I hope you can assist, I have an issue where the iBGP route that is advertised from the ISP is not being added into the Forti routing-table.
The neighbor relationship is working and I can see the routes - please see below output from my config - I must be missing something - our help is appreciated !!
config router prefix-list edit "DFLT-BGP-IN" config rule edit 1 set prefix 0.0.0.0 0.0.0.0 unset ge unset le next edit 10 set action deny set prefix any unset ge unset le next end next edit "RAIN-OUT" config rule edit 10 set prefix 18.104.22.168 255.255.255.240 unset ge unset le next edit 20 set action deny set prefix any unset ge unset le next
config router route-map[/ul]
edit "only_default_route" config rule edit 10 set match-ip-address "DFLT-BGP-IN" next end next edit "BGP-RTMP-1-IN-ISP1" config rule edit 10 set match-ip-address "DFLT-BGP-IN" set set-local-preference 200 next end next edit "BGP-RTMP-2-IN-ISP2" config rule edit 10 set match-ip-address "DFLT-BGP-IN" set set-local-preference 150 next end next edit "BGP-RTMP-1-OUT-ISP-1" config rule edit 10 set match-ip-address "RAIN-OUT" set set-metric 100 next end next edit "BGP-RTMP-2-OUT-ISP-2" config rule edit 10 set match-ip-address "RAIN-OUT" set set-metric 150
config router static[/ul]
edit 19 set dst 22.214.171.124 255.255.255.240 (fake public addresses we use) set blackhole enable next edit 17 set dst 126.96.36.199 255.255.255.255 (loopback) set blackhole enable nextend
config router bgp[/ul]
set as 37101 set router-id 188.8.131.52 config neighbor edit "10.1.24.1" set description "ISP-1" set remote-as 37105 set route-map-in "BGP-RTMP-1-IN-ISP1" set route-map-out "BGP-RTMP-1-OUT-ISP-1" set send-community6 disable next end config network edit 10 set prefix 184.108.40.206 255.255.255.240
Here is the output from the tshoot:
BGP router identifier 220.127.116.11, local AS number 37105BGP table version is 72 BGP AS-PATH entries0 BGP community entriesNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.1.24.1 4 37105 1171 1143 7 0 0 15:57:11 1
# get router info bgp networkBGP table version is 7, local router ID is 18.104.22.168Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path*>i0.0.0.0/0 10.1.24.1 0 200 0 37662 i*> 22.214.171.124/28 0.0.0.0 100 32768 iTotal number of prefixes 2
# get router info bgp neighbors 10.1.24.1 received-routes
% Inbound soft reconfiguration not enabled
# get router info routing-table bgp
So the route that the neighbor advertises, is seen by BGP, but not added to the BGP routing table ?
Hi. Could you check the #get router info routing-table database output? Does it have default route received from BGP neighbor?
If yes, it seems that you don't have any issue. As you can see from your debug soft-reconfiguration feature is not enabled for your neighbor. it means that prefixes rejected by the inbound policy are not kept in memory and therefore "get router info bgp neighbors 10.1.24.1 received-routes" is unable to show these rejected prefixes. You accept only default and reject all, so it seems to be a root cause.
get router info routing-table database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> - selected route, * - FIB route, p - stale info
B 0.0.0.0/0 [200/0] via 10.1.24.1, 18:58:18
S *> 0.0.0.0/0 [10/0] via 126.96.36.199, wan1
S 188.8.131.52/32 [10/0] is a summary, Null inactive
C *> 184.108.40.206/32 is directly connected, BGP-LOOPBACK-0
So am I correct in saying that it is actually there - but due to a static default route, forti is not adding it to the routing table to rout with ?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.