- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- OSPF ECMP and Route Prio
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OSPF ECMP and Route Prio
Hi,
In a static you have the priority option to favor traffic over a specific route in a ECMP situation. In OSPF you have the priority command, but this is used for calculation of the DR/BDR.
I was wondering if there is a way to favor traffic in OSPF (in ECMP situation) the same way as a static ?
Regards, Alex
Alex Wassink
NSE4,5,7,8 CCNP, ACMP, VCP6-NV
Alex Wassink
NSE4,5,7,8 CCNP, ACMP, VCP6-NV
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you looked into the cost? Standard OSPF allows you to weight routes by cost. There should be a similar mechanism in the 40Gate.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With cost you don't have a situation that both routes are loaded/active. So if traffic is arriving on an interface which does not have an route back you could end up with asymmetric routing. This does not have to be a problem because the fortigate is statefull, and traffic is send back via the originated interface. But it would be nice if you could set this the same way you do with a static. From the kernel routing table; OSPF routes; (same cost and distance) tab=254 vf=3 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->10.XX.YY.0/23 pref=0.0.0.0 gwy=10.10.20.1 flag=04 hops=0 oif=xx(GRE) gwy=10.10.30.1 flag=04 hops=0 oif=yy(IPSEC) static routes; (same cost and distance, but with priority set) tab=254 vf=3 scope=0 type=1 proto=11 prio=1 0.0.0.0/0.0.0.0/0->10.XX.YY.0/23 pref=0.0.0.0 gwy=10.10.20.1 dev=xx(GRE) tab=254 vf=3 scope=0 type=1 proto=11 prio=2 0.0.0.0/0.0.0.0/0->10.XX.YY.0/23 pref=0.0.0.0 gwy=10.10.30.1 dev=yy(IPSEC) Static route; edit 1 set dst 10.XX.YY.0/23 set priority 1 set device "GRE" next edit 1 set dst 10.XX.YY.0/23 set priority 2 set device "IPSEC" next
Regards, Alex
Alex Wassink
NSE4,5,7,8 CCNP, ACMP, VCP6-NV
Alex Wassink
NSE4,5,7,8 CCNP, ACMP, VCP6-NV
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't know if this is possible to set in OSPF in a Fortigate, but I think not.
There is no real need for it, since the default setting in the Fortigate RPF (Reverse Path Forwarding) check is "loose" - So that the packet will find its way back even though it doesn't use the best route, it just need a route. Setting the RPF check to "strict" will make the Fortigate drop all traffic that doesn't use the BEST route back to the source.
But I understand your point, control is nice...
Richie
NSE7
Richie
NSE7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
By the simple definition, Equal Cost Multi Path, you use whatever is available, no difference in route value.
My two cents
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the answers !
I've found that when i use the priority command on the OSPF interface traffic seems to favor the interface with lowest value given. I also found out that this is not always 100% accurate as sometimes traffic still seems to follow the other route. But most of the times it follows the correct route, so for now i'm happy.
regards, Alex
Alex Wassink
NSE4,5,7,8 CCNP, ACMP, VCP6-NV
Alex Wassink
NSE4,5,7,8 CCNP, ACMP, VCP6-NV
Related Posts
- Routing Issue on FortiGate 7.2.8 290 Views
- AWS IPSEC on BGP routing (how... 2477 Views
- Idea for VPN S2S design -... 385 Views
- Internal Routing issue 825 Views
- fortigate sd-wan spillover 3859 Views
Labels
-
FortiGate
6,538 -
FortiClient
1,304 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
Customer Service
70 -
FortiToken
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
Firewall policy
24 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
FortiConverter
21 -
VLAN
20 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
SSL SSH inspection
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
Schedule
1 -
4.0MR1
1 -
SDN connector
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
FortiPAM
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
FortiManager-VM
1 -
Zone
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.