Scribd
Upload
96 views5 pages

Redistribute VIP IP To BGP Peer - Fortinet Community

Uploaded by

Roman Chmilewsky
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
96 views5 pages

Redistribute VIP IP To BGP Peer - Fortinet Community

Uploaded by

Roman Chmilewsky
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Redistribute VIP IP to BGP peer - Fortinet Community https://community.fortinet.com/t5/FortiGate/Technical-Tip-Redistribu...

 Help 
Click here to
sign-up
Forums  Knowledge Base  Community Groups  Blogs

FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security
processors and threat intelligence security services from FortiGuard labs to
deliver top-rated protection and high performance, including encrypted
traffic.

All Content Search here

Fortinet Community  Knowledge Base  FortiGate  Technical Tip: Redistribute VIP IP to BGP peer

vprabhu_FTNT
Staff

Created on

08-16-2020 10:49 AM

Article Id

192376

Technical Tip: Redistribute VIP IP to BGP peer


Description
This article describes the use of Virtual IP to redistribute in BGP to advertise to other BGP
peers.
It is helpful in scenarios where the VIP IP is out of the subnet range of exit interface subnet/
peer.

Scope
BGP is setup and peering is up between 2 units.
VIP range or VIP is configured and policies configured for VIP to work.

Solution

1 of 5 12/1/2024, 2:46 PM
Redistribute VIP IP to BGP peer - Fortinet Community https://community.fortinet.com/t5/FortiGate/Technical-Tip-Redistribu...

BGP requires the network to be known in the network table to advertise to its peer, which does
not happen in case of VIP (with different subnet than exit interface IP) as virtual IP does not
show in network routing table.

Since this is impossible to redistribute such Virtual IP in BGP, create a static black hole route
and redistribute static route in the BGP as per below:
VIP subnet : 10.98.8.0/24 is configured on 'FGT1'.
Exit interface IP is 10.106.0.62.
This subnet 10.98.8.0/24 is required to be advertised to BGP peer so the VIP IP is reachable
from remote 'FGT2'.

Configuration Steps.

'FGT1':
# config router static
edit 0
set dst 10.98.8.0 255.255.255.0
set blackhole enable
next
end
# config router bgp
# config redistribute "static"
set status enable
end

'FGT2' no config changes is required as the route will be advertised from 'FGT1' BGP peer.

Verification command.

2 of 5 12/1/2024, 2:46 PM
Redistribute VIP IP to BGP peer - Fortinet Community https://community.fortinet.com/t5/FortiGate/Technical-Tip-Redistribu...

FGT1# get router info routing de 10.98.8.0


Routing table for VRF=0
Routing entry for 10.98.8.0/24
Known via "static", distance 10, metric 0, best
* directly connected, Null
FGT1 # get router info bgp neighbors 10.106.0.113 advertised-routes
VRF 0 BGP table version is 7, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i –
internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag
Path
*>i10.56.240.0/22 10.91.1.1 100 32768 0 ?
<-/->
*>i10.80.1.0/24 10.106.0.62 100 32768 0 i
<-/->
*>i10.98.8.0/24 10.106.0.62 100 32768 0 ?
<-/->

FGT2(root) # get router info routing de bgp


B 10.98.8.0/24 [200/0] via 10.106.0.62, port4, 00:31:10

FGT2(root) # get router info bgp network 10.98.8.0/24


BGP routing table entry for 10.98.8.0/24
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
Local
10.106.0.62 from 10.106.0.62 (4.4.4.4)
Origin incomplete metric 0, localpref 100, valid, internal, best
Last update: Thu Aug 6 10:20:48 2020

Related Articles
Configuration Example: Using VIP (Virtual IP) for Port Translation only

FortiGate

6091 0

3 of 5 12/1/2024, 2:46 PM
Redistribute VIP IP to BGP peer - Fortinet Community https://community.fortinet.com/t5/FortiGate/Technical-Tip-Redistribu...

Submit Article Idea

Contributors

 vprabhu_FTNT

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to
provide comprehensive cybersecurity protection for all users, devices, and applications and
across all network edges.

Social Media

SECURITY RESEARCH

Threat Research

FortiGuard Labs

Threat Map

Threat Briefs

Ransomware

Getting Started Resources

COMPANY

About Us

Security Fabric

4 of 5 12/1/2024, 2:46 PM
Redistribute VIP IP to BGP peer - Fortinet Community https://community.fortinet.com/t5/FortiGate/Technical-Tip-Redistribu...

Exec. Mgmt

Careers

Certifications

Events

Industry Awards

Social Responsibility

NEWS & ARTICLES

News Releases

News Articles

Trademarks

CONTACT US

Corporate

Community

Copyright 2024 Fortinet, Inc. All Rights Reserved.


Terms of Service Privacy Policy GDPR Cookie Settings

5 of 5 12/1/2024, 2:46 PM

You might also like