Fortinet black logo

Administration Guide

BGP conditional advertisement

BGP conditional advertisement

BGP conditional advertisement allows the router to advertise a route only when certain conditions are met. Multiple conditions can be used together, with conditional route map entries treated as an AND operator, and IPv6 is supported.

Multiple conditions example

In this example, the FortiGate only advertises routes to its neighbor 2.2.2.2 if it learns multiple BGP routes defined in its conditional route map entry. All conditionals must be met.

To configure multiple conditions in BGP conditional advertisements:
  1. Configure the IPv4 prefix list:
    config router prefix-list
        edit "281"
            config rule
                edit 1
                    set prefix 172.28.1.0 255.255.255.0
                    unset ge
                    unset le
                next
            end
        next
        edit "222"
            config rule
                edit 1
                    set prefix 172.22.2.0 255.255.255.0
                    unset ge
                    unset le
                next
            end
        next
    end
  2. Configure the community list:
    config router community-list
        edit "30:5"
            config rule
                edit 1
                    set action permit
                    set match "30:5"
                next
            end
        next
    end
  3. Configure the IPv4 route maps:
    config router route-map
        edit "comm1"
            config rule
                edit 1
                    set match-community "30:5"
                    set set-route-tag 15
                next
            end
        next
        edit "2224"
            config rule
                edit 1
                    set match-ip-address "222"
                next
            end
        next
        edit "2814"
            config rule
                edit 1
                    set match-ip-address "281"
                next
            end
        next
    end
  4. Configure the IPv6 prefix list:
    config router prefix-list6
        edit "adv-222"
            config rule
                edit 1
                    set prefix6 2003:172:22:1::/64
                    unset ge
                    unset le
                next
            end
        next
        edit "list6-2"
            config rule
                edit 1
                    set prefix6 2003:172:28:2::/64
                    unset ge
                    unset le
                next
            end
        next
    end
  5. Configure the IPv6 route maps:
    config router route-map
        edit "map-222"
            config rule
                edit 1
                    set match-ip6-address "adv-222"
                next
            end
        next
        edit "map-282"
            config rule
                edit 1
                    set action deny
                    set match-ip6-address "list6-2"
                next
            end
        next
    end
  6. Configure the BGP settings:
    config router bgp
        config neighbor
            edit "2.2.2.2"
                config conditional-advertise
                    edit "2224"
                        set condition-routemap "2814" "2224" "comm1"
                        set condition-type non-exist
                    next
                end
            next
            edit "2003::2:2:2:2"
                config conditional-advertise6
                    edit "map-222"
                        set condition-routemap "map-222" "map-282"
                    next
                    end
                set route-reflector-client6 enable
            next
        end
    end
To verify the IPv4 conditional advertisements:
# get router info bgp neighbors 2.2.2.2
...
  Conditional advertise-map:
        Adv-map 2224root 2814root, cond-state 0-1
                         2224root, cond-state 0-1
                        comm1root, cond-state 0-0
...

In this output, the condition is that the routes in route maps 2814, 2224 and comm1 do not exist. However, routes for 2814 and 2224 exist, so the conditions are not met.

To verify the IPv6 conditional advertisements:
# get router info6 bgp neighbors 2003::2:2:2:2
...
  Conditional advertise-map:
        Adv-map map-222root map-222root, cond-state 1-1
                            map-282root, cond-state 1-0
...

In this output, the condition is that the routes in route maps map-222 and map-282 exist. However, routes for map-222 exist, but map-282 does not, so the conditions are not met.

To view the conditional route maps:
# diagnose ip router command show-vrf root show running router bgp
...
 neighbor 2.2.2.2 advertise-map 2224root exist-map 2814root
 neighbor 2.2.2.2 advertise-map 2224root exist-map 2224root
 neighbor 2.2.2.2 advertise-map 2224root exist-map comm1root
... ...
 !
 address-family ipv6
 neighbor 2003::2:2:2:2 advertise-map map-222root non-exist-map map-222root
 neighbor 2003::2:2:2:2 advertise-map map-222root non-exist-map map-282root
!

IPv6 example 1

In this example, the FortiGate advertises its local network to the secondary router when the primary router is down. The FortiGate detects the primary router is down in the absence of a learned route.

  • When the FortiGate learns route 2003:172:28:1::/64 from the primary router, it does not advertise its local route (2003:172:22:1::/64) to the secondary router.

  • When the FortiGate does not learn route 2003:17:28:1::/64 from the primary router, advertises its local route (2003:172:22:1::/64) to the secondary router.

  • The BGP conditional advertisement condition is set to be true if the condition route map (2003:172:28:1::/64) is not matched (non-exist).

To configure BGP conditional advertisement with IPv6:
  1. Configure the IPv6 prefix lists:
    config router prefix-list6
        edit "adv-222"
            config rule
                edit 1
                    set prefix6 2003:172:22:1::/64
                    unset ge
                    unset le
                next
            end
        next
        edit "lrn-281"
            config rule
                edit 1
                    set prefix6 2003:172:28:1::/64
                    unset ge
                    unset le
                next
            end
        next
    end
  2. Configure the route maps:
    config router route-map
        edit "map-221"
            config rule
                edit 1
                    set match-ip6-address "adv-222"
                next
            end
        next
        edit "map-281"
            config rule
                edit 1
                    set match-ip6-address "lrn-281"
                next
            end
        next
    end
  3. Configure BGP:
    config router bgp
        set as 65412
        set router-id 1.1.1.1
        set ibgp-multipath enable
        set network-import-check disable
        set graceful-restart enable
        config neighbor
            edit "2003::2:2:2:2"
                set soft-reconfiguration6 enable
                set remote-as 65412
                set update-source "loopback1"
                config conditional-advertise6
                    edit "map-221"
                        set condition-routemap "map-281"
                        set condition-type non-exist
                    next
                end
            next
            edit "2003::3:3:3:3"
                set soft-reconfiguration6 enable
                set remote-as 65412
                set update-source "loopback1"
            next
        end
    end

    In this configuration, if route map map-281 does not exist, then the FortiGate advertises route map map-221 to neighbor 2003::2:2:2:2.

  4. Verify the routing table:
    # get router info6 routing-table bgp
    B       2003:172:28:1::/64 [200/0] via 2003::3:3:3:3 (recursive via ****::***:***:****:****, port9), 01:23:45
    B       2003:172:28:2::/64 [200/0] via 2003::3:3:3:3 (recursive via ****::***:***:****:****, port9), 23:09:22

When the FortiGate learns 2003:172:28:1::/64, it will not advertise its local route 2003:172:22:1::/64 to neighbor 2003::2:2:2:2. If the FortiGate has not learned 2003:172:28:1::/64, it will advertise its local route 2003:172:22:1::/64 to neighbor 2003::2:2:2:2.

IPv6 example 2

With the same IPv6 prefix lists and route maps, when the FortiGate does learn 2003:172:28:1::/64, it advertises local route 2003:172:22:1::/64 to the secondary router. The BGP conditional advertisement condition is set to be true if the condition route map is matched (exist).

To configure BGP conditional advertisement with IPv6:
  1. Configure BGP:
    config router bgp
        config neighbor
            edit "2003::2:2:2:2"
                config conditional-advertise6
                    edit "map-221"
                        set condition-routemap "map-281"
                        set condition-type exist
                    next
                end
            next
        end
    end
  2. Verify the routing table:
    # get router info6 routing-table bgp
    B       2003:172:28:1::/64 [200/0] via 2003::3:3:3:3 (recursive via ****::***:***:****:****, port9), 01:23:45
    B       2003:172:28:2::/64 [200/0] via 2003::3:3:3:3 (recursive via ****::***:***:****:****, port9), 23:09:22

When the FortiGate learns 2003:172:28:1::/64, it will advertise its local route 2003:172:22:1::/64 to neighbor 2003::2:2:2:2. If the FortiGate has not learned route 2003:172:28:1::/64, it will not advertise its local route 2003:172:22:1::/64 to neighbor 2003::2:2:2:2.

BGP conditional advertisement

BGP conditional advertisement allows the router to advertise a route only when certain conditions are met. Multiple conditions can be used together, with conditional route map entries treated as an AND operator, and IPv6 is supported.

Multiple conditions example

In this example, the FortiGate only advertises routes to its neighbor 2.2.2.2 if it learns multiple BGP routes defined in its conditional route map entry. All conditionals must be met.

To configure multiple conditions in BGP conditional advertisements:
  1. Configure the IPv4 prefix list:
    config router prefix-list
        edit "281"
            config rule
                edit 1
                    set prefix 172.28.1.0 255.255.255.0
                    unset ge
                    unset le
                next
            end
        next
        edit "222"
            config rule
                edit 1
                    set prefix 172.22.2.0 255.255.255.0
                    unset ge
                    unset le
                next
            end
        next
    end
  2. Configure the community list:
    config router community-list
        edit "30:5"
            config rule
                edit 1
                    set action permit
                    set match "30:5"
                next
            end
        next
    end
  3. Configure the IPv4 route maps:
    config router route-map
        edit "comm1"
            config rule
                edit 1
                    set match-community "30:5"
                    set set-route-tag 15
                next
            end
        next
        edit "2224"
            config rule
                edit 1
                    set match-ip-address "222"
                next
            end
        next
        edit "2814"
            config rule
                edit 1
                    set match-ip-address "281"
                next
            end
        next
    end
  4. Configure the IPv6 prefix list:
    config router prefix-list6
        edit "adv-222"
            config rule
                edit 1
                    set prefix6 2003:172:22:1::/64
                    unset ge
                    unset le
                next
            end
        next
        edit "list6-2"
            config rule
                edit 1
                    set prefix6 2003:172:28:2::/64
                    unset ge
                    unset le
                next
            end
        next
    end
  5. Configure the IPv6 route maps:
    config router route-map
        edit "map-222"
            config rule
                edit 1
                    set match-ip6-address "adv-222"
                next
            end
        next
        edit "map-282"
            config rule
                edit 1
                    set action deny
                    set match-ip6-address "list6-2"
                next
            end
        next
    end
  6. Configure the BGP settings:
    config router bgp
        config neighbor
            edit "2.2.2.2"
                config conditional-advertise
                    edit "2224"
                        set condition-routemap "2814" "2224" "comm1"
                        set condition-type non-exist
                    next
                end
            next
            edit "2003::2:2:2:2"
                config conditional-advertise6
                    edit "map-222"
                        set condition-routemap "map-222" "map-282"
                    next
                    end
                set route-reflector-client6 enable
            next
        end
    end
To verify the IPv4 conditional advertisements:
# get router info bgp neighbors 2.2.2.2
...
  Conditional advertise-map:
        Adv-map 2224root 2814root, cond-state 0-1
                         2224root, cond-state 0-1
                        comm1root, cond-state 0-0
...

In this output, the condition is that the routes in route maps 2814, 2224 and comm1 do not exist. However, routes for 2814 and 2224 exist, so the conditions are not met.

To verify the IPv6 conditional advertisements:
# get router info6 bgp neighbors 2003::2:2:2:2
...
  Conditional advertise-map:
        Adv-map map-222root map-222root, cond-state 1-1
                            map-282root, cond-state 1-0
...

In this output, the condition is that the routes in route maps map-222 and map-282 exist. However, routes for map-222 exist, but map-282 does not, so the conditions are not met.

To view the conditional route maps:
# diagnose ip router command show-vrf root show running router bgp
...
 neighbor 2.2.2.2 advertise-map 2224root exist-map 2814root
 neighbor 2.2.2.2 advertise-map 2224root exist-map 2224root
 neighbor 2.2.2.2 advertise-map 2224root exist-map comm1root
... ...
 !
 address-family ipv6
 neighbor 2003::2:2:2:2 advertise-map map-222root non-exist-map map-222root
 neighbor 2003::2:2:2:2 advertise-map map-222root non-exist-map map-282root
!

IPv6 example 1

In this example, the FortiGate advertises its local network to the secondary router when the primary router is down. The FortiGate detects the primary router is down in the absence of a learned route.

  • When the FortiGate learns route 2003:172:28:1::/64 from the primary router, it does not advertise its local route (2003:172:22:1::/64) to the secondary router.

  • When the FortiGate does not learn route 2003:17:28:1::/64 from the primary router, advertises its local route (2003:172:22:1::/64) to the secondary router.

  • The BGP conditional advertisement condition is set to be true if the condition route map (2003:172:28:1::/64) is not matched (non-exist).

To configure BGP conditional advertisement with IPv6:
  1. Configure the IPv6 prefix lists:
    config router prefix-list6
        edit "adv-222"
            config rule
                edit 1
                    set prefix6 2003:172:22:1::/64
                    unset ge
                    unset le
                next
            end
        next
        edit "lrn-281"
            config rule
                edit 1
                    set prefix6 2003:172:28:1::/64
                    unset ge
                    unset le
                next
            end
        next
    end
  2. Configure the route maps:
    config router route-map
        edit "map-221"
            config rule
                edit 1
                    set match-ip6-address "adv-222"
                next
            end
        next
        edit "map-281"
            config rule
                edit 1
                    set match-ip6-address "lrn-281"
                next
            end
        next
    end
  3. Configure BGP:
    config router bgp
        set as 65412
        set router-id 1.1.1.1
        set ibgp-multipath enable
        set network-import-check disable
        set graceful-restart enable
        config neighbor
            edit "2003::2:2:2:2"
                set soft-reconfiguration6 enable
                set remote-as 65412
                set update-source "loopback1"
                config conditional-advertise6
                    edit "map-221"
                        set condition-routemap "map-281"
                        set condition-type non-exist
                    next
                end
            next
            edit "2003::3:3:3:3"
                set soft-reconfiguration6 enable
                set remote-as 65412
                set update-source "loopback1"
            next
        end
    end

    In this configuration, if route map map-281 does not exist, then the FortiGate advertises route map map-221 to neighbor 2003::2:2:2:2.

  4. Verify the routing table:
    # get router info6 routing-table bgp
    B       2003:172:28:1::/64 [200/0] via 2003::3:3:3:3 (recursive via ****::***:***:****:****, port9), 01:23:45
    B       2003:172:28:2::/64 [200/0] via 2003::3:3:3:3 (recursive via ****::***:***:****:****, port9), 23:09:22

When the FortiGate learns 2003:172:28:1::/64, it will not advertise its local route 2003:172:22:1::/64 to neighbor 2003::2:2:2:2. If the FortiGate has not learned 2003:172:28:1::/64, it will advertise its local route 2003:172:22:1::/64 to neighbor 2003::2:2:2:2.

IPv6 example 2

With the same IPv6 prefix lists and route maps, when the FortiGate does learn 2003:172:28:1::/64, it advertises local route 2003:172:22:1::/64 to the secondary router. The BGP conditional advertisement condition is set to be true if the condition route map is matched (exist).

To configure BGP conditional advertisement with IPv6:
  1. Configure BGP:
    config router bgp
        config neighbor
            edit "2003::2:2:2:2"
                config conditional-advertise6
                    edit "map-221"
                        set condition-routemap "map-281"
                        set condition-type exist
                    next
                end
            next
        end
    end
  2. Verify the routing table:
    # get router info6 routing-table bgp
    B       2003:172:28:1::/64 [200/0] via 2003::3:3:3:3 (recursive via ****::***:***:****:****, port9), 01:23:45
    B       2003:172:28:2::/64 [200/0] via 2003::3:3:3:3 (recursive via ****::***:***:****:****, port9), 23:09:22

When the FortiGate learns 2003:172:28:1::/64, it will advertise its local route 2003:172:22:1::/64 to neighbor 2003::2:2:2:2. If the FortiGate has not learned route 2003:172:28:1::/64, it will not advertise its local route 2003:172:22:1::/64 to neighbor 2003::2:2:2:2.