Skip to main content
BM-IS26
BM-IS26
New Member
March 16, 2026
Question

Hub to Hub traffic ADVPN 2.0 (dual hub, single region)

  • March 16, 2026
  • 1 reply
  • 237 views

Hello,

 

I am wondering what the best practice is for hub to hub communication in an ADVPN 2.0 Dual Hub set up.

 

The hubs are geographically separated and will be advertising their own IP space into the overlay.

 

We're doing BGP per loopback. Normally with route reflectors, I just do an iBGP peering as non route-reflector clients.

 

My thought was to create separate IPSEC tunnels, place them in a different SD-WAN Zone and peer via iBGP. There will absolutely be traffic between these two sites.

1 reply

akileshc
Staff
akileshc
Staff
March 17, 2026

Hi,

 

Just to clarify in the context of ADVPN 2.0 — most of the enhancements like edge discovery and path management are focused on spoke-to-spoke shortcut optimization, not hub-to-hub traffic.

 

For hub-to-hub communication, best practice is still to use dedicated IPsec tunnels to ensure predictable and stable routing. Shortcuts in ADVPN 2.0 are not intended for hub-to-hub paths.

 

ADVPN 2.0 simplifies the overall design by removing dependency on complex BGP constructs (like RR, per-overlay routing, etc.), since spokes now intelligently select paths based on real-time link metrics and can even build multiple shortcuts for load balancing. [Ref:https://docs.fortinet.com/document/fortigate/7.6.6/administration-guide/637049/advpn-2-0]

 

Regards,

Terms & ConditionsAccessibility statement