Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
slouw
Contributor

Why not advertised via BGP?

I have a loopback 10.222.80.1 configured (1)

I have advertised the same prefix in BGP. (2)

The BGP neighbor 10.4.10.1 in question is healthy with 159 routes received (3)

Why is this prefix not advertised via BGP? (4) 

 

2023-12-16 18h27m02 Why not advertised via BGP.png

 

1 Solution
srajeswaran

Each VRF routes are isolated so if your route is in VRF7, it will not be present in BGP databse/table on VRF1. You may configure VRF route leaking https://docs.fortinet.com/document/fortigate/6.4.0/new-features/834664/route-leaking-between-vrfs

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

18 REPLIES 18
funkylicious
Contributor III

Hi,

My bet is since you are using another interface as update-source in BGP that you need to advertised that network, 10.4.10.34/32 into BGP, since u are using it as next-hop-self for all network advertised.

geek
geek
slouw

Thanks @funkylicious.
10.4.10.34 and 10.4.10.31 can ping each other. They are the 2 ends of the healthy BGP peer.
Below is the BGP summary from the other (hub) side.

 

2023-12-17 08h55m28 hub get bgp summary.png


I changed the router ID from 10.220.5.48 to the loopback 10.222.80.1 no change in outcome though.
Appreciate the suggestion though.... please share if any more ideas come!

slouw

Post1:

"This command is not used to enable BGP on interfaces (as a matter of fact, there is no such concept in BGP, as there is in IGPs), but it is used to inject routes from the routing table to the BGP table so they can be advertised to BGP peers. For this to happen, an exact route for the prefix that needs to be advertised should be installed in the routing table on the BGP-speaking router."

This condition is met I think. My loopback address is 10.222.80.1/32 and advertised as such

Agree?

Post2: - More of less the same thing but discusses set network-import-check disable.

 

Thanks though...

Toshi_Esumi
Esteemed Contributor III

Loopback interfaces are in "connected" routes just like any other interfaces. You have to redistribute them into BGP.

   config redistribute "connected"
       set status enable
   end

Toshi

slouw

Thanks @Toshi_Esumi 
Is this the only way to advertise into BGP?
config network /set prefix as in screenshot does nothing?
Thanks again

Toshi_Esumi
Esteemed Contributor III

I'm talking about "redistribution" from connected routes into BGP. Not "advertisement", which is inside of BGP domain.
If you run "get router info bgp network", you wouldn't see the loopback interface IP in BGP table. If it's not in the table, you would never be able to "advertise" whatever the command, like "config network", you use. Because it's not there to be advertised.

 

Toshi

Toshi_Esumi
Esteemed Contributor III

Hold on. Looks like I was wrong. When I set the network statement without re-distribution, it shows in my BGP table. So that's not the cause.

fg40f-utm (bgp) # show
config router bgp
--<snip>--
   config network
       edit 1
           set prefix 10.255.255.129 255.255.255.255
       next
   end
  config redistribute "connected"
   end
--<snip>--
end
fg40f-utm (root) # show sys int loop99
config system interface
   edit "loop99"
       set vdom "root"
       set ip 10.255.255.129 255.255.255.255
       set type loopback
       set snmp-index 32
   next
end


fg40f-utm (root) # get router info bgp network
--<snip>--
*> 10.255.255.129/32
                   0.0.0.0                       100  32768        0 i <-/1>

Toshi

slouw

@Toshi_Esumi really appreciate your help.

I wonder if you could help clarify the difference between advertise and redistribute.
I am familiar with BGP as implemented by cisco devices.

I was assuming that Fortigate would mean the same thing.

Let us establish what we do agree on:

A1. Any BGP implementation has a database of routes.

A2. This database of routes is exchanged with BGP neighbors subject to any rules/config e.g. filters, route-maps etc. etc.

A3. config redistribute connected This command injects all connected subnets into the aforementioned database (Assuming the interfaces are up). Such injected routes then will be propagated with all neighbors (subject to filtering/route-map manipulation etc as mentioned).

A4. set prefix 10.255.255.129 255.255.255.255 in context of your example above. IF this network is in the main routing table already then it will be injected into the BGP database and propagated as per A3.

 

Grateful if you would like to comment on the above assumptions/statements.

Thanks....

Labels
Top Kudoed Authors