- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ebgp
hello guys .
I have two internet links with which I bgp
The first question is that it says igp is in the original part of the best route table!!!
The second question is that, when entering our network, it comes from a different link. Is it possible to change the entry route?
Solved! Go to Solution.
Labels:
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
as you have two eBGP peers, do you mean receiving inbound traffic for the network 193.107.48.0/24 from the AS 42337 ? If that's the case, you'd need a route map to advertise routes to the less preferred eBGP peer with a longer AS Path
config router prefix-list
edit "corporate"
config rule
edit 1
set prefix 193.107.48.0 255.255.255.0
unset ge
set le 32
next
end
next
end
config router route-map
edit "lower_preference"
config rule
edit 1
set match-ip-address "corporate"
set set-aspath "200252 200252 200252"
next
end
next
end
config router bgp
config neighbor
edit "10.51.221.169"
set route-map-out "lower_preference"
end
end
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to explain your topology more precisely for anyone to comment on.
You have one FGT with two internet links with eBGP, right? You shouldn't see any iBGP routes.
Are you saying you still see BGP learned route with distance 200 in your routing-t table?
What kind of neighbors configured in BGP? Especially for ASNs. Do you have another neighbor (in addition to those over two internet links) configured with the same ASN?
Please share those neighbor config and actual routes in CLI you're asking about.
Toshi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
config router bgp
set as 200252
set router-id 100.0.0.1
set client-to-client-reflection disable
set ebgp-multipath enable
config neighbor
edit "10.51.221.169"
set remote-as 58224
next
edit "192.168.26.197"
set remote-as 42337
next
end
config network
edit 1
set prefix 193.107.48.0 255.255.255.0
next
end
config network6
edit 1
set prefix6 ::/128
next
end
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
FW-Chakavak (wan) # get router info bgp summary
VRF 0 BGP router identifier 100.0.0.1, local AS number 200252
BGP table version is 19
3 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.51.221.169 4 58224 44829 44203 19 0 0 1d17h53m 1
192.168.26.197 4 42337 39781 45752 19 0 0 1d17h53m 1
Total number of neighbors 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FW-Chakavak (wan) # get router info bgp neighbors
<A.B.C.D> neighbor IP
FW-Chakavak (wan) # get router info bgp neighbors
VRF 0 neighbor table:
BGP neighbor is 10.51.221.169, remote AS 58224, local AS 200252, external link
BGP version 4, remote router ID 172.16.143.1
BGP state = Established, up for 1d17h54m
Last read 00:00:20, hold time is 180, keepalive interval is 60 seconds
Configured hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received (new)
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised
Address family IPv6 Unicast: advertised
Received 44830 messages, 0 notifications, 0 in queue
Sent 44170 messages, 34 notifications, 0 in queue
Route refresh request: received 0, sent 0
NLRI treated as withdraw: 0
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 19, neighbor version 19
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
1 accepted prefixes, 1 prefixes in rib
2 announced prefixes
For address family: VPNv4 Unicast
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
0 accepted prefixes, 0 prefixes in rib
0 announced prefixes
For address family: IPv6 Unicast
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
0 accepted prefixes, 0 prefixes in rib
0 announced prefixes
Connections established 37; dropped 36
Local host: 10.51.221.170, Local port: 179
Foreign host: 10.51.221.169, Foreign port: 64240
Egress interface: 7
Nexthop: 10.51.221.170
Nexthop interface: wan1
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
Last Reset: 1d17h54m, due to BGP Notification sent
Notification Error Message: (CeaseUnspecified Error Subcode)
BGP neighbor is 192.168.26.197, remote AS 42337, local AS 200252, external link
BGP version 4, remote router ID 10.0.19.10
BGP state = Established, up for 1d17h54m
Last read 00:00:59, hold time is 180, keepalive interval is 60 seconds
Configured hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised
Address family IPv6 Unicast: advertised
Received 39780 messages, 1 notifications, 0 in queue
Sent 45741 messages, 12 notifications, 0 in queue
Route refresh request: received 0, sent 0
NLRI treated as withdraw: 0
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 19, neighbor version 19
Index 2, Offset 0, Mask 0x4
Community attribute sent to this neighbor (both)
1 accepted prefixes, 1 prefixes in rib
0 announced prefixes
For address family: VPNv4 Unicast
BGP table version 1, neighbor version 1
Index 2, Offset 0, Mask 0x4
Community attribute sent to this neighbor (both)
0 accepted prefixes, 0 prefixes in rib
0 announced prefixes
For address family: IPv6 Unicast
BGP table version 1, neighbor version 1
Index 2, Offset 0, Mask 0x4
Community attribute sent to this neighbor (both)
0 accepted prefixes, 0 prefixes in rib
0 announced prefixes
Connections established 14; dropped 13
Local host: 192.168.26.198, Local port: 11629
Foreign host: 192.168.26.197, Foreign port: 179
Egress interface: 8
Nexthop: 192.168.26.198
Nexthop interface: wan2
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
Last Reset: 1d17h54m, due to BGP Notification sent
Notification Error Message: (CeaseUnspecified Error Subcode)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is possible to do this???
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
as you have two eBGP peers, do you mean receiving inbound traffic for the network 193.107.48.0/24 from the AS 42337 ? If that's the case, you'd need a route map to advertise routes to the less preferred eBGP peer with a longer AS Path
config router prefix-list
edit "corporate"
config rule
edit 1
set prefix 193.107.48.0 255.255.255.0
unset ge
set le 32
next
end
next
end
config router route-map
edit "lower_preference"
config rule
edit 1
set match-ip-address "corporate"
set set-aspath "200252 200252 200252"
next
end
next
end
config router bgp
config neighbor
edit "10.51.221.169"
set route-map-out "lower_preference"
end
end
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you
your appreciate
Related Posts
- SD WAN and EBGP 160 Views
- Route filtering with a distribution list 546 Views
- BGP From Fortigate To Cisco not... 1338 Views
- Route redistribution from BGP to OSPF... 1159 Views
Labels
-
FortiGate
6,665 -
FortiClient
1,328 -
5.2
801 -
5.4
639 -
FortiManager
577 -
FortiAnalyzer
421 -
6.0
416 -
5.6
362 -
FortiSwitch
342 -
FortiAP
339 -
FortiClient EMS
271 -
FortiMail
253 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
158 -
6.4
128 -
FortiNAC
109 -
FortiGuard
106 -
FortiSIEM
91 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
77 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
66 -
4.0MR3
64 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
40 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
Firewall policy
29 -
SD-WAN
29 -
High Availability
24 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiAuthenticator
20 -
ZTNA
19 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
Interface
13 -
FortiDDoS
13 -
Logging
13 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
LDAP
11 -
fortilink
10 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSL SSH inspection
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SSO
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
4.0MR1
1 -
Users
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.