Skip to main content
HS08
HS08
Visitor III
November 17, 2025
Question

BGP Route

  • November 17, 2025
  • 2 replies
  • 299 views

I have advpn with 1 hub and 5 spoke like below picture.

Each spoke have 3 connection to the hub, two using internet and one using dedicated wan.

Wan connection for each spoke use different vendor.

top.png

when i check bgp neighbor from the spoke, i can see below prefix for each connection.

WAN :

int1.PNG

Internet-2

int2.PNG

From above 3 picture we can see for wan there is only one prefix for each spoke subnet but 2 prefix for each spoke subnet for internet link.

Need help and advice here should we block all prefix on internet-1 for nexthop 10.10.111.xxx and block all prefix for nexthop 10.10.112.xxx in internet-2?

Also if we see in the topology, let say there are initiate traffic from spoke1 to spoke2 and spoke 1 choose internet-1, it's possible the hub forward the traffic using internet2 and change the nexthop to 10.10.112.3?

2 replies

funkylicious
SuperUser
funkylicious
SuperUser
November 17, 2025

if you want to block all prefixes towards/from a particular BGP peer, i would recommend using communities while advertising prefixes from spokes, one for each link and then you can do a route-map to match that community and deny/block the prefixes.

as for the forwarding traffic using a certain link, this can be possible manually by doing a policy route otherwise I would let SD-WAN select the appropriate link based on the SD-WAN policy youcreated/used toselect the traffic to go in or out.

i would look into https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-self-healing-with-bgp/559415/overview 

"jack of all trades, master of none"
HS08
HS08Author
Visitor III
November 18, 2025

hi @funkylicious 

What do you think, should i block all prefix with nexthop 10.10.111.xxx on BGP isp1, and block nexthop  10.10.112.xxx on BGP isp2?

Terms & ConditionsAccessibility statement