- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
BGP additional-path-select
Hi
What is the difference between:
set additional-path-select<#>under config router bgp
and
set adv-additional-path <#>
under config neighbor
attached screenshot
Also, I sow on the other peer this:
set additional-path receive
I disable it by:
set additional-path disable
And even after clearing and restarting BGP I can still see that HQ advertising multiple (three) paths to me
Later I noticed that my local BGP has 'ibgp-multipath' enabled
-- If I only enable 'set additional-path receive' under neighbor I don't see that I can learn additional paths from neighbor -- Only if I enable 'set ibgp-multipath enable' in global BGP settings I can learn additional paths from neighbor -- And if I enable 'set ibgp-multipath enable' alone without 'set additional-path receive' under neighbor I can still learn additional paths from neighbor. Why this behavior? I mean why do we need the 'set additional-path receive' if 'set ibgp-multipath enable' is doing the job alone?
What is the purpose of "set additional-path receive" if HQ still can advertise to me additional paths without it and only with 'set ibgp-multipath enable' ?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So lets start with ibgp-multipath. That allows for mpath from iBGP only. That is my understanding of that feature. This allows for ecmp and selection of paths from ibgp.
On set additional-path-select this is for additional paths and the total number of paths.
So what are your goals or desire with mpath? I believe in fortios those should be default disable and additional-path select does NOT come up as an option until you enable ibgp-mpath
I believe the additional path select was put into place to limit bgp resources from learned paths, fwiw
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Open a ticket with support. I personally never used it from what I can recall.
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Although I haven't used multipath, I see it's disabled at a neighbor by default after enabling under BGP globally (6.4.4). It could be a bug depending on the version. I would open a ticket.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you both
I investigated the issue with support, and it was a misunderstanding of this command
As i ran two IPSEC VPNs towards the HQ additional to the main IPVPN line, I was always receiving three routes if ibgp-multipath is enabled, no matter if 'set additional-path receive' is set or not under neighbor. Because those routes are already learned by the main line and the other two IPSECs, and they're not additional routes.
'set additional-path receive' was taking position only with ADVPN shortcuts in my scenario. So if I was trying to speak to my other office and shortcut created and set additional-path receive is enabled I will see in my routing table two additional routes to the destination. but with 'set additional-path disable' no additional routes was added to the routing table.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the update, duly noted
Ken Felix
PCNSE
NSE
StrongSwan