Skip to main content
dave254
dave254
New Member
December 12, 2018
Solved

MPLS Failover

  • December 12, 2018
  • 1 reply
  • 4435 views

We have two offices each with a Fortigate 61E running FortiOS 5.6.2. We have two MPLS connections between the two offices. The IPS are as follows: Office 1 LAN: 10.0.4.0/24 Office 2 LAN: 10.0.5.0/24 Office 1 Provider 1 MPLS: 192.168.4.2/30 Office 2 Provider 1 MPLS: 192.168.5.2/30 Office 1 Provider 2 MPLS: 172.16.4.2/30 Office 2 Provider 2 MPLS: 172.16.5.2/30 I have created static routes on both Fortigates using the Provider 1 link and there is connectivity between the two offices. I now want to use the provider 2 as a redundant link. If provider's 1 link fails I want to switch to provider 2. How would I go about achieving this?

    Best answer by Toshi_Esumi

    Option1: use one of dynamic routing protocols. We use BGP for this kind of situation since it's easier to manipulate/filter prefixes. But it doesn't matter much which protocol you use if just two points connected each other.

    Option2: use two sets of static routes toward both MPLS links and one set has lower distance or priority. Then set up link-monitor over primary link and let the primary set of routes to go away when it goes down.

    Below is an example for internet failover but the same way would work for MPLS or VPN interfaces after understanding the concept and applying the same concept.

    https://cookbook.fortinet.com/redundant-internet-basic-failover-56/

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_EsumiAnswer
    SuperUser
    December 13, 2018

    Option1: use one of dynamic routing protocols. We use BGP for this kind of situation since it's easier to manipulate/filter prefixes. But it doesn't matter much which protocol you use if just two points connected each other.

    Option2: use two sets of static routes toward both MPLS links and one set has lower distance or priority. Then set up link-monitor over primary link and let the primary set of routes to go away when it goes down.

    Below is an example for internet failover but the same way would work for MPLS or VPN interfaces after understanding the concept and applying the same concept.

    https://cookbook.fortinet.com/redundant-internet-basic-failover-56/

    dave254
    dave254Author
    New Member
    December 14, 2018

    toshiesumi wrote:

    Option1: use one of dynamic routing protocols. We use BGP for this kind of situation since it's easier to manipulate/filter prefixes. But it doesn't matter much which protocol you use if just two points connected each other.

    Option2: use two sets of static routes toward both MPLS links and one set has lower distance or priority. Then set up link-monitor over primary link and let the primary set of routes to go away when it goes down.

    Below is an example for internet failover but the same way would work for MPLS or VPN interfaces after understanding the concept and applying the same concept.

    https://cookbook.fortinet.com/redundant-internet-basic-failover-56/

    Thanks for the info, I will test it out and get back with the results.

    Terms & ConditionsAccessibility statement