This article describes the case of BGP default route advertisement with as-path prepending.
Table of Contents
Scope
FortiOS.
Solution
There are two links between FortiGates. A default route should be advertised from FGT2 to FGT1 via BGP and one link should be preferred over the other.
On FGT2 two route-maps must be present, one will be used to advertise only the default route and the second will be used to prepend AS for the less preferred link.
Configuration used on FGT2
FGT2 # show router static config router static end FGT2 # show router prefix-list config router prefix-list edit "default_route_only" config rule edit 1 set prefix 0.0.0.0 0.0.0.0 unset ge unset le next end next end FGT2 # show router route-map config router route-map edit "prepend_default_route" config rule edit 1 set set-aspath "65000 65000" next end next edit "default_route_only" config rule edit 1 set match-ip-address "default_route_only" next end next end FGT2 # show router bgp config router bgp set as 64500 set router-id 1.1.1.1 set graceful-restart enable config neighbor edit "10.100.0.1" set activate6 disable set capability-graceful-restart enable set soft-reconfiguration enable set remote-as 64496 next edit "10.1.0.2" set activate6 disable set capability-graceful-restart enable set capability-default-originate enable set soft-reconfiguration enable set remote-as 64501 set route-map-out "default_route_only" next edit "10.2.0.2" set activate6 disable set capability-graceful-restart enable set capability-default-originate enable set soft-reconfiguration enable set default-originate-routemap "prepend_default_route" set remote-as 64501 set route-map-out "default_route_only" next end ... end
Configuration used on FGT1
FGT1 # show router bgp config router bgp set as 64501 set router-id 9.9.9.9 set graceful-restart enable config neighbor edit "10.1.0.1" set activate6 disable set capability-graceful-restart enable set soft-reconfiguration enable set remote-as 64500 next edit "10.2.0.1" set activate6 disable set capability-graceful-restart enable set soft-reconfiguration enable set remote-as 64500 next end ... end
Status on FGT2
FGT2 # get router info routing-table database Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area V - BGP VPNv4 > - selected route, * - FIB route, p - stale info Routing table for VRF=0 B *> 0.0.0.0/0 [20/0] via 10.100.0.1 (recursive is directly connected, port34), 00:20:57, [1/0] C *> 10.1.0.0/24 is directly connected, port17 C *> 10.2.0.0/24 is directly connected, port18 C *> 10.100.0.0/24 is directly connected, port34 B *> 10.109.16.0/20 [20/0] via 10.100.0.1 (recursive is directly connected, port34), 00:21:24, [1/0] C *> 10.109.48.0/20 is directly connected, mgmt1 C *> 10.188.0.0/20 is directly connected, port25 FGT2 # get router info bgp summary VRF 0 BGP router identifier 1.1.1.1, local AS number 64500 BGP table version is 3 5 BGP AS-PATH entries 0 BGP community entries Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.0.2 4 64501 28 28 2 0 0 00:22:04 3 10.2.0.2 4 64501 30 28 3 0 0 00:22:03 3 10.100.0.1 4 64496 30 28 2 0 0 00:22:03 4 Total number of neighbors 3 FGT2 # get router info bgp neighbors 10.1.0.2 advertised-routes VRF 0 BGP table version is 3, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight RouteTag Path *> 0.0.0.0/0 10.1.0.1 100 32768 0 i <-/-> Total number of prefixes 1 FGT2 # get router info bgp neighbors 10.2.0.2 advertised-routes VRF 0 BGP table version is 3, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight RouteTag Path *> 0.0.0.0/0 10.2.0.1 100 32768 0 65000 65000 i <-/-> Total number of prefixes 1 FGT2 # show router static config router static end FGT2 #
Status on FGT1
FGT1 # get router info routing-table database Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area V - BGP VPNv4 > - selected route, * - FIB route, p - stale info Routing table for VRF=0 B *> 0.0.0.0/0 [20/0] via 10.1.0.1 (recursive is directly connected, port25), 00:23:33, [1/0] C *> 10.1.0.0/24 is directly connected, port25 C *> 10.2.0.0/24 is directly connected, port26 C *> 10.109.48.0/20 is directly connected, mgmt1 FGT1 # get router info bgp summary VRF 0 BGP router identifier 9.9.9.9, local AS number 64501 BGP table version is 2 3 BGP AS-PATH entries 0 BGP community entries Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.0.1 4 64500 33 34 1 0 0 00:24:31 1 10.2.0.1 4 64500 33 35 2 0 0 00:24:30 1 Total number of neighbors 2 FGT1 # get router info bgp neighbors 10.1.0.1 received-routes VRF 0 BGP table version is 2, local router ID is 9.9.9.9 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight RouteTag Path *> 0.0.0.0/0 10.1.0.1 0 0 64500 i <-/-> Total number of prefixes 1 FGT1 # get router info bgp neighbors 10.2.0.1 received-routes VRF 0 BGP table version is 2, local router ID is 9.9.9.9 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight RouteTag Path *> 0.0.0.0/0 10.2.0.1 0 0 64500 65000 65000 i <-/-> Total number of prefixes 1 FGT1 # show router static config router static end
Important: Note that the ‘prepend_default_route’ route-map rule does not contain match-ip-address. If the match-ip-address is specified (for example ‘route-map’ ‘default_route_only’) this would require having the route in the routing table (for example static blackhole route), otherwise this route-map would not be matched and the AS will not be prepended.