Border Gateway Protocol (BGP)

BGP conditional advertisements

Normally, routes are propagated regardless of the existence of a different path. The BGP conditional advertisement feature allows a route not to be advertised based on existence or non-existence of other routes. With this new feature, a child table under bgp.neighbor is introduced. Any route matched by one of the route-map specified in the table will be advertised to the peer based on the corresponding condition route-map.

You can enable and disable conditional advertisements using the CLI.

 

To configure BGP conditional advertisements – CLI:

config router bgp set as 3

config neighbor

edit “10.10.10.10” set remote-as 3

config conditional-advertise

edit “route-map-to-match-sending”

set condition-routemap “route-map-to-match-condition” set condition-type [exist | non-exist]

next end

next end

 

BGP Neighbor Groups

The BGP Neighbor Groups feature allows a large number of neighbors to be configured automatically based on a range of neighbors’ source addresses.

 

To configure BGP Neighbor Groups – CLI:

Start by adding a BGP neighbor group:

config router bgp

config neighbor-group

edit <neighbor-group-name>

set remote-as 100

(All options for BGP neighbor are supported except password.)

 

end

Then add a BGP neighbor range:

 

config router bgp

config neighbor-range

edit 1

set prefix 192.168.1.0/24 set max-neighbor-num 100

set neighbor-group <neighbor-group-name>

next end

 

Network Layer Reachability Information (NLRI)

Network Layer Reachability Information (NLRI) is unique to BGP-4. It is sent as part of the update messages sent between BGP routers, and contains information necessary to supernet, or aggregate route, information. The

NLRI includes the length and prefix that when combined are the address of the aggregated routes referred to. There is only one NLRI entry per BGP update message.

BGP attributes

Each route in a BGP network has a set of attributes associated with it. These attributes define the route, and are modified as required along the route.

BGP can work well with mostly default settings, but if you are going to change settings you need to understand the roles of each attribute and how they affect those settings.

The BGP attributes include:

AS_PATH    A list of ASes a route has passed through. See AS_PATH on page 346.

MULTI_EXIT_DESC (MED)        Which router to use to exit an AS with more than one external connection.

See MULTI_EXIT_DESC (MED) on page 346.

COMMUNITY     Used to apply attributes to a group of routes. See COMMUNITY on page 347.

NEXT_HOP                                 Where the IP packets should be forwarded to, like a gateway in static rout- ing. See NEXT_HOP on page 347.

ATOMIC_AGGREGATE            Used when routes have been summarized to tell downstream routers not to de-aggregate the route. See ATOMIC_AGGREGATE on page 347.

ORIGIN             Used to determine if the route is from the local AS or not. See ORIGIN on page 348.

LOCAL_PREF   Used only within an AS to select the best route to a location (like MED)

Inbound policies on FortiGate units can change the NEXT-HOP,LOCAL-PREF, MED and AS-PATH attributes of an internal BGP (iBGP) route for its local route selection purposes. However, outbound policies on the unit cannot affect these attributes.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

6 thoughts on “Border Gateway Protocol (BGP)

  1. piccolo

    Hi Mike,
    if i configure the following on fortigate1:
    config router bgp
    set as 65000
    set router-id 10.2.2.254
    config neighbor
    edit “10.2.2.253”
    set next-hop-self enable
    set remote-as 65000
    set send-community6 disable
    next

    config redistribute “static”
    set status enable
    end

    fortigate2 should get the default route 0.0.0.0 0.0.0.0 from fortigate1 as it is static ?

    how can i redistribute the default route(fortigate1) to fortigate2 ?

    thanks
    regards

    Reply
    1. Mike Post author

      There is a really good KB article that explains how to do this. You can find it here

      If you want to redistribute static routes you would enable the following

      config router bgp
      config redistribute static
      set status enable
      end
      end

      An example of the config would be like this

      config router prefix-list
      edit “only_dflt”
      config rule
      edit 1
      set prefix 0.0.0.0 0.0.0.0
      unset ge
      unset le
      next
      end
      next
      end

      config router route-map
      edit “only_default_route”
      config rule
      edit 1
      set match-ip-address “only_dflt”
      next
      end
      next
      end

      config router bgp
      set as 2
      config neighbor
      edit 10.142.0.110
      set remote-as 1
      set route-map-in “only_default_route”
      next
      end

      set router-id 10.142.0.205
      end

      Let me know if this helped answer your question!

      Thanks!

      Reply
  2. kamal

    config router bgp
    set as 65041
    set router-id 162.53.156.138
    config neighbor
    edit “10.104.55.1”
    set ebgp-enforce-multihop enable
    set soft-reconfiguration enable
    set remote-as 64699
    set send-community6 disable
    next
    edit “10.104.55.2”
    set ebgp-enforce-multihop enable
    set soft-reconfiguration enable
    set remote-as 64699
    set send-community6 disable
    next

    i am trying to accomplish above but i can see only one neighbour is establish and other is in ACTIVE state…

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.