Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chowzen
New Contributor

BGP - not adding BGP route into routing-table

Hi all,

 

I hope you can assist, I have an issue where the iBGP route that is advertised from the ISP is not being added into the Forti routing-table.

 

The neighbor relationship is working and I can see the routes - please see below output from my config - I must be missing something - our help is appreciated !!

 

Config:

config router prefix-list     edit "DFLT-BGP-IN"         config rule             edit 1                 set prefix 0.0.0.0 0.0.0.0                 unset ge                 unset le             next             edit 10                 set action deny                 set prefix any                 unset ge                 unset le             next         end     next     edit "RAIN-OUT"         config rule             edit 10                 set prefix 1.2.3.4 255.255.255.240                 unset ge                 unset le             next             edit 20                 set action deny                 set prefix any                 unset ge                 unset le             next

[ul]
  • config router route-map[/ul]

        edit "only_default_route"         config rule             edit 10                 set match-ip-address "DFLT-BGP-IN"             next         end     next     edit "BGP-RTMP-1-IN-ISP1"         config rule             edit 10                 set match-ip-address "DFLT-BGP-IN"                 set set-local-preference 200             next         end     next     edit "BGP-RTMP-2-IN-ISP2"         config rule             edit 10                 set match-ip-address "DFLT-BGP-IN"                 set set-local-preference 150             next         end     next     edit "BGP-RTMP-1-OUT-ISP-1"         config rule             edit 10                 set match-ip-address "RAIN-OUT"                 set set-metric 100             next         end     next     edit "BGP-RTMP-2-OUT-ISP-2"         config rule             edit 10                 set match-ip-address "RAIN-OUT"                 set set-metric 150

    [ul]
  • config router static[/ul]

        edit 19         set dst 1.2.3.4 255.255.255.240 (fake public addresses we use)         set blackhole enable     next     edit 17         set dst 2.2.2.2 255.255.255.255 (loopback)         set blackhole enable     next end

    [ul]
  • config router bgp[/ul]

        set as 37101     set router-id 2.2.2.2     config neighbor         edit "10.1.24.1"             set description "ISP-1"             set remote-as 37105             set route-map-in "BGP-RTMP-1-IN-ISP1"             set route-map-out "BGP-RTMP-1-OUT-ISP-1"             set send-community6 disable         next     end     config network         edit 10             set prefix 1.2.3.4 255.255.255.240

  • Here is the output from the tshoot:

     

    BGP router identifier 2.2.2.2, local AS number 37105 BGP table version is 7 2 BGP AS-PATH entries 0 BGP community entries Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd 10.1.24.1       4      37105    1171    1143        7    0    0 15:57:11        1

     

    # get router info bgp network BGP table version is 7, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,               S Stale Origin codes: i - IGP, e - EGP, ? - incomplete    Network          Next Hop            Metric LocPrf Weight Path *>i0.0.0.0/0        10.1.24.1                0    200      0 37662 i *> 1.2.3.4/28   0.0.0.0                       100  32768 i Total number of prefixes 2

     

    # get router info bgp neighbors 10.1.24.1 received-routes % Inbound soft reconfiguration not enabled

     

    # get router info routing-table bgp

    So the route that the neighbor advertises, is seen by BGP, but not added to the BGP routing table ?

     

    please help

     

    thanks

     

     

     

     

    6 REPLIES 6
    stanislav_timofeev
    New Contributor II

    Hi. Could you check the #get router info routing-table database output? Does it have default route received from BGP neighbor? 

    If yes, it seems that you don't have any issue. As you can see from your debug soft-reconfiguration feature is not enabled for your neighbor. it means that prefixes rejected by the inbound policy are not kept in memory and therefore "get router info bgp neighbors 10.1.24.1 received-routes" is unable to show these rejected prefixes. You accept only default and reject all, so it seems to be a root cause. 

    NSE 8 #003249, FCT, CCSE, CompTIA CTT+

    NSE 8 #003249, FCT, CCSE, CompTIA CTT+
    emnoc
    Esteemed Contributor III

    Agreed, your  prefix is not going to be useful due to your route-policy via the route-map. if you want to fix this add the prefix to the prefix list

     

    e.g

    config router prefix-list     edit "DFLT-BGP-IN"         config rule             edit 1                 set prefix 0.0.0.0 0.0.0.0                 unset ge                 unset le             next

               edit 2                 set prefix x.x.x.x/24                  set action accept             next             edit 10                 set action deny                 set prefix any                 unset ge                 unset le             next         end     next

    PCNSE 

    NSE 

    StrongSwan  

    PCNSE NSE StrongSwan
    chowzen

    Thanks for the reply.

     

    here is the important bits:

     

    get router info routing-table database Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP        O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area        > - selected route, * - FIB route, p - stale info B       0.0.0.0/0 [200/0] via 10.1.24.1, 18:58:18 S    *> 0.0.0.0/0 [10/0] via 41.73.34.17, wan1 S       2.2.2.2/32 [10/0] is a summary, Null inactive C    *> 2.2.2.2/32 is directly connected, BGP-LOOPBACK-0

     

     

    So am I correct in saying that it is actually there - but due to a static default route, forti is not adding it to the routing table to rout with ?

    chowzen
    New Contributor

    Yes, it was that.  So stupid... I changed the admin distance - and there it is.

     

    thanks for the replies guys - really appreciate it.

    Fido
    New Contributor II

    Hi Chowzen,

     

    Can you please show the command that was used to modify the BGP AD?

    jhege
    New Contributor

    Do you have a default static route that could be overriding the BGP default route?

    Labels
    Top Kudoed Authors