How to Check BGP Advertised and Received Routes on a FortiGate
This article provides a detailed explanation of the process for verifying BGP advertised and received routes on a FortiGate device.
To check BGP advertised and received routes on a FortiGate device, follow these detailed steps:
1. Verify BGP Peering Status
Before checking the advertised and received routes, ensure that the BGP peering is established correctly. Use the following command to get a summary of the BGP status:
get router info bgp summary
This command provides an overview of the BGP router identifier, local AS number, number of neighbors, and their states.
2. Check Advertised Routes
To see which routes your FortiGate (let’s call it FGT1) is advertising to its BGP neighbor (FGT2), use the following command:
get router info bgp neighbors advertised-routes
Replace with the IP address of your BGP neighbor (e.g.,
10.56.240.2
). The output will show you all the prefixes that FGT1 is advertising to FGT2 along with their next hop information.
Example Command:
get router info bgp neighbors 10.56.240.2 advertised-routes
Expected Output:
You will see details such as:
- Network prefixes being advertised.
- Next hop addresses.
- Metrics and path information.
3. Check Received Routes
To verify which routes FGT1 is receiving from FGT2, use one of the following commands:
get router info bgp neighbors received-routes
or
get router info bgp neighbors routes
Again, replace with
10.56.240.2
. The first command shows all received routes while the second shows only filtered (in) received routes if any filtering is applied.
Example Command:
get router info bgp neighbors 10.56.240.2 received-routes
Expected Output:
The output will list all prefixes received from FGT2 along with their attributes such as:
- Status codes indicating validity.
- Origin codes.
- Next hop addresses.
4. Filtering Received Routes
If you want to filter specific subnets or routes based on criteria like AS numbers or specific prefixes, you can configure prefix lists in your BGP settings:
Step-by-Step Configuration:
-
Enter configuration mode for prefix lists:
config router prefix-list
-
Create a new prefix list:
edit "ALLOW-ONLY-75"
-
Define rules for allowed prefixes:
config rule edit 1 set prefix 75.75.75.75 255.255.255.255 unset ge unset le next end
-
Apply this prefix list to your BGP neighbor configuration:
config router bgp config neighbor edit "10.56.240.2" set soft-reconfiguration enable set prefix-list-in "ALLOW-ONLY-75" set remote-as 65004 next end
After applying these configurations, you can re-run the commands to see how filtering affects the displayed received routes.
5. Additional Notes
If you encounter an error stating that inbound soft reconfiguration is not enabled when trying to view received routes, ensure that soft reconfiguration is enabled for your BGP neighbor using:
set soft-reconfiguration enable
This allows FortiGate to store updates from its peers for later reference.
Authoritative Sources Used in Answering this Question:
Fortinet Documentation - Official documentation providing detailed instructions on configuring and managing FortiGate devices including BGP operations.
Network Engineering Stack Exchange - A community-driven Q&A platform where network professionals discuss best practices and troubleshooting techniques related to routing protocols like BGP.
Cisco Networking Academy - Educational resources covering networking concepts including routing protocols and their configurations across various platforms including FortiGate devices.