How The Routing Table Is Built; How Routing Decisions Are Made; Multipath Routing And Determining The Best Route - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Routing concepts
How the routing table is built
How routing decisions are made
Multipath routing and determining the best route
336
•
Blackhole Route
In the factory default configuration, the FortiGate routing table contains a single static
default route. You can add routing information to the routing table by defining additional
static routes. The table may include several different routes to the same destination—the
IP addresses of the next-hop router specified in those routes or the FortiGate interfaces
associated with those routes may vary.
The FortiGate unit selects the "best" route for a packet by evaluating the information in the
routing table. The best route to a destination is typically associated with the shortest
distance between the FortiGate unit and the closest next-hop router. In some cases, the
next best route may be selected if the best route is unavailable. The FortiGate unit installs
the best available routes in the unit's forwarding table, which is a subset of the unit's
routing table. Packets are forwarded according to the information in the forwarding table.
Whenever a packet arrives at one of the FortiGate unit's interfaces, the unit determines
whether the packet was received on a legitimate interface by doing a reverse lookup using
the source IP address in the packet header. If the FortiGate unit cannot communicate with
the computer at the source IP address through the interface on which the packet was
received, the FortiGate unit drops the packet as it is likely a hacking attempt.
If the destination address can be matched to a local address (and the local configuration
permits delivery), the FortiGate unit delivers the packet to the local network. If the packet
is destined for another network, the FortiGate unit forwards the packet to a next-hop router
according to a policy route and the information stored in the FortiGate forwarding table.
For more information, see
Multipath routing occurs when more than one entry to the same destination is present in
the routing table. When multipath routing happens, the FortiGate unit may have several
possible destinations for an incoming packet, forcing the FortiGate unit to decide which
next-hop is the best one.
Two methods to manually resolve multiple routes to the same destination are to lower the
administrative distance of one route or to set the priority of both routes. For the FortiGate
unit to select a primary (preferred) route, manually lower the administrative distance
associated with one of the possible routes.
Administrative distance is based on the expected reliability of a given route. It is
determined through a combination of the number of hops from the source and the protocol
used. More hops from the source means more possible points of failure. The
administrative distance can be from 1 to 255, with lower numbers being preferred. A
distance of 255 is seen as infinite and will not be installed in the routing table. Here is an
example to illustrate how administration distance works—if there are two possible routes
traffic can take between 2 destinations with administration distances of 5 (always up) and
31 (sometimes not available), the traffic will use the route with an administrative distance
of 5. Different routing protocols have different default administrative distances. The default
administrative distances for any of these routing protocols are configurable.
"Policy Route" on page
351.
FortiGate Version 4.0 MR1 Administration Guide
Router Static
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
Advertisement
Table of Contents
