- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: eBGP routes not showing up
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
eBGP routes not showing up
Hi,
I am doing a lab setup where I have hit a problem with ebgp routes disappearing from the routing-database when ibgp routes shows up. I have not done any route manipulation on my BGP session at the moment. I would have thought that even if the route is not active it would appear in the routing-database (get router info routing-table database). I can see the routes being advertised and also received (get router info routing-table bgp neigh received-routes).
The BGP sessions are over the tunnel and I am assuming that there would not be any difference.
Any help is appreciated.
San
Solved! Go to Solution.
Labels:
- Labels:
-
FortiGate
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate adds below config by default to set local-preference to 100.
FGT # config router bgp
FGT (bgp) # show full | grep local-pre
set default-local-preference 100
IBGP carries the local-prefernce values within same AS and due to that reason you get route with local-preference 100 and thats the reason IBGP route is getting activated.
You can either set the "set default-local-preference 0" on the advertising device (IBGP neighbor) or apply a route-map in the receiving fortigate to make local-preference 0 for IBGP or another route-map to increase the local-preference to 200 for EBGP route.
Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
25 REPLIES 25
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you check if you are hitting the scenario given in https://community.fortinet.com/t5/FortiGate/Technical-Tip-BGP-routes-not-added-into-the-routing-tabl...
This article is about BGP and OSPF, but I think EBGP and IBGP are similar scenario
Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Suraj,
This is slightly different.
In the example both routes are visible in the routing database (#get router info routing-table database), but in my case the eBGP route is not visible in the database when the iBGP is learned. I am trying to learn default route from eBGP peer and iBGP peer.
However, when I do #get router info bgp network --> I can see all the learned routes there. In the output below there are 2 default route from iBGP and 1 from eBGP (neighbour 203.116.1.5). The local preference for the iBGP is 100 but the eBGP does not have any - could that be the reason? Weigh and metric is the same.
here is the output:
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path
*>i0.0.0.0/0 172.21.1.1 0 100 0 0 i <256/1>
*>i 172.22.1.1 0 100 0 0 i <256/2>
* 203.116.1.5 0 0 0 65111 i <-
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Even if you will change local-pref for eBGP route, at some point if all metrics are the same, eBGP route will win over iBGP route.
Adrian
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd say very much may be the reason, look at selection criteria for the best path:
- Choose the route with the highest weight.
- If weight is not set, choose the route with the highest local preference.
- Choose routes that this router originated.
- Choose the path with the shortest Autonomous System path.
- Choose the path with the lowest origin code (i is lowest, e is next, ? is last).
- Choose the route with the lowest MED, if the same Autonomous System advertises the possible routes.
- Choose an EBGP route over an IBGP route.
- Choose the route through the nearest IGP neighbor as determined by the lowest IGP metric.
- Choose the oldest route
- Choose a path through the neighbor with the lowest router ID.
- Choose a path through the neighbor with the lowest IP address.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
you mean your FGT gets the same routes both - via eBGP and iBGP? AD of eBGP is 20 while of iBGP is 200, so unless you do some manipulation on FGT (redistribute, route-map assigning weight etc. to the learned routes) this should not be possible.
Personal opinion: I've seen bugs and problems with routing protocols in FGT over years, but not like that, and is strongly inclined that something in setup/configuration is causing this, not FGT itself.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Yuri,
Yeah I will have a further look at my configuration. I was also hoping that the eBGP route would be installed as well. On the advertising FTGT I have tried capability-default-originate to redistribute static just to see if that matters as well and played with few other configs. The BGP is over a tunnel but I don't think that would matter.
Here is the neighbor config on the router that is receiving the route. 203.116.1.5 neighbor is external and the second neighbor is internal.
edit "203.116.1.5"
set soft-reconfiguration enable
set interface "Prisma"
set remote-as 65111
set keep-alive-timer 10
set holdtime-timer 30
set connect-timer 5
set update-source "Prisma"
next
config neighbor
edit "172.21.1.1"
set next-hop-self enable
set soft-reconfiguration enable
set interface "Spoke-HUB1"
set remote-as 65001
set keep-alive-timer 10
set holdtime-timer 30
set connect-timer 5
set update-source "Spoke-HUB1"
set additional-path both
set adv-additional-path 8
I will have a second look at the config.
san
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Interesting behavior. I tested the same and I can see the IBGP route is preferred by default and we need to apply a route-map to increase the local-preference of EBGP route to make it preferred.
I will update if I manage to find the possible reasons for this behavior.
Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate adds below config by default to set local-preference to 100.
FGT # config router bgp
FGT (bgp) # show full | grep local-pre
set default-local-preference 100
IBGP carries the local-prefernce values within same AS and due to that reason you get route with local-preference 100 and thats the reason IBGP route is getting activated.
You can either set the "set default-local-preference 0" on the advertising device (IBGP neighbor) or apply a route-map in the receiving fortigate to make local-preference 0 for IBGP or another route-map to increase the local-preference to 200 for EBGP route.
Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Suraj,
Thank you for testing it out. I was suspecting of the local preference in on of my messages but did not have the time to test it out. I will find sometime to try it out hopefully today.
BTW, what version are you running on. I was on an older version 6.4.8. I had some ebgp and ibgp set up before but had not encountered this issues.
Related Posts
- BGP From Fortigate To Cisco not... 1198 Views
- Route redistribution from BGP to OSPF... 1110 Views
- OCVPN/ADVPN and (e|i)BGP integrations 493 Views
- static route is not showing in... 957 Views
- Static route is showing but not... 1069 Views
Labels
-
FortiGate
6,446 -
FortiClient
1,287 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
410 -
5.6
362 -
FortiSwitch
331 -
FortiAP
326 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
66 -
4.0MR3
64 -
Wireless Controller
57 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
DNS
11 -
Interface
11 -
BGP
10 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.