Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vex
New Contributor II

Static and dynamic routing, RPF problems, default routes

Hello.

 

I have 3 subnets /28 and 1 subnet /29 that are routed over PTP /30 link. And default route is added as static in routing table.

 

Recently my organization acquired AS number and new /24 subnet. I made BGP with one provider that is also provider of old subnets mentioned above. They are sending me only default route.

 

My problem is that default route learned from BGP is not injected into routing table because of static default route. So all outbound traffic with new subnet over BGP is done with policy routing and it is working but inbound traffic that comes on BGP peer interface is dropped because of RPF. It checks path and drops packet.

 

I have to change all public addresses from old ranges to new range. It would be great if both ranges are available at the same time from outside so that I can gradually switch.

 

My provider tried with full BGP table but behavior is the same.

 

Is there a way to have both default routes in main table so that I don't have to kill static route and then rely on faith that everything will be fine when switching all IP addresses in one night?

 

Help would be much appreciated.

1 Solution
jintrah_FTNT

ok, in that case you can use static default route via 188.129.9.53/peer ip so that it gets to the route-table along with other default route present. There is no conflict.

 

best regards,

Jin

View solution in original post

12 REPLIES 12
jintrah_FTNT
Staff
Staff

hi,

 

you can try changing the distance of static route to match that with bgp, and get the 2 default routes in route-table.

 

best regards,

Jin

jintrah_FTNT

Default distance of static route here is 10, you can change it to 20 instead to match the ebgp distance.

 

best regards,

Jin

 

 

vex
New Contributor II

Hi.

 

I've already tried that and did not make the difference. Still, static route was best route. I even tried to change priority of static route. Same behavior.

srajeswaran
Staff
Staff

Do you have " strict-src-check " enabled? Can we disable and check?

https://community.fortinet.com/t5/FortiGate/Technical-Note-Reverse-Path-Forwarding-RPF-implementatio...

 

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

vex
New Contributor II

Hi.

 

I don't have this option enabled. By default is disabled and I did not enabled it. So feasible is in use.

jintrah_FTNT

I guess a better option is to use bgp on both the links so that bgp takes care of the default routes across both the links. Or, you may want add another default route through the new link so that 2 default route co-exist in the route table.

 

best regards,

Jin

vex
New Contributor II

Hi.

 

Provider don't want to connect another BGP because of small subnets. So that option is not available.

 

If I add second static route pointing to BGP and I'm already receiving default route via BGP wont that cause conflict? That was actually one of my choices but never done it. 

 

Thank you.

jintrah_FTNT

ok, in that case you can use static default route via 188.129.9.53/peer ip so that it gets to the route-table along with other default route present. There is no conflict.

 

best regards,

Jin

vex
New Contributor II

Hi.

 

Thanks. I will try that today at night and get back here with results.

Labels
Top Kudoed Authors