And even after clearing and restarting BGP I can still see that HQ advertising multiple (three) paths to me
Later I noticed that my local BGP has 'ibgp-multipath' enabled
-- If I only enable 'set additional-path receive' under neighbor I don't see that I can learn additional paths from neighbor
-- Only if I enable 'set ibgp-multipath enable' in global BGP settings I can learn additional paths from neighbor
-- And if I enable 'set ibgp-multipath enable' alonewithout 'set additional-path receive' under neighbor I can still learn additional paths from neighbor.
Why this behavior? I mean why do we need the 'set additional-path receive' if 'set ibgp-multipath enable' is doing the job alone?
What is the purpose of "set additional-path receive" if HQ still can advertise to me additional paths without it and only with 'set ibgp-multipath enable' ?
Thanks for your answer
I did some extra research for the first part of my question regarding 'set additional-path-select' and I think it is only for calculation bestpath process. And the 'set adv-additional-path ' is stating for how many bestpaths already calculated to be advertised to your neighbor.
I know what is 'ibgp-multipath' and I know its purpose is ECMP for iBGP. But my question is why do I need the 'set additional-path receive' under neighbor settings if it is not doing anything?
All I need is enabling 'ibgp-multipath' under BGP global settings and I can receive multiple paths without enabling 'set additional-path receive' under neighbor section.
And if I enable 'set additional-path receive' under neighbor section alone without 'ibgp-multipath' I see no results.
So what is the purpose of 'set additional-path receive' ?
I investigated the issue with support, and it was a misunderstanding of this command
As i ran two IPSEC VPNs towards the HQ additional to the main IPVPN line, I was always receiving three routes if ibgp-multipath is enabled, no matter if 'set additional-path receive' is set or not under neighbor. Because those routes are already learned by the main line and the other two IPSECs, and they're not additional routes.
'set additional-path receive' was taking position only with ADVPN shortcuts in my scenario. So if I was trying to speak to my other office and shortcut created and set additional-path receive is enabled I will see in my routing table two additional routes to the destination. but with 'set additional-path disable' no additional routes was added to the routing table.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.