Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Implementing route discovery with BGP

Network route discovery is facilitated by BGP and EBGP, which prevent the redistribution of routes learned that are contained in the same autonomous system number as the host. Also, EBGP influences route selection on the branches because of AS-Path prepending.

Enable ebgp-multipath to allow the FortiGate to dynamically discover multiple paths for networks advertised at branches.

Configure neighbor-range and neighbor-group to allow peering relationships to be established without defining each individual peer. The branch IPsec VPN tunnel interface addresses must be in the BGP peer range.

The BGP configuration includes:
  • Enabling ebgp-multipath
  • Enabling soft-reconfiguration, link-down-failover, and ebgp-enforce-multihop for each BGP peer in the neighbor group
  • Adding the branch remote-as (which is 65501) to each peer configuration
  • Setting the prefix for the neighbor range to the network matching the BGP peers
  • Configuring a network with the prefix of the network advertised into BGP

To facilitate the fastest route failovers, the following timers are set to their lowest values:

  • scan-time
  • advertisement-interval
  • keep-alive timer
  • holdtime-timer

config router bgp

set as 65500

set router-id 10.10.0.1

set ebgp-multipath enable

set scan-time 5

set graceful-restart enable

config neighbor-group

edit "branch-peeers-1"

set advertisement-interval 1

set link-down-failover enable

set soft-reconfiguritation enable

set remote-as 65501

set keep-alive-timer 1

set holdtime-timer 3

set ebgp-enforce-multihop enable

next

edit "branch-peers-2"

set advertisment-inteval 1

set link-downfailover enable

set remote-as 65501

set keep-alive-timer 1

set holdtime-timer 3

set ebgp-enforce-multihop enable

next

end

config neighbor-range

edit 1

set prefix 10.254.0.0 255.255.255.0

set neighbor-group "branch-peers-1"

next

edit 2

set prefix 10.254.1.0 255.255.255.0

set neighbor-group "branch-peers-2"

next

end

config network

edit 1

set prefix 10.200.1.0 255.255.255.0

next

edit 2

set prefix 10.200.0.0 255.255.255.0

next

edit 3

set prefix 10.200.3.0 255.255.255.0

next

end

end

Implementing route discovery with BGP

Network route discovery is facilitated by BGP and EBGP, which prevent the redistribution of routes learned that are contained in the same autonomous system number as the host. Also, EBGP influences route selection on the branches because of AS-Path prepending.

Enable ebgp-multipath to allow the FortiGate to dynamically discover multiple paths for networks advertised at branches.

Configure neighbor-range and neighbor-group to allow peering relationships to be established without defining each individual peer. The branch IPsec VPN tunnel interface addresses must be in the BGP peer range.

The BGP configuration includes:
  • Enabling ebgp-multipath
  • Enabling soft-reconfiguration, link-down-failover, and ebgp-enforce-multihop for each BGP peer in the neighbor group
  • Adding the branch remote-as (which is 65501) to each peer configuration
  • Setting the prefix for the neighbor range to the network matching the BGP peers
  • Configuring a network with the prefix of the network advertised into BGP

To facilitate the fastest route failovers, the following timers are set to their lowest values:

  • scan-time
  • advertisement-interval
  • keep-alive timer
  • holdtime-timer

config router bgp

set as 65500

set router-id 10.10.0.1

set ebgp-multipath enable

set scan-time 5

set graceful-restart enable

config neighbor-group

edit "branch-peeers-1"

set advertisement-interval 1

set link-down-failover enable

set soft-reconfiguritation enable

set remote-as 65501

set keep-alive-timer 1

set holdtime-timer 3

set ebgp-enforce-multihop enable

next

edit "branch-peers-2"

set advertisment-inteval 1

set link-downfailover enable

set remote-as 65501

set keep-alive-timer 1

set holdtime-timer 3

set ebgp-enforce-multihop enable

next

end

config neighbor-range

edit 1

set prefix 10.254.0.0 255.255.255.0

set neighbor-group "branch-peers-1"

next

edit 2

set prefix 10.254.1.0 255.255.255.0

set neighbor-group "branch-peers-2"

next

end

config network

edit 1

set prefix 10.200.1.0 255.255.255.0

next

edit 2

set prefix 10.200.0.0 255.255.255.0

next

edit 3

set prefix 10.200.3.0 255.255.255.0

next

end

end