Viewing and changing NP7 hyperscale firewall blackhole and loopback routing
You can use the following diagnose command to view the current LPM routing configuration. You can also use this command to add and remove routes. Because this is a diagnose command, any changes are reverted to defaults when the FortiGate restarts:
diagnose lpmd route {add | del | dump | query | stats | ktrie | debug}
add add a route to the NP7 policy engine routing table.
del delete a route from the NP7 policy engine routing table.
dump list the NP7 policy engine routing table.
query look up detailed information for LPM entries.
stats display LPM compiler statistics.
ktrie {next_hop | stats | query | route | vdom} display KTRIE routing database information.
debug {set | show | query} set debug flags, show current debug level, and query kernel route entries.
The syntax for the add and del command is:
diagnose lpmd route {add | del} <dst> <prefixlen> <gwy> <oif> <table> <scope> <type> <proto> <prio> <tos> <flags>
For blackhole and loopback routes, set <flags> to the following nh_flags values:
-
For blackhole routes the
nh_flagsvalue is 0x80. -
For loopback routes, the
nh_flagsvalue is 0x100.
For example, use the following command to add a blackhole route to the NP7 policy engine routing table:
diagnose lpmd add 12.1.1.10 24 12.1.1.1 port24 254 253 1 2 0 1 1
The following command will delete this route from the NP7 policy engine routing table:
diagnose lpmd del 12.1.1.10 24 12.1.1.1 port24 254 253 1 2 0 1 1