router : bgp : config router bgp
 
config router bgp
Use this command to enable a Border Gateway Protocol version 4 (BGP-4) process on the FortiGate unit, define the interfaces making up the local BGP network (see the subcommand “config network, config network6”), and set operating parameters for communicating with BGP neighbors (see the subcommand “config neighbor”).
When multiple routes to the FortiGate unit exist, BGP attributes determine the best route and the FortiGate unit communicates this information to its BGP peers. The best route is added to the IP routing table of the BGP peer, which in turn propagates this updated routing information to upstream routers.
FortiGate units maintain separate entries in their routing tables for BGP routes. See “Using route maps with BGP”. To reduce the size of the BGP routing table and conserve network resources, you can optionally aggregate routes to the FortiGate unit. An aggregate route enables the FortiGate unit to advertise one block of contiguous IP addresses as a single, less-specific address. You can implement aggregate routing either by redistributing an aggregate route (see the subcommand “config redistribute, config redistribute6”) or by using the conditional aggregate routing feature (see the subcommand “config aggregate-address, config aggregate-address6”).
 
In the following table, the as and router-id fields are required. All other fields are optional.
Variable
Description
Default
always-compare-med
{enable | disable}
Enable or disable the comparison of MULTI_EXIT_DISC (Multi Exit Discriminator or MED) attributes for identical destinations advertised by BGP peers in different autonomous systems.
disable
as <local_as_id>
Enter an integer to specify the local autonomous system (AS) number of the FortiGate unit. The range is from 1 to 4 294 967 295. A value of 0 disables BGP. When the local_as_id number is different than the AS number of the specified BGP neighbor (see “remote-as <id_integer>”), an External BGP (EBGP) session is started. Otherwise, an Internal BGP (IBGP) session is started.
0
bestpath-as-path-ignore
{enable | disable}
Enable or disable the inclusion of an AS path in the selection algorithm for choosing a BGP route.
disable
bestpath-cmp-confed-aspath {enable | disable}
Enable or disable the comparison of the AS_CONFED_SEQUENCE attribute, which defines an ordered list of AS numbers representing a path from the FortiGate unit through autonomous systems within the local confederation.
disable
bestpath-cmp-routerid
{enable | disable}
Enable or disable the comparison of the router-ID values for identical EBGP paths.
disable
bestpath-med-confed
{enable | disable}
Enable or disable the comparison of MED attributes for routes advertised by confederation EBGP peers.
disable
bestpath-med-missing-as-worst {enable | disable}
This field is available when bestpath-med-confed is set to enable.
When bestpath-med-confed is enabled, treat any confederation path with a missing MED metric as the least preferred path.
disable
client-to-client-reflection
{enable | disable}
Enable or disable client-to-client route reflection between IBGP peers. If the clients are fully meshed, route reflection may be disabled.
enable
cluster-id <address_ipv4>
Set the identifier of the route-reflector in the cluster ID to which the FortiGate unit belongs. If 0 is specified, the FortiGate unit operates as the route reflector and its router-id value is used as the cluster-id value. If the FortiGate unit identifies its own cluster ID in the CLUSTER_LIST attribute of a received route, the route is ignored to prevent looping.
0.0.0.0
confederation-identifier
<peerid_integer>
Set the identifier of the confederation to which the FortiGate unit belongs. The range is from 1 to 65 535.
0
dampening {enable | disable}
Enable or disable route-flap dampening on all BGP routes. See RFC 2439. (A flapping route is unstable and continually transitions down and up.) If you set dampening, you may optionally set dampening-route-map or define the associated values individually using the dampening-* fields.
disable
dampening-max-suppress-time <minutes_integer>
This field is available when dampening is set to enable.
Set the maximum time (in minutes) that a route can be suppressed. The range is from 1 to 255. A route may continue to accumulate penalties while it is suppressed. However, the route cannot be suppressed longer than minutes_integer.
60
dampening-reachability-half-life <minutes_integer>
This field is available when dampening is set to enable.
Set the time (in minutes) after which any penalty assigned to a reachable (but flapping) route is decreased by half. The range is from 1 to 45.
15
dampening-reuse
<reuse_integer>
This field is available when dampening is set to enable.
Set a dampening-reuse limit based on accumulated penalties. The range is from 1 to 20 000. If the penalty assigned to a flapping route decreases enough to fall below the specified reuse_integer, the route is not suppressed.
750
dampening-route-map
<routemap-name_str>
This field is available when dampening is set to enable.
Specify the route-map that contains criteria for dampening. You must create the route-map before it can be selected here. See “route-map” and “Using route maps with BGP”.
Null.
dampening-suppress
<limit_integer>
This field is available when dampening is set to enable.
Set a dampening-suppression limit. The range is from 1 to 20 000. A route is suppressed (not advertised) when its penalty exceeds the specified limit.
2 000
dampening-unreachability-half-life <minutes_integer>
This field is available when dampening is set to enable.
Set the time (in minutes) after which the penalty on a route that is considered unreachable is decreased by half. The range is from 1 to 45.
15
default-local-preference
<preference_integer>
Set the default local preference value. A higher value signifies a preferred route. The range is from 0 to 4 294 967 295.
100
deterministic-med
{enable | disable}
Enable or disable deterministic comparison of the MED attributes of routes advertised by peers in the same AS.
disable
distance-external
<distance_integer>
Set the administrative distance of EBGP routes. The range is from 1 to 255. If you set this value, you must also set values for distance-internal and distance-local.
20
distance-internal
<distance_integer>
This field is available when distance-external is set.
Set the administrative distance of IBGP routes. The range is from 1 to 255.
200
distance-local
<distance_integer>
This field is available when distance-external is set.
Set the administrative distance of local BGP routes. The range is from 1 to 255.
200
ebgp-multipath {enable | disable}
Enable or disable ECMP load balancing across multiple (four) eBGP connections.
disable
enforce-first-as {disable | enable}
Enable or disable the addition of routes learned from an EBGP peer when the AS number at the beginning of the route’s AS_PATH attribute does not match the AS number of the EBGP peer.
disable
fast-external-failover {disable | enable}
Immediately reset the session information associated with BGP external peers if the link used to reach them goes down.
enable
graceful-restart {disable | enable}
Enable or disable BGP support for the graceful restart feature. Graceful restart limits the effects of software problems by allowing forwarding to continue when the control plane of the router fails. It also reduces routing flaps by stabilizing the network.
disable
graceful-restart-time <restart_time>
Set the time in seconds needed for neighbors to restart after a graceful restart. The range is 1 to 3600 seconds. Available when graceful-restart is enabled.
120
graceful-stalepath-time <stalepath_time>
Set the time in seconds to hold stale paths of restarting neighbors. The range is 1 to 3600 seconds. Available when graceful-restart is enabled.
360
graceful-update-delay <delay_time>
Route advertisement and selection delay in seconds after a graceful restart. The range is 1 to 3600 seconds. Available when graceful-restart is enabled.
120
holdtime-timer <seconds_integer>
The maximum amount of time in seconds that may expire before the FortiGate unit declares any BGP peer down. A keepalive message must be received every seconds_integer seconds, or the peer is declared down. The value can be 0 or an integer in the 3 to 65 535 range.
180
ibgp-multipath {enable | disable}
Enable or disable ECMP load balancing across multiple iBGP connections.
disable
ignore_optional_capability {disable | enable}
Don’t send unknown optional capability notification message.
disable
keepalive-timer
<seconds_integer>
The frequency (in seconds) that a keepalive message is sent from the FortiGate unit to any BGP peer. The range is from 0 to 65 535. BGP peers exchange keepalive messages to maintain the connection for the duration of the session.
60
log-neighbor-changes
{
disable | enable}
Enable or disable the logging of changes to BGP neighbor status.
disable
network-import-check
{
disable | enable}
Enable or disable the advertising of the BGP network in IGP (see the subcommand “config network, config network6”).
enable
router-id <address_ipv4>
Specify a fixed identifier for the FortiGate unit. A value of 0.0.0.0 is not allowed.
If router-id is not explicitly set, the highest IP address of the VDOM will be used as the default router-id.
0.0.0.0
scan-time <seconds_integer>
Configure the background scanner interval (in seconds) for next-hop route scanning. The range is from 5 to 60.
60
synchronization {enable | disable}
Only advertise routes from iBGP if routes are present in an interior gateway protocol (IGP) such as RIP or OSPF.
disable
Example
The following example defines the number of the AS of which the FortiGate unit is a member. It also defines an EBGP neighbor at IP address 10.0.1.2.
config router bgp
set as 65001
set router-id 172.16.120.20
config neighbor
edit 10.0.1.2
set remote-as 65100
end
end