Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Zoxan
New Contributor

BGP with 2 ISP, prefix unreacheable from random sources.

Hi, guys! I have FG200F, 2 ISP peers established connection with options "Enforce eBGP multihop" and "soft reconfiguration", one of them(marked as IGP) is "best-path", second is "Incomplete". Option "EBGP multi path" enabled in best path selection section. Prefix advertised to both peers, two path for 0.0.0.0 avaible. However, customers using different providers have random access to mapped sites - tested, no ping. Looking Glass ping services shows different results. Links work well independently though. I tried to use different maps-in and out, but to no avail. BGPview.io shows 2 peers and draws Graphs. What seems to be a problem?

3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

What is actually "a problem"? You seem to have your own public subnets advertising two network providers equally. Those subnets are available via both providers for the rest of the internet without any prioritization. Then depending on where the customers are or what provider they use and which your provider is "closer" to their provider they might come through one path over the other or opposite. And, you don't have any control over it and it might change any moment. Isn't that your design?

 

Toshi

spoojary
Staff
Staff

Your FG200F's BGP setup is displaying inconsistent routing:

  1. BGP Path Selection: Even with two paths for 0.0.0.0, only one will be chosen based on BGP criteria. Check BGP attributes to ensure proper path selection.

  2. Incomplete Path: Investigate why the second path is 'Incomplete'; this can affect route decisions.

  3. AS Path & Other Attributes: Verify there are no unintentional AS Path prependings or modifications that might influence selection.

  4. Routing Policy: Ensure your route-maps aren't filtering or modifying BGP attributes in a way that hinders proper route propagation.

  5. External Factors: Be aware that ISP or internet-wide issues can affect route propagation.

  6. Monitoring & Debugging: Use FortiGate commands (get router info bgp summary & get router info bgp routes) to review BGP statuses.

Finally, consider consulting your ISPs' support teams and potentially Fortinet support for deeper analysis.

Siddhanth Poojary
Zoxan
New Contributor

So, referring to https://community.fortinet.com/t5/FortiGate/Technical-Tip-BGP-AS-Path-Prepending-Configuration-Examp... i tried to make "incomplete" pass less preferable by setting the route map-out with triple AS number. It works somehow, but has impact on SD-WAN sessions - now all traffic goes through "best-path" regardless of load balancing rule. Both links have default localpref=100

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors