Skip to main content
HS08
HS08
Visitor III
March 11, 2025
Question

BGP Path

  • March 11, 2025
  • 1 reply
  • 434 views

I have topology like below pic, where i have 2 location and both location connected using advpn.

Also both location have vpn site to site to azure

1.jpg

From site-1 perspective the BGP status is connected to azure and site-2

2.jpg

but from route table why traffic from site-1 to azure is learned by site-2 (10.201.0.0/16) as best path?

since site-1 have direct connection to the azure why second path is not become best path?

3.jpg

1 reply

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
March 12, 2025

I'm not a big fan of ADVPN, and NOT knowledgeable about it. But I thought it must be caused by the route reflector ADVPN uses. Otherwise eBGP route: AD 20 should win over iBGP(ADVPN in the same AS) routes: AD 200. So, I simply searched Google "fortigate route-reflector's routes win over local eBGP routes" and got below AI answer.

"On a FortiGate device, routes learned through a BGP route reflector are generally preferred over locally configured eBGP routes, as route reflectors are designed to efficiently distribute routes within an Autonomous System"

If you want to change, you need to break ADVPN config and remove route-reflector config,  which should be simple in CLI.


Toshi


Terms & ConditionsAccessibility statement