I'm sure some expert will be able to help here - I'm struggling to find the right syntax.
Info - I have won the battle with the fortigate in terms of advertising a /32 to an upstream router, and it's currently on a VIP - use case is anycast for a VPN appliance behind the fortigate (don't ask, long story).
I have a link monitor setup and it's working and tested - very simple:
config system link-monitor
edit "vpn-sjc_check"
set srcintf "vlan.108"
set server "10.30.8.253"
set protocol https
set interval 1000
next
end
This works correctly. Goes down when the service behind is down.
Peer: 10.30.8.253(10.30.8.253)
Source IP(10.30.8.254)
Route: 10.30.8.254->10.30.8.253/32, gwy(10.30.8.254)
protocol: https(443), state: dead
I have a prefix-list and route-map for this:
config router route-map
edit "vpn-anycast"
config rule
edit 1
set match-ip-address "vpn-anycast"
unset set-ip-prefsrc
next
end
next
end
config router prefix-list
edit "vpn-anycast"
config rule
edit 1
set prefix 1.2.3.4 255.255.255.255
unset ge
unset le
next
end
next
end
What I'm struggling with is what do I do with these to make the advertisement disappear on the peer when the link-monitor is dead?
So examples I've seen say use conditional-advertise but I don't understand how to withdraw the route. Conditional advertise seems to only take an exist or non exist, but I want to remove the route if the link monitor is dead.
Appreciate any help.