Fortinet black logo

New Features

Allow per-prefix network import checking in BGP 7.0.4

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:25435
Download PDF

Allow per-prefix network import checking in BGP 7.0.4

In BGP, the config network command forces the advertisement of a network prefix. iBGP will advertise a prefix if there is an exact match present in the routing table. However, if this behavior is not desired, disabling network-import-check under the BGP settings allows the prefix to be advertised even if it is not in the routing table, or when the interface is down. This network-import-check option can be configured per prefix, in order to override the setting configured at the global BGP level.

config router bgp
    set network-import-check {enable | disable}
    config {network network6}
        edit <id>
            set network-import-check {global | enable | disable}
        next
    end  
end

network-import-check {enable | disable}

Enable/disable ensuring a BGP network route exists in IGP (default = enable).

network-import-check {global | enable | disable}

Configure ensuring a BGP network route exists in IGP:

  • global: use global network synchronization value (default)
  • enable: enable network synchronization per prefix
  • disable: disable network synchronization per prefix
To configure per-prefix network import check:
config router bgp
    set network-import-check enable
    config network
        edit 1
            set prefix 1.2.2.2 255.255.255.255
        next
        edit 2
            set prefix 1.4.4.4 255.255.255.255
            set network-import-check disable
        next
        edit 3
            set prefix 1.5.5.5 255.255.255.255
            set network-import-check enable
        next
    end
    config network6
        edit 1
            set prefix6 2001::1111/128
        next
        edit 2
            set prefix6 2001::2222/128
            set network-import-check disable
        next
        edit 3
            set prefix6 2001::3333/128
            set network-import-check enable
        next
    end
end

In this example, prefixes 1.2.2.2/32 and 2001::1111/128 inherit the network-import-check setting from the global BGP settings, so they will only be advertised if the prefix is in the routing table. Prefixes 1.4.4.4/32 and 2001::2222/128 will be advertised regardless of whether the prefix is in the routing table. Prefixes 1.5.5.5/32 and 2001::3333/128 will be advertised only if the prefix is in the routing table.

Allow per-prefix network import checking in BGP 7.0.4

In BGP, the config network command forces the advertisement of a network prefix. iBGP will advertise a prefix if there is an exact match present in the routing table. However, if this behavior is not desired, disabling network-import-check under the BGP settings allows the prefix to be advertised even if it is not in the routing table, or when the interface is down. This network-import-check option can be configured per prefix, in order to override the setting configured at the global BGP level.

config router bgp
    set network-import-check {enable | disable}
    config {network network6}
        edit <id>
            set network-import-check {global | enable | disable}
        next
    end  
end

network-import-check {enable | disable}

Enable/disable ensuring a BGP network route exists in IGP (default = enable).

network-import-check {global | enable | disable}

Configure ensuring a BGP network route exists in IGP:

  • global: use global network synchronization value (default)
  • enable: enable network synchronization per prefix
  • disable: disable network synchronization per prefix
To configure per-prefix network import check:
config router bgp
    set network-import-check enable
    config network
        edit 1
            set prefix 1.2.2.2 255.255.255.255
        next
        edit 2
            set prefix 1.4.4.4 255.255.255.255
            set network-import-check disable
        next
        edit 3
            set prefix 1.5.5.5 255.255.255.255
            set network-import-check enable
        next
    end
    config network6
        edit 1
            set prefix6 2001::1111/128
        next
        edit 2
            set prefix6 2001::2222/128
            set network-import-check disable
        next
        edit 3
            set prefix6 2001::3333/128
            set network-import-check enable
        next
    end
end

In this example, prefixes 1.2.2.2/32 and 2001::1111/128 inherit the network-import-check setting from the global BGP settings, so they will only be advertised if the prefix is in the routing table. Prefixes 1.4.4.4/32 and 2001::2222/128 will be advertised regardless of whether the prefix is in the routing table. Prefixes 1.5.5.5/32 and 2001::3333/128 will be advertised only if the prefix is in the routing table.