FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Xav_FTNT
Staff
Staff

Description


This article describes the steps to announce multiple routes with one summary route in BGP.


Scope


All FortiGate or VDOM running in NAT mode.


Diagram


Expectations, Requirements

In this article is the summary of the following connected networks:

 * 10.162.0.0/255.255.254.0
 * 10.162.2.0/255.255.254.0
 * 10.162.4.0/255.255.254.0

=> As the following summarized route:
 * 10.162.0.0/16


Configuration

 

FGT-AS162  is the FortiGate on which is the configuration of the route summary.

 
# FGT-AS162 (bgp) # show

config router bgp
        config aggregate-address
            edit 1
                set prefix 10.162.0.0 255.255.0.0
                set summary-only enable
            next
        end
    set as 162

        config neighbor
            edit 10.142.0.110
                set remote-as 1
            next
        end

        config network
            edit 1
                set prefix 10.162.0.0 255.255.254.0
            next
            edit 2
                set prefix 10.162.2.0 255.255.254.0
            next
            edit 3
                set prefix 10.162.4.0 255.255.254.0
            next
        end

        config redistribute "connected"
        end

        config redistribute "rip"
        end

        config redistribute "ospf"
        end

        config redistribute "static"
        end

    set router-id 10.142.0.114
end

 


Verification

 

FGT_ISP is ISP's border router.

FGT-AS162 is the FortiGate on which is the configuration to the route summary.
 
The following commands will be used:
 
# get router info bgp summary
# get router info bgp neighbors
# get router info bgp network
# get router info routing-table all
 
FGT-AS162

 

FGT-AS162 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

S* 0.0.0.0/0 [10/0] via 192.168.183.254, port1
B 1.1.1.1/32 [20/0] via 10.142.0.110, port2, 01:03:29
C 10.142.0.0/23 is directly connected, port2
B 10.160.0.0/23 [20/0] via 10.142.0.110, port2, 00:02:07
B 10.162.0.0/16 [20/0] is a summary, Null, 00:12:16
C 10.162.0.0/23 is directly connected, port3
C 10.162.2.0/23 is directly connected, port5
C 10.162.4.0/23 is directly connected, port6
B 192.168.0.0/16 [20/0] via 10.142.0.110, port2, 01:03:29
B 192.168.0.0/21 [20/0] via 10.142.0.205, port2, 01:03:29
B 192.168.168.0/24 [20/0] via 10.142.0.110, port2, 01:03:29
C 192.168.182.0/23 is directly connected, port1


See above the null route in the routing table in order to prevent routing loops.

 

FGT-AS162 # get router info bgp network
BGP table version is 9, local router ID is 10.142.0.114
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.142.0.110 0 0 1 ?
*> 10.160.0.0/23 10.142.0.110 0 0 1 i
*> 10.162.0.0/16 0.0.0.0 32768 i <<<< THIS IS THE SUMMARY THAT WILL BE SENT
s> 10.162.0.0/23 0.0.0.0 100 32768 i
s> 10.162.2.0/23 0.0.0.0 100 32768 i
s> 10.162.4.0/23 0.0.0.0 100 32768 i
*> 192.168.0.0/16 10.142.0.110 0 0 1 ?
*> 192.168.0.0/21 10.142.0.205 0 0 1 2 i
*> 192.168.168.0 10.142.0.110 0 0 1 ?
Total number of prefixes 9

 

See above the 's' letter that is preceding each route that is suppressed by BGP. 


FGT_ISP

 

FGT_ISP (bgp) # get router info bgp network
BGP table version is 18, local router ID is 10.142.0.110
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

 

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 192.168.183.254 32768 ?
*> 10.160.0.0/23 0.0.0.0 100 32768 i
*> 10.162.0.0/16 10.142.0.114 0 0 162 i
*> 192.168.0.0/16 192.168.183.254 32768 ?
*> 192.168.0.0/21 10.142.0.205 0 0 2 i
*> 192.168.168.0 192.168.183.254 32768 ?

 

Total number of prefixes 6

 

FGT_ISP (bgp) # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

 

S 1.1.1.1/32 [10/0] via 192.168.183.254, port1
C 10.142.0.0/23 is directly connected, port6
C 10.160.0.0/23 is directly connected, port2
B 10.162.0.0/16 [20/0] via 10.142.0.114, port6, 01:04:08 <<<< THIS IS THE SUMMARY RECEIVED ON THE PEER
S 192.168.0.0/16 [10/0] via 192.168.183.254, port1
B 192.168.0.0/21 [20/0] via 10.142.0.205, port6, 19:30:25
S 192.168.168.0/24 [10/0] via 192.168.183.254, port1
C 192.168.182.0/23 is directly connected, port1


Troubleshooting


Related Articles

Technical Note: Static NAT VIP accessible from 2 external interfaces with E-BGP peerings (dual-homin...

Contributors