Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
San_man
New Contributor II

Created on ‎05-14-2023 10:33 PM

eBGP routes not showing up

Hi,

I am doing a lab setup where I have hit a problem with ebgp routes disappearing from the routing-database when ibgp routes shows up. I have not done any route manipulation on my BGP session at the moment. I would have thought that even if the route is not active it would appear in the routing-database (get router info routing-table database). I can see the routes being advertised and also received (get router info routing-table bgp neigh received-routes). 

The BGP sessions are over the tunnel and I am assuming that there would not be any difference.

Any help is appreciated. 

 

San

Labels:
6257
0 Kudos
1 Solution
srajeswaran
Staff
Staff
In response to srajeswaran

Created on ‎05-16-2023 07:13 AM

Fortigate adds below config by default to set local-preference to 100.

 

FGT # config router bgp

FGT (bgp) # show full | grep local-pre
set default-local-preference 100

 

IBGP carries the local-prefernce values within same AS and due to that reason you get route with local-preference 100 and thats the reason IBGP route is getting activated.

 

You can either set the "set default-local-preference 0" on the advertising device (IBGP neighbor) or apply a route-map in the receiving fortigate to make local-preference 0 for IBGP or another route-map to increase the local-preference to 200 for EBGP route.

 

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

6150
25 REPLIES 25
San_man
New Contributor II
In response to srajeswaran

Created on ‎05-16-2023 06:33 PM

I think my version is too old so below command did not seem to work for me. 

FTGT-SPOKE1 (bgp) # set default-local-preference 0

I used a route-map to increase the LP to 200 from the eBGP. 

Shouldn't the AD for ebgp be the selecting criteria for routes? 

 

FTGT-SPOKE1 # get router info bgp network
VRF 0 BGP table version is 4, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network       Next Hop    Metric   LocPrf Weight RouteTag Path
* i0.0.0.0/0 172.21.1.1         0      100 0 0 i <256/->
* i               172.22.1.1         0      100 0 0 i <256/->
*>               203.116.1.5      0       200 0 0 65111 ? <-

1704
0 Kudos
San_man
New Contributor II
In response to San_man

Created on ‎05-16-2023 06:45 PM Edited on ‎05-16-2023 06:45 PM

Shouldn't the AD for ebgp be the selecting criteria for routes? --> ah I found that AD is only for same routes if received from different routing protocol. 

1701
0 Kudos
The_Nude_Deer
Contributor
In response to srajeswaran

Created on ‎12-19-2023 04:17 AM

Hi Suraj, I wonder if you would be able to advise, as it seems this is my issue and I cant seem to solve it,  I have an SD-WAN with 2 IPSEC hub and spoke (IBGP) and then this goes to a cisco switch running  (EBGP)  if one of the tunnels goes down on one side, the switch on the other side , still thinks it has a valid route, but it cant as the VPN link is down, can you help at all?

1116
0 Kudos
srajeswaran
Staff
Staff
In response to The_Nude_Deer

Created on ‎12-19-2023 04:22 AM

Can you please share a simple topology diagram along with the route table entry from the switch (to confirm how it learns these destinations).

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1113
The_Nude_Deer
Contributor
In response to srajeswaran

Created on ‎12-19-2023 05:03 AM

Capture.PNG

 

DC1 is active and has the preferred interface in the SDWAN, if this goes down (I manually disable the ipsec interface) the LAN network now goes voa DC2, but the switch on DC2 side still believes the best way is via DC1 Switch:

 

* 192.168.1.0/24  X.X.2.1 0 65400 ?
*> 10.99.2.5 25600512 32768 ?

 

The best route has "32768" weight, so its prefered, but I cant set the weigh on the Neighbour higher like "4000" as it will then always prefer that route! hope that makes sense

 

1107
0 Kudos
Stephen_G
Moderator
Moderator
In response to The_Nude_Deer

Created on ‎12-19-2023 10:21 AM

Hello The_Nude_Deer, 

 

Thank you for posting. Your post appears to be a new issue. Instead of replying in this thread, can you please create a new thread instead? It will be easier for users and staff to follow which replies relate to which issue, and our moderation team can do our best to ensure you receive replies.

 

Thanks for understanding, 

Stephen

Stephen - Fortinet Community Team
1082
The_Nude_Deer
Contributor
In response to Stephen_G

Created on ‎12-20-2023 01:33 AM

its the same issue, easier to keep the same issues in one place rather that creating multiple threads?

1064
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to The_Nude_Deer

Created on ‎12-20-2023 08:14 AM Edited on ‎12-20-2023 08:24 AM

It's very difficult to separate my own old posts from your new issues when those are inserted in-between. And you don't know if the cause is the same as this original issue (if so you didn't have to post your issue). Most likely different.
Also the original post doesn't have any involvement of EIGRP.


Just start a new post then refer to the original thread by adding a link, which should be very easy to do.

Besides, you can't mark the best answer as "solved" since you didn't start this thread.

Toshi

1036
0 Kudos
Stephen_G
Moderator
Moderator
In response to The_Nude_Deer

Created on ‎12-20-2023 08:38 AM

Hello The_Nude_Deer,

 

I appreciate that this is a very similar issue, but this one has been solved by srajeswaran, so we would consider yours a new issue (even if it's essentially the same one with a different cause/different solution).

 

I really appreciate you trying to reduce topic clutter, but I think a new topic is justified here. Because you can't mark answers here as solutions, I think it'll be easier for future viewers to find solutions to your same issue in a new topic instead (especially since, as Toshi pointed out, the replies are already getting difficult to follow here).

 

These are the reasons for my request, which I hope make sense. Feel free to link to your new topic from here for anyone who follows it along later, and let me know if you have any more questions.

 

Thanks,

Stephen - Fortinet Community Team
1033
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to srajeswaran

Created on ‎05-16-2023 08:44 AM

Don't you consider this is a bug? If all the other factors above (1-6) are tie including local-pref, the eBGP route should take precedence over the same iBGP route.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-BGP-route-selection-process/ta-p/195932

 

Toshi

1738
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.