Description | This article describes issues where BGP advertising does not occur for a network defined under the ‘network’ command and offers possible solutions. |
Scope | All supported FortiGate models. |
Solution |
Introduction:
Consider the following topology:
Consider the following BGP configuration (only the relevant settings are shown):
FortiGate 1:
config system interface edit "port2" set vdom "root" set ip 10.11.12.1 255.255.255.252 end config router bgp set as 65500 set router-id 10.9.11.84 config neighbor edit "10.9.10.209" set remote-as 65500 next end config network edit 1 set prefix 10.11.12.0 255.255.255.0 <- Misconfigured subnet mask, thus will not be advertised to peer. next end end
FortiGate 2:
config system interface config router bgp set as 65500 set router-id 10.9.10.209 config neighbor
Troubleshooting Scenario:
In FortiGate 1, the port2 subnet is 10.11.12.0/30. However, the subnet mask used in the ‘network’ command is 10.11.12.0/24. This will not allow FortiGate 1 to advertise the subnet to FGT-2.
Upon running the following commands, the results are as follows:
FortiGate 1:
get router info bgp neighbors 10.9.10.209 advertised-routes <- Will not show the subnet as an advertised route.
FortiGate 2:
get router info bgp neighbors 10.9.11.84 received-routes <- Will not show the subnet as a received route.
Possible solutions:
In order to advertise subnet 10.11.12.0/30 on FortiGate 1 to FortiGate 2, implement any of the following three solutions:
Note that solution 3 will force FortiGate 1 to advertise all connected subnets to FortiGate 2. If this not desired, use solution 1 or 2.
Note: after implementing any solution, allow some time for the BGP process to update routing information. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.