Skip to Content

How to fix BGP routing issue when redistribute connected routes is enabled

By: Author Alex Lim

Posted on

Categories Troubleshooting

This article explains an issue with ADVPN with BGP as a routing protocol when redistributing connected routes is enabled.

Scope

An issue with some of the BGP neighbors will not going to establish or stay on the Active status when redistribute connected routes is enabled on ADVPN with BGP as routing protocol setup.

An issue with some of the BGP neighbors will not going to establish or stay on the Active status when redistribute connected routes is enabled on ADVPN with BGP as routing protocol setup.

Network Topology:

Network Topology

This issue occur because of a shortcut path created between Spoke1 and Spoke2. The tunnel IP of Spoke2 is seen as a connected route from Spoke1.

This issue occur because of a shortcut path created between Spoke1 and Spoke2. The tunnel IP of Spoke2 is seen as a connected route from Spoke1.

Since the redistribute connected routes is enabled, Spoke1 will go to advertise the route on the BGP because of this the HUB FortiGate will see the remote IP 10.10.10.4 route being received on the Spoke1.

Since the redistribute connected routes is enabled, Spoke1 will go to advertise the route on the BGP because of this the HUB FortiGate will see the remote IP 10.10.10.4 route being received on the Spoke1.

This is the reason why BGP neighborship between HUB FortiGate and Spoke2 FortiGate is failing due to routing issue.

Solution

The first option is to disable the redistribution for the connected routes, but when redistributing routes for connected routes is needed proceed with the second solution.
The second option is to create a redistribute filter on the BGP configuration of the Spoke FortiGate that is advertising the route.

Network –> BGP –> IPv4 Redistribute

If the connected route is enabled there will be two options (All or Filter):

Step 1: Select Filter.

Step 2: Create a Route Map:

  • Create New Rules.
  • Leave the action to Permit.
  • Enable Match IP address then create a prefix list.

Step 3: Create a Prefix list:

  • Create a deny rule first for the spoke tunnel IP to block.
  • Then create a permit any rule on the bottom.

Sample Prefix list:

Sample Prefix list

Select the prefix list created on the Route Map Rules ‘Match IP address’ and then Apply.

Select the prefix list created on the Route Map Rules 'Match IP address' and then Apply.

Select the Route Map created on the Redistribute Connected Route filter.

Note:

Create a Redistribute Connected Filter as well on the other spoke blocking the other Tunnel IP to be advertised.

Once All the tunnel IP addresses were blocked to be advertised via BGP, the routing table on the Hub FortiGate should look like this.

All of the tunnel IPs are being advertised on the correct peering devices.

All of the tunnel IPs are being advertised on the correct peering devices.

The BGP peer on all of the neighbors will now be Established:

The BGP peer on all of the neighbors will now be Established.