Explorer

Question

ADVPN IBGP Advertisement & Overlay Cross connect issue

Forum|Forum|2 years ago
March 24, 2024
4 replies
3146 views

Hi everyone,

I'm encountering a strange issue and I need some help.

I have two spoke sites and one hub in my network. The design involves Active Internet 1, Active Internet 2, and Backup Internet 3. I've noticed that the hub site is advertising the best routes, originating from other spokes' Internet 1 and Internet 2, to the backup BGP peer. This is causing routing issues and incorrect shortcuts.

However, I managed to find a solution to prevent this by configuring a community on the hub. Now, whenever the hub receives subnets from the backup with a certain community, it will only advertise them to other backup spoke circuits with the same community and deny anything else.

But now, I'm trying to advertise all paths to the spokes, not just the best one. Is there any way I can achieve this?

I've configured IBGP multipath with the "adv-multipath" command, but I've noticed that this command only advertises the best routes from the routing table of the hub, not the least preferred routes. Therefore, I need to advertise the least preferred routes as well.

FortiGate

rtanagras

Staff & Editor

Hi @Matrix - I'm not sure if this is possible, but you could consider adding weight to influence the route selection in spokes. In the Hub, each Internet connection has a different weight (lower value for less preferred routes), and in the Spokes, you could configure them to prefer routes with lower weights to ensure that the spokes prioritize only the lowest weight route but still receive information about other paths (higher weights).

Reference: https://community.fortinet.com/t5/FortiGate/Technical-Tip-BGP-weight-attribute-in-redistribution-scenario/ta-p/198389

MatrixAuthor

Explorer

Hi Ricky
I found a topic about my issue, but instead of 2 circuits I have 3 and the last one is backup, unfortunately, when we do a failover Transport 3 establishes a tunnel with another spoke Transport 2 , and all of this happened because of the routes are coming to the spoke Transport 3 with next hop of the Transport1 and Transport2 of another spoke .

Here is the Reference https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-deny-advertising-BGP-routes-with-a-next-hop/ta-p/245013
i will apply it tomorrow hope it works.

MatrixAuthor

Explorer

Hi Ricky
My issue still persist, its a weird one.
On my spoke sites I have 3 BGP peers T1 , T2,T3 whenever i take down T2 tunnel T1 should be the only one working but for some reason, T3 BGP started to kick in and egress some traffic i configured weight on the peers so T1 80000 , T2 80000 , T3 60000 but T3 is still egressing traffic ???

MatrixAuthor

Explorer

Does anybody have an idea, i reached out to Forti Tac they couldn't find any issues! any expertise here that could help fix this or faced the same issue before?

praneeth92

New Member

Hi Matrix,

Have you resolved this?

g748437

Visitor III

@Matrix did you find a solution? I am facing something similar. I have 1 HUB and 2 spokes with 2 ISPs connections each. Created ADVPN1 and ADVPN2 on the HUB. So far the HUB ADVPN1 advertise the correct next hop to the Spokes but ADVPN2 advertises the the next hop of ADVPN1 , creating 2 shortcuts with the same next hope so really I have only one useable shortcut.

Please share any recommendation.

Thanks

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded