ADVPN 2.0 was introduced in FortiGate 7.4.2 onwards to overcome the weaknesses of ADVPN1.0 when configured with SD-WAN.
ADVPN2.0 focuses on edge discovery and path management
In Edge Discovery, the following is added:
- The shortcut-query must be delivered to the remote node through any available path.
- The shortcut-reply is extended (with remote spoke’s participating links & health-checks and transport-groups).
Transport Groups are added to each member under the SD-WAN configuration. Members of the same transport group can create shortcuts with each other.
config system sdwan config zone edit <zone-name> set advpn-select {enable | disable} <----- Enable means ADVPN2.0 is enabled. set advpn-health-check <health-check name> <----- This health check information is sent to other spokes in shortcut-reply. next end
config members edit <integer> set transport-group <integer> <----- Transport group ID can be added here. next end
config service edit <integer> set shortcut-priority {enable | disable | auto} <----- Enable or disable the option to prioritize ADVPN shortcuts over overlay parent interfaces when SLA mode or link cost factor mode conditions are met. next end end
In Path Management, the following is added:
- path selection is determined by combining local information, remote information, and the SD-WAN rule mode (sla, priority).
Based on the information received by all links on other spokes, local spokes choose a path with which to create shortcuts.
To check what information is being sent by remote Spoke, use the 'diagnose sys sdwan advpn-session' command:
This command gives the following:
- Selected path per service ID.
- Information about selected local interface and remote IP (underlay and overlay).
- This can change as health information is updated.
Related documents: ADVPN2.0 Admin Guide ADVPN2.0 New features
Technical Tip: How ADVPN 2.0 is different from ADVPN 1.0 |