StrongSwan

Toshi_Esumi · ‎02-02-2021

Although I haven't used multipath, I see it's disabled at a neighbor by default after enabling under BGP globally (6.4.4). It could be a bug depending on the version. I would open a ticket.

live89 · ‎02-02-2021

Thank you both

I investigated the issue with support, and it was a misunderstanding of this command

As i ran two IPSEC VPNs towards the HQ additional to the main IPVPN line, I was always receiving three routes if ibgp-multipath is enabled, no matter if 'set additional-path receive' is set or not under neighbor. Because those routes are already learned by the main line and the other two IPSECs, and they're not additional routes.

'set additional-path receive' was taking position only with ADVPN shortcuts in my scenario. So if I was trying to speak to my other office and shortcut created and set additional-path receive is enabled I will see in my routing table two additional routes to the destination. but with 'set additional-path disable' no additional routes was added to the routing table.

Thanks

emnoc · ‎02-02-2021

Thanks for the update, duly noted

Ken Felix

PCNSE

NSE

StrongSwan

Fortinet Community

BGP additional-path-select