Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dbabic
Staff
Staff

Created on ‎08-16-2019 02:21 AM

Article Id 191692

Technical Tip: Prepending AS and filtering redistributed routes

Description
This article describes how to advertise the redistributed routes.

Solution
The FortiGate can prepend the redistributed route through route map .

Apply the route map intended for the redistributed routes under them only as follow:

# config router bgp
set as 65001
set router-id 10.10.10.10
config neighbor
edit "10.20.20.75"
set remote-as 65002
next
end
config network
edit 1
set prefix 10.132.0.0 255.255.240.0
next
end
config redistribute "connected"
set status enable
set route-map "Route-Redistribute-RouteMAP"
end
config redistribute "rip"
end
config redistribute "ospf"
set status enable
set route-map "Route-Redistribute-RouteMAP"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end

# config router route-map
edit "Route-Redistribute-RouteMAP"
config rule
edit 1
set match-ip-address " prefix-list-redistribute "
set set-aspath "65001 65001 65001"
next
end
next
end

# config router prefix-list
edit "prefix-list-redistribute"
config rule
edit 1
set prefix 10.139.0.0 255.255.240.0
unset ge
unset le
next
edit 2
set prefix 10.138.0.0 255.255.240.0
unset ge
unset le
next
end
next
end

The result should be as follow:

baxter-kvm04 # get router info bgp neighbors 10.20.20.75 advertised-routes
BGP table version is 1, local router ID is 10.10.10.10
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network          Next Hop            Metric LocPrf Weight RouteTag Path
*> 10.132.0.0/20    10.109.20.70                  100  32768        0 i
*> 10.138.0.0/20    10.109.20.70                       32768        0 65001 65001 65001 ?
*> 10.139.0.0/20    10.109.20.78             2         32768        0 65001 65001 65001 ?

Note: If the Route map is put under the neighbor configuration and under the redistribute route configuration the following output is expected

axter-kvm04 # get router info bgp neighbors 10.109.20.75 advertised-routes
BGP table version is 1, local router ID is 10.109.20.70
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight RouteTag Path
*> 10.138.0.0/20    10.109.20.70                       32768        0 65001 65001 65001 65001 65001 65001 ?
*> 10.139.0.0/20    10.109.20.78             2         32768        0 65001 65001 65001 65001 65001 65001 ?

Total number of prefixes 2

3802
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.