Description
This article explains that recursive resolution is not possible for a BGP route via another BGP route.
These routes are being learned via BGP but are not getting installed into the active routing table.
FGT # get router info bgp network 10.10.10.0
Paths: (2 available, no best path)
Local
10.20.1.4 (inaccessible) from 10.21.16.15 (10.21.116.20)
Local
10.20.1.4 (inaccessible) from 10.21.16.16 (10.21.116.20)
The underlying route for the next hop which 10.20.1.4, have another BGP route.
FGT # get router info routing-table details 10.20.1.4
Routing entry for 10.20.1.0/28
Known via "bgp", distance 200, metric 0, best
Last update 07w2d18h ago
* 10.21.116.28 (recursive via 10.21.161.21)
The issue faced is because the route to reach the next hop 10.20.1.4 is also a BGP route.
FortiGate considers the next hop as invalid and does not install the route in the routing table.
FGT # get router info routing-table details 10.10.10.0
% Network not in table
Solution
The alternatives to fix this issue are as follows:
1) Add a static route to reach the next hop that overrides the BGP route.
2) Configure the 'set next-hop-self enable' under the BGP neighbour.
# config router bgp
# config neighbor
edit "x.x.x.x"
set next-hop-self enable
next
end
end
If there is already a static route present, the next-hop-self command would not take precedence over it.
3) When a BGP next hop requires recursive resolution, the default behavior is to consider all other routes except BGP routes. In FortiOS v7.0.0 the following option has been introduced, when enabled, allows the recursive next hop resolution to use BGP routes as well.
# config router bgp
set recursive-next-hop [ enable | disable* ]
end
By default, this option is disabled.
Related document:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.