Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1967
Views
13
Helpful
20
Replies

L3out not receiving routes

Go to solution
JlassiAhmed0345
Level 1
Level 1

‎11-23-2023 01:24 PM

in my ACI fabric, I have an L3out BGP peering between  Border Leaf and a Fortinet Firewalls, my problem is that I don't receive the default route that is advertised by the firewall via the L3out, in the other hand in firewall I can see the routes of BD that are advertised by ACI . for further investigation related to the issue, I've checked the BGP peering is OK on the firewalls side as well as on the Border leaf, also I've checked the advertised routes from the firewalls towards ACI and I clearly see that there is a default route is advertised . on the ACI side, I've checked the BGP routing Table of the appropriate VRF and I cannot see any routes that come from the BGP peering except the routes of the local BD.  

as you see below the configuration of the external epg of the L3out 

JlassiAhmed0345_0-1700773415245.png

here is the Vzany contract that is provided by the external EPG

JlassiAhmed0345_1-1700773494637.png

here is the config of the vzany :

JlassiAhmed0345_2-1700773579502.png

here as you see the routes advertised by the firewall to ACI 

JlassiAhmed0345_3-1700773793666.png

here is the routing table of Border leaf : as you see i cannot received the default-route .

 

JlassiAhmed0345_5-1700773893938.png

please is there any idea concerning the issue?

 

 

Labels:
0 Helpful
20 Replies 20

Go to solution
M02@rt37
VIP
VIP
In response to JlassiAhmed0345

‎11-24-2023 11:36 PM - edited ‎11-24-2023 11:36 PM

Yes @JlassiAhmed0345 

As I said: That should explain why ACI Fabric (Border Leaf) drop that announce as loop prevention.

Ok, add a feature on FortiGate side, with this neighbor: add as-override

Clear ip bgp soft and tell me it LB receive this default route from FortiGate.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
JlassiAhmed0345
Level 1
Level 1
In response to M02@rt37

‎11-25-2023 07:59 AM

thank you M02@rt37  very much.

On Monday I will do what you propose and let you know about the result.

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to JlassiAhmed0345

‎11-25-2023 08:05 AM

You're very welcome @JlassiAhmed0345 

Yes, thanks for a feedback on Monday!

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
JlassiAhmed0345
Level 1
Level 1
In response to M02@rt37

‎11-27-2023 12:26 AM

Hello M02@rt37 

I tried to configure the AS-override on the firewall side but it's not working so I tried to configure Allow Self AS in the AC and then received the routes from the firewall.

 

Go to solution
M02@rt37
VIP
VIP
In response to JlassiAhmed0345

‎11-27-2023 12:47 AM

Perfect @JlassiAhmed0345 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
RedNectar
VIP
VIP

‎11-24-2023 01:40 AM - edited ‎11-24-2023 01:41 AM

Ooops - ignore

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License