Routing Monitor and Route Attributes
A Routing Monitor provides real-time information about routing tables, including active routes, their next-hop addresses, and their associated metrics. This tool allows administrators to track how routes are being utilized, ensuring that traffic is taking the most efficient path.
Route Attributes refer to the characteristics that define how routing protocols evaluate and prioritize routes. These attributes include factors like metric (used to determine the best path), prefix length, administrative distance, next hop, and protocol-specific properties. Understanding these attributes helps administrators fine-tune routing protocols like OSPF, BGP, or RIP for optimized traffic distribution and redundancy.
Introduction
Understanding how traffic routes through a network is crucial for effective network management, especially when managing multiple networks (such as internal networks) and gateways (such as Internet Service Providers). FortiGate’s Routing Monitor and Route Attributes offer valuable insights and controls that allow you to fine-tune your network’s behaviour. In this article, we will guide you through FortiGate’s Routing Monitor interface, explain how to interpret key route attributes, and demonstrate how to leverage this information to optimize network performance.
What is FortiGate Routing Monitor?
For each session, FortiGate performs a routing table lookup twice. First, it checks the routing table to determine the most appropriate route for the traffic. Then, it performs another lookup to ensure the correct forwarding behaviour based on any changes or dynamic routing adjustments. This dual lookup process helps maintain efficient traffic management and network performance.
- For the first packet sent from sender
- For the first replay packet coming from responder
The session table stores routing information. This ensures that each session has access to up-to-date routing details, allowing the FortiGate device to efficiently process traffic and maintain optimal performance.
More information about routing you can find on the link. For the FortiGate Static Routes, you can check the article.
Routing Protocols on FortiGate Device
FortiGate support the following Dynamic Routes protocols:
- Routing Information Protocol (RIP)
- Open Shortest Path First (OSPF)
- Border Gateway Protocol (BGP)
- Intermediate System to Intermediate System (IS-IS) → is not listed on my firmware (v6.0.13)
If you are not able to see these protocols on your device, you can enable them. How to enable these protocols (hidden features), you can check at the following link.
FortiGate Routing Monitor
The Routing Monitor on FortiGate provides a real-time view of your routing table, displaying the active routes for your traffic. This tool offers clear visibility into how the firewall forwards packets based on IP destinations. This allows administrators to easily identify prioritized routes and troubleshoot routing issues effectively. By leveraging this tool, you can ensure optimized traffic flow and address potential network problems before they escalate.
- How to Access: The Routing Monitor is accessible via the FortiGate GUI by navigating to
Monitor->Routing Monitor. - Key Interface Details: It displays details like destination IP, gateway, interface, and metric, which can all help in analysing routing decisions.
Understanding Route Attributes
Route attributes are essential for determining the path selection for traffic within FortiGate. The Routing Monitor displays attributes like administrative distance, priority, and metric, which determine the primary routes and backups.
- Administrative Distance (AD): The AD represents the trust level for different routing protocols. A lower AD value is more trusted and thus preferred.
- Priority: Routes can be assigned priority values to specify which route should be used when multiple routes are available.
- Metric: This value typically represents the ‘cost’ of a route, with lower metrics being preferred.
In my case, the routing attributes are not displayed due to outdated firmware.
Key Scenarios: How Route Attributes Affect Traffic Flow
Different route attributes play a role in how traffic is routed, especially in complex networks with multiple gateways or VPN connections. Here are a few scenarios:
- Load Balancing and Redundancy: FortiGate can route traffic based on priority and metrics for load balancing or backup paths.
- Failover Situations: When a primary route fails, routes with higher AD or lower priority are used, ensuring consistent connectivity.
- Policy-Based Routing (PBR): By combining PBR with route attributes, specific traffic can be directed through preferred gateways, optimizing latency-sensitive applications. If you have a two internet links (A and B) you can route packets from low-priority source IPs on A and packets from high-priority sources on B link.
- More granular matching than static routes based on protocol, source address, source ports, type of service (ToS) bits and destination ports.
- Policy-Based Routing (PBR) have precedence over the routing table (maintained in a separate routing table)
- Internet Services Routing
- Route well-known Internet services through specific WAN Interface
FortiGate uses attributes such as Distance, Metric, and Priority to make route selection decisions.
Route Attribute: Distance
If the multiple routes for the same destination exist, the one with the lowest distance will be active. To check it open Monitor → Routing Monitor
The following shows the default distance (preference) settings on a FortiGate (configurable for all types except direct interfaces) :
| Route | Distance |
|---|---|
| Directly connected | 0 |
| DHCP Gateway | 5 |
| Static routes | 10 |
| External BGP (EBGP) routes | 20 |
| OSPF routes | 110 |
| RIP routes | 120 |
| Internal BGP (IBGP) routes | 200 |
Route Attribute: Metric
If the multiple dynamic routes have the same distance, then the metric is used for selection process. The route with the lowest metric is chosen.
The calculation method differs for different routing protocols.
Route Attribute: Priority
When multiple static routes share the same distance, they all remain active, but the route with the lowest priority is chosen as the best path.
Configuring and Troubleshooting Route Attributes in FortiGate
You can configure these attributes within the Network -> Static Routes section or by using CLI commands to gain finer control. To troubleshoot, check the Routing Monitor to confirm active routes and analyze why specific routes are preferred over others.
- Using CLI for Custom Configurations: Commands like
get router info routing-table allprovide detailed routing tables and can help diagnose routing issues. - Troubleshooting Tips: Checking administrative distance, priority, and metrics can reveal misconfigurations or unintended route selections.
fgt # get router info routing-table all
Routing table for VRF=0
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [5/0] via xxx.xxx.xxx.xxx, wan1
C /30 is directly connected, wan1
S 192.168.10.0/24 [4/0] is directly connected, to1
S 192.168.11.0/24 [10/0] is directly connected, to1
S 192.168.19.0/24 [10/0] via 192.168.20.112, internal
C 192.168.20.0/24 is directly connected, internal
Conclusion
The Routing Monitor and route attributes on FortiGate are vital tools for network administrators who aim to streamline traffic flow and enhance network resilience. By gaining a deeper understanding of route attributes and making necessary adjustments, administrators can optimize traffic management, reduce latency, and maintain better control over their network’s behavior. Furthermore, adjusting these attributes helps fine-tune routing processes to meet specific network requirements, ensuring improved overall performance and stability.
