Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
liping
New Contributor

BGP advertise default and as path prepending

Hi,

 

Question: Is it possible to do as path prepending for default route advertised using capability-default-originate enable?

 

We have a setup with 2 Fortigates connected southbound to APN on Mobile Network, and northbound to the internet.

 

Towards the APN BGP is used, and the Fortigate must always advertise default route to APN, regardless whether the northbound internet connection is up or down.  For this I can use set capability-default-originate in BGP configuration.

 

config router bgp     set as 65534     set router-id 1.2.3.4     set keepalive-timer 10     set holdtime-timer 30     config neighbor         edit "1.2.3.5"             set bfd enable             set capability-default-originate enable  

 

Furthermore we would like to use as path prepending on one Fortigate in order to steer the traffic to the other Fortigate.  For this I can use set-aspath in route-map configuration.

 

 

config router prefix-list     edit "only_dflt"         config rule             edit 1                 set prefix 0.0.0.0 0.0.0.0                 unset ge                 unset le             next         end     next

 

config router route-map     edit "only_dflt_route"         config rule             edit 1                 set match-ip-address "only_dflt"                 set set-aspath "65534 65534 65534"             next         end     next

 

 

However this as-path prepending works if I redistribute the static default route into bgp using:

 

config router bgp

   config redistribute "static"         set status enable     end

 

Showing advertised route:

FG02 # get router info bgp neighbors 1.2.3.5 advertised-routes BGP table version is 42, local router ID is 1.2.3.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete    Network          Next Hop            Metric LocPrf Weight RouteTag Path *> 0.0.0.0/0        1.2.3.5                     32768        0 65534 65534 65534 ? Total number of prefixes 1

 

 

But if I don't do this and advertise default using capability-default-originate enable there is no as-path prepending performed.

 

Showing advertise routes:

 

FG02 # get router info bgp neighbors 1.2.3.5 advertised-routes BGP table version is 42, local router ID is 1.2.3.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete    Network          Next Hop            Metric LocPrf Weight RouteTag Path *> 0.0.0.0/0        1.2.3.5                 100  32768        0 i Total number of prefixes 1

Is there a way to do as-path prepending in combination with capability-default-originate?

 

Best Regards!

Arjan

 

4 REPLIES 4
Toshi_Esumi
SuperUser
SuperUser

I don't think you can do what you want to do. But I don't understand why you have to use capability-default-originate while you have a static default route in the routing-table. The default-originate is useful, FortiGates or any other routers,  when a default route doesn't exist or regardless its existence, redirect all non-specific traffic from neighbors toward itself.

emnoc
Esteemed Contributor III

Agreed, How are you learning the default 0.0.0.0/0 if it's from a IGP as soon as that route goes away that route would be flushed

 

if you have a bgp peer with more than 1 source of a 0.0.0.0/0 just have them use route-map and set loclpreference on what route they want active in the BGP table. That's how I've always done it in the last 15 years or so

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
liping
New Contributor

Thanks for your answers!

The other party is only accepting default route, i.e. there are no more specific routes for the local servers. Advertising default using capability-default-originate decouples the advertisement of default from the state of the default route to the Internet and reduces the risk of breaking the connectivity to local servers from the other party.

Was looking for a way to configure as-path prepending, couldn't find it, apparently it is not possible.

Arjan

oheigl
Contributor II

You could set a route-map for your default originate setting, in that you can configure the as-path prepending:

 

default-originate-routemap

 

Check this KB article out, there it's explained and why it's not working with a usual route-map in the BGP neighbor:

 

https://kb.fortinet.com/kb/documentLink.do?externalID=FD45618

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors