I have a loopback 10.222.80.1 configured (1)
I have advertised the same prefix in BGP. (2)
The BGP neighbor 10.4.10.1 in question is healthy with 159 routes received (3)
Why is this prefix not advertised via BGP? (4)
Solved! Go to Solution.
Each VRF routes are isolated so if your route is in VRF7, it will not be present in BGP databse/table on VRF1. You may configure VRF route leaking https://docs.fortinet.com/document/fortigate/6.4.0/new-features/834664/route-leaking-between-vrfs
Hi,
My bet is since you are using another interface as update-source in BGP that you need to advertised that network, 10.4.10.34/32 into BGP, since u are using it as next-hop-self for all network advertised.
Thanks @funkylicious.
10.4.10.34 and 10.4.10.31 can ping each other. They are the 2 ends of the healthy BGP peer.
Below is the BGP summary from the other (hub) side.
I changed the router ID from 10.220.5.48 to the loopback 10.222.80.1 no change in outcome though.
Appreciate the suggestion though.... please share if any more ideas come!
Hi,
You may refer link here to find out possible cause for route not advertise to the neighbor.
Post1:
"This command is not used to enable BGP on interfaces (as a matter of fact, there is no such concept in BGP, as there is in IGPs), but it is used to inject routes from the routing table to the BGP table so they can be advertised to BGP peers. For this to happen, an exact route for the prefix that needs to be advertised should be installed in the routing table on the BGP-speaking router."
This condition is met I think. My loopback address is 10.222.80.1/32 and advertised as such
Agree?
Post2: - More of less the same thing but discusses set network-import-check disable.
Thanks though...
Loopback interfaces are in "connected" routes just like any other interfaces. You have to redistribute them into BGP.
config redistribute "connected"
set status enable
end
Toshi
Thanks @Toshi_Esumi
Is this the only way to advertise into BGP?
config network /set prefix as in screenshot does nothing?
Thanks again
I'm talking about "redistribution" from connected routes into BGP. Not "advertisement", which is inside of BGP domain.
If you run "get router info bgp network", you wouldn't see the loopback interface IP in BGP table. If it's not in the table, you would never be able to "advertise" whatever the command, like "config network", you use. Because it's not there to be advertised.
Toshi
Hold on. Looks like I was wrong. When I set the network statement without re-distribution, it shows in my BGP table. So that's not the cause.
fg40f-utm (bgp) # show
config router bgp
--<snip>--
config network
edit 1
set prefix 10.255.255.129 255.255.255.255
next
end
config redistribute "connected"
end
--<snip>--
end
fg40f-utm (root) # show sys int loop99
config system interface
edit "loop99"
set vdom "root"
set ip 10.255.255.129 255.255.255.255
set type loopback
set snmp-index 32
next
end
fg40f-utm (root) # get router info bgp network
--<snip>--
*> 10.255.255.129/32
0.0.0.0 100 32768 0 i <-/1>
Toshi
@Toshi_Esumi really appreciate your help.
I wonder if you could help clarify the difference between advertise and redistribute.
I am familiar with BGP as implemented by cisco devices.
I was assuming that Fortigate would mean the same thing.
Let us establish what we do agree on:
A1. Any BGP implementation has a database of routes.
A2. This database of routes is exchanged with BGP neighbors subject to any rules/config e.g. filters, route-maps etc. etc.
A3. config redistribute connected This command injects all connected subnets into the aforementioned database (Assuming the interfaces are up). Such injected routes then will be propagated with all neighbors (subject to filtering/route-map manipulation etc as mentioned).
A4. set prefix 10.255.255.129 255.255.255.255 in context of your example above. IF this network is in the main routing table already then it will be injected into the BGP database and propagated as per A3.
Grateful if you would like to comment on the above assumptions/statements.
Thanks....
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.