Hi,
Question: Is it possible to do as path prepending for default route advertised using capability-default-originate enable?
We have a setup with 2 Fortigates connected southbound to APN on Mobile Network, and northbound to the internet.
Towards the APN BGP is used, and the Fortigate must always advertise default route to APN, regardless whether the northbound internet connection is up or down. For this I can use set capability-default-originate in BGP configuration.
config router bgp set as 65534 set router-id 1.2.3.4 set keepalive-timer 10 set holdtime-timer 30 config neighbor edit "1.2.3.5" set bfd enable set capability-default-originate enable
Furthermore we would like to use as path prepending on one Fortigate in order to steer the traffic to the other Fortigate. For this I can use set-aspath in route-map configuration.
config router prefix-list edit "only_dflt" config rule edit 1 set prefix 0.0.0.0 0.0.0.0 unset ge unset le next end next
config router route-map edit "only_dflt_route" config rule edit 1 set match-ip-address "only_dflt" set set-aspath "65534 65534 65534" next end next
However this as-path prepending works if I redistribute the static default route into bgp using:
config router bgp
config redistribute "static" set status enable end
Showing advertised route:
FG02 # get router info bgp neighbors 1.2.3.5 advertised-routes BGP table version is 42, local router ID is 1.2.3.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight RouteTag Path *> 0.0.0.0/0 1.2.3.5 32768 0 65534 65534 65534 ? Total number of prefixes 1
But if I don't do this and advertise default using capability-default-originate enable there is no as-path prepending performed.
Showing advertise routes:
FG02 # get router info bgp neighbors 1.2.3.5 advertised-routes BGP table version is 42, local router ID is 1.2.3.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight RouteTag Path *> 0.0.0.0/0 1.2.3.5 100 32768 0 i Total number of prefixes 1
Is there a way to do as-path prepending in combination with capability-default-originate?
Best Regards!
Arjan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I don't think you can do what you want to do. But I don't understand why you have to use capability-default-originate while you have a static default route in the routing-table. The default-originate is useful, FortiGates or any other routers, when a default route doesn't exist or regardless its existence, redirect all non-specific traffic from neighbors toward itself.
Agreed, How are you learning the default 0.0.0.0/0 if it's from a IGP as soon as that route goes away that route would be flushed
if you have a bgp peer with more than 1 source of a 0.0.0.0/0 just have them use route-map and set loclpreference on what route they want active in the BGP table. That's how I've always done it in the last 15 years or so
Ken Felix
PCNSE
NSE
StrongSwan
Thanks for your answers!
The other party is only accepting default route, i.e. there are no more specific routes for the local servers. Advertising default using capability-default-originate decouples the advertisement of default from the state of the default route to the Internet and reduces the risk of breaking the connectivity to local servers from the other party.
Was looking for a way to configure as-path prepending, couldn't find it, apparently it is not possible.
Arjan
You could set a route-map for your default originate setting, in that you can configure the as-path prepending:
default-originate-routemap
Check this KB article out, there it's explained and why it's not working with a usual route-map in the BGP neighbor:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD45618
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.