Hi, guys! I have FG200F, 2 ISP peers established connection with options "Enforce eBGP multihop" and "soft reconfiguration", one of them(marked as IGP) is "best-path", second is "Incomplete". Option "EBGP multi path" enabled in best path selection section. Prefix advertised to both peers, two path for 0.0.0.0 avaible. However, customers using different providers have random access to mapped sites - tested, no ping. Looking Glass ping services shows different results. Links work well independently though. I tried to use different maps-in and out, but to no avail. BGPview.io shows 2 peers and draws Graphs. What seems to be a problem?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What is actually "a problem"? You seem to have your own public subnets advertising two network providers equally. Those subnets are available via both providers for the rest of the internet without any prioritization. Then depending on where the customers are or what provider they use and which your provider is "closer" to their provider they might come through one path over the other or opposite. And, you don't have any control over it and it might change any moment. Isn't that your design?
Toshi
Your FG200F's BGP setup is displaying inconsistent routing:
BGP Path Selection: Even with two paths for 0.0.0.0, only one will be chosen based on BGP criteria. Check BGP attributes to ensure proper path selection.
Incomplete Path: Investigate why the second path is 'Incomplete'; this can affect route decisions.
AS Path & Other Attributes: Verify there are no unintentional AS Path prependings or modifications that might influence selection.
Routing Policy: Ensure your route-maps aren't filtering or modifying BGP attributes in a way that hinders proper route propagation.
External Factors: Be aware that ISP or internet-wide issues can affect route propagation.
Monitoring & Debugging: Use FortiGate commands (get router info bgp summary
& get router info bgp routes
) to review BGP statuses.
Finally, consider consulting your ISPs' support teams and potentially Fortinet support for deeper analysis.
So, referring to https://community.fortinet.com/t5/FortiGate/Technical-Tip-BGP-AS-Path-Prepending-Configuration-Examp... i tried to make "incomplete" pass less preferable by setting the route map-out with triple AS number. It works somehow, but has impact on SD-WAN sessions - now all traffic goes through "best-path" regardless of load balancing rule. Both links have default localpref=100
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.