1.網路架構圖
2.建立BGP 鄰居關係
3.設定BGP Network
4.查看狀態
1.網路架構圖
2.建立BGP 鄰居關係
建立BGP Session 有個前提,預設必須要是直連,才可建立BGP,所以這邊先建立GRE通道
Fortigate-A 設定
Fortigate-A#config system gre-tunnel
edit "To-Fortigate-B"
set interface "wan1"
set remote-gw 2.2.2.2
set local-gw 1.1.1.1
next
Fortigate-A#config system interface
edit "To-Fortigate-B"
set vdom "root"
set ip 192.168.254.13 255.255.255.255
set type tunnel
set remote-ip 192.168.254.14 255.255.255.255
set snmp-index 10
set interface "wan1"
next
建立BGP
Fortigate-A#config router bgp
set as 65002
config neighbor
edit "192.168.254.14"
set remote-as 65001
next
end
config network
edit 1
set prefix 172.27.28.0 255.255.255.0
next
end
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
Fortigate-B 設定
Fortigate-B#config system gre-tunnel
edit "To-Fortigate-A"
set interface "wan1"
set remote-gw 1.1.1.1
set local-gw 2.2.2.2
next
Fortigate-B#config system interface
edit "To-Fortigate-A"
set vdom "root"
set ip 192.168.254.14 255.255.255.255
set type tunnel
set remote-ip 192.168.254.13 255.255.255.255
set snmp-index 10
set interface "wan1"
next
建立BGP
Fortigate-B#config router bgp
set as 65001
config neighbor
edit "192.168.254.13"
set remote-as 65002
next
end
config redistribute "connected"
end
config redistribute "rip"
end
config redistribute "ospf"
end
config redistribute "static"
set status enable
end
config redistribute "isis"
end
config redistribute6 "connected"
end
config redistribute6 "rip"
end
config redistribute6 "ospf"
end
config redistribute6 "static"
end
config redistribute6 "isis"
end
end
4.查看狀態
查詢BGP Peers是否建立成功
Fortigate-A#get router info bgp summary
BGP router identifier 192.168.254.21, local AS number 65002 BGP table version is 16 1023 BGP AS-PATH entries 0 BGP community entries Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.254.14 4 65001 42200 15109 15 0 0 1d08h05m 37508 Total number of neighbors 1
查看學到了哪些路由
Fortigate-B#get router info bgp neighbors 192.168.254.13 routes
BGP table version is 16390, local router ID is 192.168.254.14
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.27.28.0/24 192.168.254.13 0 0 65002 i
Total number of prefixes 1
查看廣播了多少路由出去
Fortigate-B#get router info bgp neighbors 192.168.254.13 advertised-routes
因為是透過GRE Tunnel如果遇到TCP MSS 需要調整,在Policy上進行修改
Fortigate-B#config firewall policy
edit 99
set uuid c28674ee-1fe3-51ea-97cc-2c097871c32d
set srcintf "XXXXXX"
set dstintf "XXXXXX"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set tcp-mss-sender 1400
set tcp-mss-receiver 1400
set nat enable
set ippool enable
set poolname "CN2-1"
next
end
soft reset BGP route 指定鄰居
Fortigate-B#execute router clear bgp ip soft 192.168.254.13