Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
santosp
New Contributor

DSCP marking for BGP

Hi, 

It seems the FortiGate is marking BGP routing traffic with TOS Hex (tos=ff/ff) which seems to be not getting preserved causing BGP dropouts during high link usage.

Is there a way to tag BGP traffic ? I tried creating a shaper matching port 179 but that didnt help. 

Thank you.

5 REPLIES 5
jiahoong112
Staff
Staff

You may find both of these resources useful:-

https://docs.fortinet.com/document/fortigate/7.0.5/administration-guide/672387/using-bgp-tags-with-s...  -> Binding BGP tags with SDWAN rules. 

SD-WAN rules can use BGP learned routes as dynamic destinations.

 

https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/380145/configuring-sd-wan-ru... -> On the SDWAN rules, you can specify the TOS value

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
santosp
New Contributor

Hi @jiahoong112  Thanks for sharing. Yes those are good references for SDWAN with community and TOS marking. But I am looking for a plane BGP routing marked with CS6 with high priority so that the peering stays up even in case of high link utilization. Fortigate seems to be marking it with tos=ff/ff which seems to be not preserved. A manual shaper setting DSCP and reserving bandwidth is not helping.

BGP control plane traffic is not matching or getting remarked to DSCP CS6 and there should be something which I am missing in the configuration.

jiahoong112

Actually, those are using BGP dynamic routing in an SDWAN configuration. My thought process of linking both documents is because you can configure SDWAN Rules to use BGP routing whilst using the TOS marking on those SDWAN rules, which in a way, might achieve what you're seeking. I personally have not tested this myself.

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
santosp

Yes you are correct in marking DSCP via SDWAN network. I am looking for peer to peer (CE-PE) routing protocol control traffic preservance. Fortigate seems to be not tagging it with CS6 why is why peering drops.

RogersKuvalis
New Contributor

I'm incredibly impressed with your post because it has caught my curiosity so much. I anticipate seeing more fantastic posts. geometry dash

Labels
Top Kudoed Authors