Fortinet BGP local Preference to influence outbound routing

Fortinet like all vendors supports BGP and has many ways to configure it. In this case almost all settings are configured VIA the CLI. In this post I will show how to configure the Local preference attribute to influence what routes a device will take to leave the network. For example, if you have two ISPs, and we use one for primary, and the second for a backup then we would want to change the local preference to make ISP 1 more a better choice.

Changing the local preference of routes from the default 100, to a higher value makes those routes the best choice when leaving the network. Also you can use a prefix-list to change just the preference of one or more routes, you do not have to do all routes advertised by the neighbor.

Steps needed are:

– Get BGP instance configured

– Configure neighbors

– Create route map

– assign preference in Route map

– Apply route map to neighbor

– Clear BGP routes, and check new preferences.

 

After you get BGP configured VIA CLI or GUI we can start with creating the route map.

Image

You can name the Route map whatever you like, for example if you have two ISPs, you might say ISP-1-Local-Pref. Then modify the rule you want, and change the local preference. Remember the higher the local preference the more preferred.

Command:

config router route-map

edit name

config rule

edit 10

set local-preference X

end

Next we can apply the route-map to the neighbor we want to set preference on.

Image

Once that is configured, we can check the perfernce of the routes with the command:

get router info bgp networks

You might notice that the preference has not changed. This is because we will need to clear the routes first. We can do this with a few different commands:

exe router clear bgp ip x.x.x.x out

This will clear all routes from this neighbor. If this is a live production network, it would be better to run the command:

exe router clear bgp ip x.x.x.x soft out

A soft reset uses stored prefix information to reconfigure and activate BGP routing tables without tearing down existing peering sessions. Soft reconfiguration uses stored update information, at the cost of additional memory for storing the updates, to allow you to apply new BGP policy without disrupting the network. Soft reconfiguration can be configured for inbound or outbound sessions.

Thats it! now we should see the new preference associated with our routes:

Image

Notice the 500 instead of the default of 100. Everything is working, now all my routes going to the 10.0.0.0/16 network will take the 169.254.255.77 neighbor. Also notice the > symbol. This means it is the best route, and therefore the one put into the routing table. Other routes will not show up in the GUI routing table.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: