Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
slouw
Contributor

Created on ‎12-16-2023 12:38 AM Edited on ‎02-26-2024 05:28 AM By Community Manager

Why not advertised via BGP?

I have a loopback 10.222.80.1 configured (1)

I have advertised the same prefix in BGP. (2)

The BGP neighbor 10.4.10.1 in question is healthy with 159 routes received (3)

Why is this prefix not advertised via BGP? (4) 

 

2023-12-16 18h27m02 Why not advertised via BGP.png

 

Labels:
2053
0 Kudos
1 Solution
srajeswaran
Staff
Staff
In response to slouw

Created on ‎12-17-2023 09:39 PM

Each VRF routes are isolated so if your route is in VRF7, it will not be present in BGP databse/table on VRF1. You may configure VRF route leaking https://docs.fortinet.com/document/fortigate/6.4.0/new-features/834664/route-leaking-between-vrfs

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

1815
18 REPLIES 18
funkylicious
SuperUser
SuperUser

Created on ‎12-16-2023 04:37 AM Edited on ‎12-16-2023 04:37 AM

Hi,

My bet is since you are using another interface as update-source in BGP that you need to advertised that network, 10.4.10.34/32 into BGP, since u are using it as next-hop-self for all network advertised.

geek
geek
951
slouw
Contributor
In response to funkylicious

Created on ‎12-16-2023 03:01 PM

Thanks @funkylicious.
10.4.10.34 and 10.4.10.31 can ping each other. They are the 2 ends of the healthy BGP peer.
Below is the BGP summary from the other (hub) side.

 

2023-12-17 08h55m28 hub get bgp summary.png


I changed the router ID from 10.220.5.48 to the loopback 10.222.80.1 no change in outcome though.
Appreciate the suggestion though.... please share if any more ideas come!

920
0 Kudos
slouw
Contributor
In response to SassiVeeran

Created on ‎12-16-2023 03:05 PM

Post1:

"This command is not used to enable BGP on interfaces (as a matter of fact, there is no such concept in BGP, as there is in IGPs), but it is used to inject routes from the routing table to the BGP table so they can be advertised to BGP peers. For this to happen, an exact route for the prefix that needs to be advertised should be installed in the routing table on the BGP-speaking router."

This condition is met I think. My loopback address is 10.222.80.1/32 and advertised as such

Agree?

Post2: - More of less the same thing but discusses set network-import-check disable.

 

Thanks though...

917
Toshi_Esumi
SuperUser
SuperUser

Created on ‎12-16-2023 10:11 AM

Loopback interfaces are in "connected" routes just like any other interfaces. You have to redistribute them into BGP.

   config redistribute "connected"
       set status enable
   end

Toshi

931
slouw
Contributor
In response to Toshi_Esumi

Created on ‎12-16-2023 02:37 PM

Thanks @Toshi_Esumi 
Is this the only way to advertise into BGP?
config network /set prefix as in screenshot does nothing?
Thanks again

925
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to slouw

Created on ‎12-16-2023 08:26 PM

I'm talking about "redistribution" from connected routes into BGP. Not "advertisement", which is inside of BGP domain.
If you run "get router info bgp network", you wouldn't see the loopback interface IP in BGP table. If it's not in the table, you would never be able to "advertise" whatever the command, like "config network", you use. Because it's not there to be advertised.

 

Toshi

904
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎12-16-2023 08:50 PM

Hold on. Looks like I was wrong. When I set the network statement without re-distribution, it shows in my BGP table. So that's not the cause.

fg40f-utm (bgp) # show
config router bgp
--<snip>--
   config network
       edit 1
           set prefix 10.255.255.129 255.255.255.255
       next
   end
  config redistribute "connected"
   end
--<snip>--
end
fg40f-utm (root) # show sys int loop99
config system interface
   edit "loop99"
       set vdom "root"
       set ip 10.255.255.129 255.255.255.255
       set type loopback
       set snmp-index 32
   next
end


fg40f-utm (root) # get router info bgp network
--<snip>--
*> 10.255.255.129/32
                   0.0.0.0                       100  32768        0 i <-/1>

Toshi

894
slouw
Contributor
In response to Toshi_Esumi

Created on ‎12-16-2023 09:07 PM

@Toshi_Esumi really appreciate your help.

I wonder if you could help clarify the difference between advertise and redistribute.
I am familiar with BGP as implemented by cisco devices.

I was assuming that Fortigate would mean the same thing.

Let us establish what we do agree on:

A1. Any BGP implementation has a database of routes.

A2. This database of routes is exchanged with BGP neighbors subject to any rules/config e.g. filters, route-maps etc. etc.

A3. config redistribute connected This command injects all connected subnets into the aforementioned database (Assuming the interfaces are up). Such injected routes then will be propagated with all neighbors (subject to filtering/route-map manipulation etc as mentioned).

A4. set prefix 10.255.255.129 255.255.255.255 in context of your example above. IF this network is in the main routing table already then it will be injected into the BGP database and propagated as per A3.

 

Grateful if you would like to comment on the above assumptions/statements.

Thanks....

886
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.