Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff

Created on ‎05-14-2009 05:12 AM

Article Id 191612

Technical Note : FortiGate IP route selection, and how to change the administrative distance (preference) of a routing protocol

Description
This article describes how the FortiGate selects routes in the routing table from the different routing protocols and how to change the route preference.

How does it work?
  • The same IP destination prefix may be learned from different routing protocols (ex : multiple default routes 0.0.0.0/0.0.0.0)
  • The routing table will however contain only one entry (or more if they have been learned from the same protocol supporting ECMP and have the same “distance”. ECMP is currently applicable to static and OSPF)
  • The following  shows the default distance (preference) settings on a FortiGate (configurable for all types except direct interfaces) :
- Directly connected     0
- Static routes             10
- EBGP routes             20
- OSPF routes           110
- RIP routes              120
- IBGP routes            200

  • Note 1 : The term "distance"  is sometimes also referred as "weight" by other manufacturers.
  • Note 2 : the "distance" has got only local significance on the FortiGate, and has no impact for a route redistribution.

Case study
  • Assume that a default route is learned via BGP, and another default route is configured as static route. By default, only the static default route will be in the routing table.
  • It can however be desired that the preferred default route be the one received by BGP, and the static route be kept as backup.
  • In this case, it will be necessary to adapt the route distances.

Route distance seen from the GUI

rmetzger_FD30086_route_preference.JPG

Solution
How to change the route distance : some examples

config router rip

    config distance

       edit 1

           set distance 130

       next

    end

end

config router static

    edit 1

        set device "internal"

        set distance 20

        set gateway 172.31.225.254

    next

end

config router ospf

   set distance-external 105

   set distance-intra-area 100

end

config router bgp  

   set distance-external 30

   set distance-internal 210

end



Note :

• New values are only given as examples.
• Distance changes might need a reboot or an  “exec router restart” to be effective.

Related Articles

Technical Note: Configuring link redundancy - Traffic load-balancing / load-sharing - ECMP (Equal C...

26602
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.