Is there possibility to use VRRP IP address as BGP endpoint

Question

Hi, We are planning to run VRRP on vlan interfaces between two fortigate and is there possibility to use VRRP IP address as BGP endpoint?

Benoit_Rech_FTNT · Answer

[ul]Hello Dees,[/ul]Using BGP and VRRP won't work properly in case of failover. Indeed, the BGP establishment will be up and running on the first FortiGate, but the BGP context are not synchronized between the FortiGate. If you are running in HA (FGCP or FGSP), then the routes will be synchronized, but not the BGP information. Generally, the best solution to have a good failover time using BGP is : * run FortiGate in HA (FGCP or FGSP) * enable session synchronization (if you want a stateful failover with a continuity of the TCP sessions) * enable BGP Graceful-Restart on the FortiGate and the remote-peer. * tune the route-ttl (under config system ha) to have the traffic going through the slave unit without interruption after the failover, while the BGP graceful-restart is going on. This is document in HA documentation, and in KB: https://kb.fortinet.com/k....do?externalID=FD31743Best regards,Benoit

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded