- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Can the disappearance of a connected route or the ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can the disappearance of a connected route or the LAN port link being down trigger iBGP to perform r
I wanted to achieve fast route updates in iBGP when the LAN link goes down, but I failed. I couldn't figure out when the route updates actually happen. Additionally, I would like to know if it is feasible in my environment to have immediate route updates when the LAN link goes down.
To be precise, at what point in time does iBGP initiate the update when the LAN port (Connected Route) of Remote-LAN disappears? Based on my testing, it is evident that the routes are not updated immediately; in other words, the withdrawn message does not appear immediately.
Moreover, is the triggering of iBGP route updates by the disappearance of connected routes related to information such as "[RIB] Scanning BGP Network Routes" and "[RIB] Scanning BGP RIB"?
Topology:
(BGP over VPN)(LAN)FGHG(WAN)----(VPN)---(WAN)Remote-FG(LAN)(BGP over VPN)
Here are the downtime durations I observed in the terminal device ping tests after performing a link down in Remote-FG.
TEST | downtime of ping test |
1 | 5s |
2 | 12s |
3 | 5s |
<TEST1>
○Femote-FG LAN Port Link Down
2023-06-27 15:25:17 BGP: Message type: Link Down (30)
...
2023-06-27 15:25:17 BGP: 11.25.100.6-Outgoing [FSM] State: Established Event: 34
2023-06-27 15:25:17 BGP: 11.25.100.6-Outgoing [ENCODE] Msg-Hdr: Type 2
2023-06-27 15:25:17 BGP: 11.25.100.6-Outgoing [ENCODE] Update Withdrawn: Prefix 172.124.1000.0/24
2023-06-27 15:25:17 BGP: 11.25.100.6-Outgoing [ENCODE] Update: Msg #35 Size 27
...
2023-06-27 15:25:18 BGP: [RIB] Scanning BGP Network Routes...
2023-06-27 15:25:19 BGP: NSM Message Header
...
2023-06-27 15:25:31 BGP: 12.25.100.14-Outgoing [ENCODE] Msg-Hdr: Type 2
2023-06-27 15:25:31 BGP: 12.25.100.14-Outgoing [ENCODE] Update Withdrawn: Prefix 172.124.1000.0/24
2023-06-27 15:25:31 BGP: 12.25.100.14-Outgoing [ENCODE] Update: Msg #36 Size 27
...
2023-06-27 15:25:33 BGP: [RIB] Scanning BGP Network Routes...
diag ip router bgp level none
○FGHG
2023-06-27 15:25:17 BGP: 11.25.100.22-Outgoing [ENCODE] Msg-Hdr: Type 4
2023-06-27 15:25:17 BGP: 11.25.100.22-Outgoing [ENCODE] Keepalive: 21264 KAlive msg(s) sent
2023-06-27 15:25:17 BGP: 11.25.100.22-Outgoing [DECODE] Msg-Hdr: type 2, length 27
2023-06-27 15:25:17 BGP: 11.25.100.22-Outgoing [DECODE] Update: Starting UPDATE decoding... Bytes To Read (8), msg_size (8)
2023-06-27 15:25:17 BGP: 11.25.100.22-Outgoing [DECODE] Update: Withdrawn Len(4)
2023-06-27 15:25:17 BGP: 11.25.100.22-Outgoing [FSM] State: Established Event: 27
2023-06-27 15:25:17 BGP: 11.25.100.22-Outgoing [RIB] Withdraw: Prefix 172.124.100.0/24 path_id 0
2023-06-27 15:25:17 BGP: [DAMP] bgp_rfd_rt_withdraw(): Non EBGP Peer, no dampening reqd
2023-06-27 15:25:17 BGP: [DAMP] bgp_rfd_rt_withdraw(): Route State: NONE, ret=0
2023-06-27 15:25:17 BGP: BGP VRF 0 leaking 172.124.100.0/24 afi 1, safi 1
2023-06-27 15:25:17 BGP: VRF 0 NSM withdraw: 172.124.100.0/24
2023-06-27 15:25:17 BGP: 11.25.100.22-Outgoing [DECODE] Msg-Hdr: type 4, length 19
2023-06-27 15:25:17 BGP: 11.25.100.22-Outgoing [DECODE] KAlive: Received!
2023-06-27 15:25:17 BGP: 11.25.100.22-Outgoing [FSM] State: Established Event: 26
<TEST2>
○Remote-FG LAN Port Link Down
2023-06-27 15:33:14 BGP: Message type: Link Down (30)
...
2023-06-27 15:33:17 BGP: 12.25.100.14-Outgoing [ENCODE] Msg-Hdr: Type 2
2023-06-27 15:33:17 BGP: 12.25.100.14-Outgoing [ENCODE] Update Withdrawn: Prefix 172.124.100.0/24
2023-06-27 15:33:17 BGP: 12.25.100.14-Outgoing [ENCODE] Update: Msg #38 Size 27
...
2023-06-27 15:33:18 BGP: [RIB] Scanning BGP Network Routes...
...
2023-06-27 15:33:24 BGP: 11.25.100.6-Outgoing [ENCODE] Msg-Hdr: Type 2
2023-06-27 15:33:24 BGP: 11.25.100.6-Outgoing [ENCODE] Update Withdrawn: Prefix 172.124.100.0/24
2023-06-27 15:33:24 BGP: 11.25.100.6-Outgoing [ENCODE] Update: Msg #37 Size 27
...
2023-06-27 15:33:33 BGP: [RIB] Scanning BGP Network Routes...
..
○FGHG
2023-06-27 15:33:24 BGP: 11.250.1.22-Outgoing [DECODE] Msg-Hdr: type 2, length 27
2023-06-27 15:33:24 BGP: 11.250.1.22-Outgoing [DECODE] Update: Starting UPDATE decoding... Bytes To Read (8), msg_size (8)
2023-06-27 15:33:24 BGP: 11.250.1.22-Outgoing [DECODE] Update: Withdrawn Len(4)
2023-06-27 15:33:24 BGP: 11.250.1.22-Outgoing [FSM] State: Established Event: 27
2023-06-27 15:33:24 BGP: 11.250.1.22-Outgoing [RIB] Withdraw: Prefix 172.124.100.0/24 path_id 0
2023-06-27 15:33:24 BGP: [DAMP] bgp_rfd_rt_withdraw(): Non EBGP Peer, no dampening reqd
2023-06-27 15:33:24 BGP: [DAMP] bgp_rfd_rt_withdraw(): Route State: NONE, ret=0
2023-06-27 15:33:24 BGP: BGP VRF 0 leaking 172.124.100.0/24 afi 1, safi 1
2023-06-27 15:33:24 BGP: VRF 0 NSM withdraw: 172.124.100.0/24
....
2023-06-27 15:33:26 BGP: [RIB] Scanning BGP Network Routes...
...
2023-06-27 15:33:33 BGP: [RIB] Scanning BGP RIB...
...
diag ip router bgp level none
FGHQ1 # diag debug reset
<TEST3>
○Remote-FG LAN Port Link Down
2023-06-27 15:53:00 BGP: Message type: Link Down (30)
...
2023-06-27 15:53:03 BGP: [RIB] Scanning BGP Network Routes...
...
2023-06-27 15:53:04 BGP: 11.25.100.6-Outgoing [ENCODE] Msg-Hdr: Type 2
2023-06-27 15:53:04 BGP: 11.25.100.6-Outgoing [ENCODE] Update Withdrawn: Prefix 172.124.100.0/24
2023-06-27 15:53:04 BGP: 11.25.100.6-Outgoing [ENCODE] Update: Msg #39 Size 27
...
2023-06-27 15:53:05 BGP: [RIB] Scanning BGP RIB...
2023-06-27 15:53:05 BGP: [NSM] Verified NH 11.25.100.6 with NSM
2023-06-27 15:53:05 BGP: [NSM] Verified NH 12.25.100.14 with NSM
○FGHG
2023-06-27 15:53:04 BGP: 11.25.100.22-Outgoing [DECODE] Msg-Hdr: type 2, length 27
2023-06-27 15:53:04 BGP: 11.25.100.22-Outgoing [DECODE] Update: Starting UPDATE decoding... Bytes To Read (8), msg_size (8)
2023-06-27 15:53:04 BGP: 11.25.100.22-Outgoing [DECODE] Update: Withdrawn Len(4)
2023-06-27 15:53:04 BGP: 11.25.100.22-Outgoing [FSM] State: Established Event: 27
2023-06-27 15:53:04 BGP: 11.25.100.22-Outgoing [RIB] Withdraw: Prefix 172.124.100.0/24 path_id 0
2023-06-27 15:53:04 BGP: [DAMP] bgp_rfd_rt_withdraw(): Non EBGP Peer, no dampening reqd
2023-06-27 15:53:04 BGP: [DAMP] bgp_rfd_rt_withdraw(): Route State: NONE, ret=0
2023-06-27 15:53:04 BGP: BGP VRF 0 leaking 172.124.100.0/24 afi 1, safi 1
2023-06-27 15:53:04 BGP: VRF 0 NSM withdraw: 172.124.100.0/24
...
2023-06-27 15:53:11 BGP: [RIB] Scanning BGP Network Routes...
...
2023-06-27 15:53:13 BGP: [RIB] Scanning BGP RIB...
Bruce Liu
Bruce Liu
Labels:
- Labels:
-
FortiGate
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Bruce7x2,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Jean-Philippe - Fortinet Community Team
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We are still looking for an answer to your question.
We will come back to you ASAP.
Thanks,
Jean-Philippe - Fortinet Community Team
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please try to adjust the timers (advertisement-interval) mentioned in the below article and perform your test again and see if it makes any difference.
This is applied on a per neighbor basis.
Best Regards,
San
Related Posts
- How to keep the connections when... 519 Views
- Fortigate metrics doesn't update from FortiSIEM 231 Views
- Two customers with overlapping IP subnets... 240 Views
- fortigate cannot authenticate with fortianalyzer 851 Views
- U422EV Ethernet Bridge 310 Views
Labels
-
FortiGate
6,531 -
FortiClient
1,303 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.