Description
This articles describes how to refresh a BGP routing table without disturbing a BGP peering session.
Scope
Any supported version of FortiGate.
Solution
When the BGP routing policy is changed (such as by changing the attributes or adding filters), it is necessary to reset the BGP session before the new policy takes effect.
A soft reset is recommended to refresh the BGP routing table without disturbing existing BGP peering sessions.
To do this, first enable soft-reconfiguration:
# config router bgp
# config neighbor
edit 10.0.0.1
set soft-reconfiguration enable
end
end
Use the following command to perform a soft reset:
# execute router clear bgp all soft (in/out)
To soft-reset a specific BGP neighbor, supply the IP address with 'bgp ip' as follows:
# execute router clear bgp ip x.x.x.x soft (in/out)
Replace x.x.x.x with the BGP neighbor IP and choose either 'in' or 'out':
- in: refresh only received BGP routes.
- out: refresh only advertised BGP routes.
Note: Submitting the command without a choice of 'in' or 'out' will perform a soft reset both ways.
Lab test results:
In the following example, the BGP peer is up and has received three prefixes from the BGP neighbor:
# get router info bgp summary
BGP router identifier 2.2.2.2, local AS number 65002
BGP table version is 4
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.56.244.207 4 65003 11550 11555 3 0 0 6d01h18m 3
Total number of neighbors 1
FGT1 # get router info routing-table database | grep B
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
> - selected route, * - FIB route, p - stale info
B *> 3.3.3.3/32 [20/0] via 10.56.244.207, port1, 00:25:29
B 10.56.244.0/22 [20/0] via 10.56.244.207, 00:25:29
B *> 10.161.0.0/20 [20/0] via 10.56.244.207, port1, 00:25:29
A new subnet (50.50.50.50/32) was advertized into BGP at the other end. BGP typically requires a long period of time to receive an update.
To force BGP to learn new route immediately without tearing the BGP peering, run the command below. Example output is attached.
# exe router clear bgp ip 10.56.244.207 soft (in)
# get router info bgp summary
BGP router identifier 2.2.2.2, local AS number 65002
BGP table version is 4
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.56.244.207 4 65003 11551 11555 3 0 0 6d01h19m 4
The uptime is not reset and the prefix received count shows as 4 after the above example:
# get router info routing-table database | grep B
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
> - selected route, * - FIB route, p - stale info
B *> 3.3.3.3/32 [20/0] via 10.56.244.207, port1, 00:26:24
B 10.56.244.0/22 [20/0] via 10.56.244.207, 00:26:24
B *> 10.161.0.0/20 [20/0] via 10.56.244.207, port1, 00:26:24
B *> 50.50.50.50/32 [20/0] via 10.56.244.207, port1, 00:00:05 <----- new subnet received
Use the following debug outputs BGP debug outputs to troubleshoot where necessary:
# diag debug reset
# diagnose ip router bgp all enable
# diagnose ip router bgp level info
# diagnose debug enable
Example debug snippet:
id=20301 logdesc="Routing log" msg="BGP: 10.56.244.207-Outgoing [FSM] State: Established Event: 34"
id=20301 logdesc="Routing log" msg="BGP: [RIB] Scanning BGP Network Routes..."
id=20301 logdesc="Routing log" msg="BGP: 10.56.244.207-Outgoing [DECODE] Msg-Hdr: type 2, length 48"
id=20301 logdesc="Routing log" msg="BGP: 10.56.244.207-Outgoing [DECODE] Update: Starting UPDATE decoding... Bytes To Read (29), msg_size (29)"
id=20301 logdesc="Routing log" msg="BGP: 10.56.244.207-Outgoing [DECODE] Update: NLRI Len(5)"
id=20301 logdesc="Routing log" msg="BGP: 10.56.244.207-Outgoing [FSM] State: Established Event: 27"
id=20301 logdesc="Routing log" msg="BGP: 10.56.244.207-Outgoing [RIB] Update: Received Prefix 50.50.50.50/32"
id=20301 logdesc="Routing log" msg="BGP: [RIB] Scanning BGP Network Routes..."
Another way to trigger an update is a route refresh. To perform one, run the following command, substituting x.x.x.x with the BGP neighbor IP:
# execute router clear bgp ip x.x.x.x (in|out)
Once again, supply 'in' or 'out' accordingly:
- out: this will resend all BGP information to the neighbor without resetting the connection. It is recommended when changing outbound policy.
- in: this will send a route refresh message to the neighbor asking to send the BGP table. It is recommended when changing inbound policy.
Relevant document:
https://help.fortinet.com/fgt/handbook/40mr2/cli_html/wwhelp/wwhimpl/common/html/wwhelp.htm?context=...
