Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MustphaBassim
New Contributor III

in/out filter on BGP

Hello Dears

 

I am trying to add a route map on BGP out filter as below :

network 1 : 100.68.0.10/32

network 2 : 100.68.0.12/32

network 3 : 100.65.0.144/28

network 4 : 100.65.0.226/32

it's allowing only /32 networks but the /28 network is not announcing to neighbor take in mind all 4 networks are static route redistributed

and also I am trying to filter the out network to the neibhour but it is not working using route map and access-list

 

Bests

6 REPLIES 6
jintrah_FTNT
Staff
Staff

hi,

 

Could you please post the output of command,

 

#get router info routing-table details 100.65.0.144

 

best regards,

Jin

MustphaBassim

FortiGate-601E-1 # get router info routing-table details 100.65.0.144

Routing table for VRF=0
Routing entry for 100.65.0.144/28
Known via "static", distance 240, metric 0
vrf 0 100.64.0.2, via port3

Routing entry for 100.65.0.144/28
Known via "ospf", distance 110, metric 11, best
Last update 3d01h01m ago
* vrf 0 100.64.0.2, via port3

 

here it's dear

Ade_23

Hello MustphaBassim 

 

Based on this output, the static route is not being used in your network and BGP will not try to advertise a route that it is not using. Since the OSPF route is in use, can you try redistributing OSPF? 

As for filtering outbound routes, please take a look at this kb article for more info: https://community.fortinet.com/t5/FortiGate/Technical-Tip-BGP-ORF-Outbound-Route-Filtering/ta-p/2063...

funkylicious
SuperUser
SuperUser

I would suggest this:

- use prefix-list to filter in/out prefixes from/to neighbors

- advertise under, config network > edit <> > set prefix <> , the directly connected prefixes and from other protocols just to be sure

- advertise under, config redistribute ospf , the 100.65.0.144/28 network.

---------------------------
geek
---------------------------
---------------------------geek---------------------------
MustphaBassim

Hello Dear 
the issue I the need to filter more than one network (in/out) so does route map is ok ? 

Toshi_Esumi
SuperUser
SuperUser

Are you saying the /28 is in the routing table but not in BGP table?
"get router info bgp network 10.65.0.144/28"

For filtering I would suggest matching those with a prefix-list then use it in in/out route-maps.

 

Toshi

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors