Description
This article explains how to check BGP advertised and received routes on a FortiGate.
Scope
FortiGate.
SolutionTopology:
EBGP peering between FGT1 and FGT2 is up. In this lab setup, both FGT units are advertising their Loopback interfaces via eBGP to each other.
Outputs from FGT1:
# FGT1# get router info bgp summary
BGP router identifier 3.3.3.3, local AS number 65003BGP table version is 112 BGP AS-PATH entries0 BGP community entriesNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.56.240.2 4 65004 670 667 10 0 0 2d15h37m 2Total number of neighbors 1FGT1 is advertising and is learning two routes. Command to verify the routes FGT1 is advertising to FGT2 is:
# get router info bgp neighbors <neighbor IP> advertised-routesEg:
FGT1 # get router info bgp neighbors 10.56.240.2 advertised-routesBGP table version is 11, local router ID is 3.3.3.3Status codes: s suppressed, d damped, h history, * valid, > best, i – internalOrigin codes: i – IGP, e – EGP, ? – incomplete Network Next Hop Metric LocPrf Weight RouteTag Path*> 3.3.3.3/32 10.56.240.1 100 32768 0 i*> 50.50.50.50/32 10.56.240.1 100 32768 0 iTotal number of prefixes 2
Commands to verify routes that FGT1 is receiving from the BGP peer FGT2 are:
# get router info bgp neighbors <neighbor IP> received-routes
# get router info bgp neighbors <neighbor IP> routes Command “get router info bgp neighbors <neighbor IP> routes” shows only filtered(in) received routes. If received routes aren’t filtered, then the output of these commands will be same.
Eg
:
# FGT1 # get router info bgp neighbors 10.56.240.2 received-routes
BGP table version is 11, local router ID is 3.3.3.3Status codes: s suppressed, d damped, h history, * valid, > best, i – internalOrigin codes: i – IGP, e – EGP, ? – incomplete Network Next Hop Metric LocPrf Weight RouteTag Path*> 4.4.4.4/32 10.56.240.2 0 0 65004 i*> 75.75.75.75/32 10.56.240.2 0 0 65004 iTotal number of prefixes 2
# FGT1 # get router info bgp neighbors 10.56.240.2 route
BGP table version is 11, local router ID is 3.3.3.3Status codes: s suppressed, d damped, h history, * valid, > best, i – internal, S StaleOrigin codes: i – IGP, e – EGP, ? – incompleteNetwork Next Hop Metric LocPrf Weight RouteTag Path*> 4.4.4.4/32 10.56.240.2 0 0 65004 i*> 75.75.75.75/32 10.56.240.2 0 0 65004 iTotal number of prefixes 2
# FGT1# get router info routing-table bgpRouting table for VRF=0B 4.4.4.4/32 [20/0] via 10.56.240.2, port1, 00:50:26B 75.75.75.75/32 [20/0] via 10.56.240.2, port1, 00:50:26
For testing purpose, filtering received routes on FGT1. Applied a prefix-list to allow only 75.75.75.75/32:
# FGT1 # config router prefix-list
edit “ALLOW-ONLY-75” config rule edit 1 set prefix 75.75.75.75 255.255.255.255 unset ge unset le next end nextend
# FGT1 # config router bgp
set as 65003 set router-id 3.3.3.3config neighbor edit “10.56.240.2” set soft-reconfiguration enable set prefix-list-in “ALLOW-ONLY-75” <—————–prefix-list filtering received routes set remote-as 65004 nextend
The below output is showing all received routes.
# FGT1 # get router info bgp neighbors 10.56.240.2 received-routes
BGP table version is 11, local router ID is 3.3.3.3Status codes: s suppressed, d damped, h history, * valid, > best, i – internalOrigin codes: i – IGP, e – EGP, ? – incomplete Network Next Hop Metric LocPrf Weight RouteTag Path*> 4.4.4.4/32 10.56.240.2 0 0 65004 i*> 75.75.75.75/32 10.56.240.2 0 0 65004 i Total number of prefixes 2Below output is showing only filtered(in) received routes.
# FGT1 # get router info bgp neighbors 10.56.240.2 route
BGP table version is 11, local router ID is 3.3.3.3Status codes: s suppressed, d damped, h history, * valid, > best, i – internal, S StaleOrigin codes: i – IGP, e – EGP, ? – incomplete Network Next Hop Metric LocPrf Weight RouteTag Path*> 75.75.75.75/32 10.56.240.2 0 0 0 65004 iTotal number of prefixes 1
# FGT1 # get router info routing-table bgpRouting table for VRF=0B 75.75.75.75/32 [20/0] via 10.56.240.2, port1, 00:55:45
Can filter specific subnets or routes based on AS number etc with the ‘grep’ keyword:
# get router info bgp neighbors <x.x.x.x> advertised-routes | grep < network subnet>
# get router info bgp neighbors <x.x.x.x> advertised-routes | grep <AS number>
Note: If an error shows up after running “get router info bgp neighbors <neighbor IP> received-route”, then enable “set soft-reconfiguration enable” command under the BGP neighbor.
Eg:
# FGT1 # get router info bgp neighbors 10.56.240.2 received-routes
% Inbound soft reconfiguration not enabledTo enable soft configuration:config router bgpconfig neighbor edit “10.56.240.2 set soft-reconfiguration enable endCommand: set soft-reconfiguration {enable | disable} -Enable/disable allow IPv4 inbound soft reconfiguration. Once enabled, FGT starts storing BGP neighbor-received updates.
Note:
To BGP to advertise any prefixes, the prefixes need to be installed on the RIB first, either by static routes, directly connected, or learned by other dynamic routing protocols. This is not a FortiOS design but how the BGP protocol works.
Comments are closed