Fortinet black logo

Handbook

Advanced routing

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:828155
Download PDF

Advanced routing

Use the following best practices for advanced routing when dealing with Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF).

Border Gateway Protocol (BGP)

If you are using BGP, it is recommended that you enable soft-reconfiguration. This has two benefits:

  • It allows you to perform ‘soft clear’ of peers after a change is made to a BGP policy.
  • It provides greater visibility into the specific prefixes learned from each neighbor.

Leave soft-reconfiguration disabled if your FortiGate does not have much unused memory. Soft-reconfiguration requires keeping separate copies of prefixes received and advertised, in addition to the local BGP database.

Open Shortest Path First (OSPF)

  • Avoid use of passive interfaces wherever possible.
  • Avoid use of virtual links to connect areas. All areas should be designed to connect directly to the backbone area.
  • Ensure that all backbone routers have a minimum of two peering connections to other backbone neighbors.
  • An entire OSPF domain should be under common administration.

Advanced routing

Use the following best practices for advanced routing when dealing with Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF).

Border Gateway Protocol (BGP)

If you are using BGP, it is recommended that you enable soft-reconfiguration. This has two benefits:

  • It allows you to perform ‘soft clear’ of peers after a change is made to a BGP policy.
  • It provides greater visibility into the specific prefixes learned from each neighbor.

Leave soft-reconfiguration disabled if your FortiGate does not have much unused memory. Soft-reconfiguration requires keeping separate copies of prefixes received and advertised, in addition to the local BGP database.

Open Shortest Path First (OSPF)

  • Avoid use of passive interfaces wherever possible.
  • Avoid use of virtual links to connect areas. All areas should be designed to connect directly to the backbone area.
  • Ensure that all backbone routers have a minimum of two peering connections to other backbone neighbors.
  • An entire OSPF domain should be under common administration.