BGP Local Preference
Local Preference
I needed to use BGP to advertise the networks in a multi-site network, with FortiGates acting as routers at each site. Using iBGP we configured the Primary Subnet at the Primary Date Center to also be advertised by the DR Data Center. However, because the workload would only be active at the Primary DC - until an actual DR event happened - we needed to ensure that traffic for that subnet would only be routed to the Primary DC.
Reviewing the documentation I determined that modifying the Local Preference was the best option to configure.
In the FortiGates, we created a BGP Route Map, added a rule and used the command set set-local-preference 200
. This route map is then applied to the neighbour defined as the Primary Site - by using the set route-map-in “<BGP Rule Name>”
.
The default Local Preference assigned to iBGP routes, on FortiGates, is 100. So we needed to increase the preference on the Primary Site neighbour, so that it would route to that host. By modifying this value all the BGP information is still being propagated to all the sites, but the FortiGates will exclude the lower preference sites from the routing table, while the route to the high preference sites are up.
One other thing I ran into while testing this was route-map-in
versus route-map-out
.
We already had route-map-out
values configured on the neighbours, I didn’t notice the distinction, initially, so I was scratching my head trying to figure out why the route-map wasn’t modifying the BGP Table.
The route-map-out
doesn’t process the Local Preference value, because the out
is for modifying outbound BGP information.
Local Preference only modifies incoming data - so it needs to be applied via set route-map-in
.
Speaking of the BGP Table, on FortiGates you can see the table by running get router info bgp networks
.
As you make changes to the BGP config, you will need to refresh the table, you do that by clearing the neighbours:
exe router clear bgp ip <neighbour-ip> soft
If you can handle a network disruption you can run this command:
exe router clear bgp ip <neighbour-ip>
This one isn’t recommended on production gear during business hours, but maybe you really do need to do it…