Hi
What is the difference between:
set additional-path-select<#>under config router bgp
and
set adv-additional-path <#>
under config neighbor
attached screenshot
Also, I sow on the other peer this:
set additional-path receive
I disable it by:
set additional-path disable
And even after clearing and restarting BGP I can still see that HQ advertising multiple (three) paths to me
Later I noticed that my local BGP has 'ibgp-multipath' enabled
-- If I only enable 'set additional-path receive' under neighbor I don't see that I can learn additional paths from neighbor -- Only if I enable 'set ibgp-multipath enable' in global BGP settings I can learn additional paths from neighbor -- And if I enable 'set ibgp-multipath enable' alone without 'set additional-path receive' under neighbor I can still learn additional paths from neighbor. Why this behavior? I mean why do we need the 'set additional-path receive' if 'set ibgp-multipath enable' is doing the job alone?
What is the purpose of "set additional-path receive" if HQ still can advertise to me additional paths without it and only with 'set ibgp-multipath enable' ?
Thanks
So lets start with ibgp-multipath. That allows for mpath from iBGP only. That is my understanding of that feature. This allows for ecmp and selection of paths from ibgp.
On set additional-path-select this is for additional paths and the total number of paths.
So what are your goals or desire with mpath? I believe in fortios those should be default disable and additional-path select does NOT come up as an option until you enable ibgp-mpath
I believe the additional path select was put into place to limit bgp resources from learned paths, fwiw
Ken Felix
PCNSE
NSE
StrongSwan
Thanks
Open a ticket with support. I personally never used it from what I can recall.
Ken Felix
PCNSE
NSE
StrongSwan
Although I haven't used multipath, I see it's disabled at a neighbor by default after enabling under BGP globally (6.4.4). It could be a bug depending on the version. I would open a ticket.
Thank you both
I investigated the issue with support, and it was a misunderstanding of this command
As i ran two IPSEC VPNs towards the HQ additional to the main IPVPN line, I was always receiving three routes if ibgp-multipath is enabled, no matter if 'set additional-path receive' is set or not under neighbor. Because those routes are already learned by the main line and the other two IPSECs, and they're not additional routes.
'set additional-path receive' was taking position only with ADVPN shortcuts in my scenario. So if I was trying to speak to my other office and shortcut created and set additional-path receive is enabled I will see in my routing table two additional routes to the destination. but with 'set additional-path disable' no additional routes was added to the routing table.
Thanks
Thanks for the update, duly noted
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.