The content you are looking for has been archived. View related content below.
Description | This article describes how to apply the 'additional-path-select' and 'adv-additional-path' under BGP settings on the ADVPN scenario. |
Scope | ADVPN scenario on FortiGate v6.4.0, v7.0.0, v7.2.0 and later. |
Solution |
Consider the following scenario:
------ MPLS ---- ------ MPLS ----
B00_FG1-HUB # show router bgp config neighbor-group
B00_FG1-HUB #
After BGP is established over the VPNs, the HUB will only select one path for each prefix on spokes:
However, when the prefix is advertised to the other spoke, the HUB will select only the best path:
For prefix 192.168.102.0/24 there are 3 paths displayed.
'*' means the path is installed into the local RIB. '>' means the path is selected to advertise to peers.
This will cause Spoke1 to see the same next-hop through the 3 VPN tunnels for the BGP route:
B01_FG-SPOKE1 # get router info routing-table all ... B 192.168.102.0/24 [200/0] via 172.16.30.3 [3] (recursive is directly connected, HUB_ISP1_0), 00:27:54, [1/0]
To allow the HUB to advertise the 3 paths for the prefix to Spokes, it is necessary to enable the settings 'additional-path-select' and 'adv-additional-path' under BGP settings. On the HUB side:
B00_FG1-HUB: config router bgp
Under each neighbor:
B00_FG1-HUB (bgp) # config neighbor-group
B00_FG1-HUB (neighbor-group) # edit HUB_ISP2
B00_FG1-HUB (neighbor-group) # edit HUB_MPLS
With the above configuration, the HUB selects now the 3 paths to be advertised:
On Spoke side, enable the same parameters:
B01_FG-SPOKE1 (bgp) # config neighbor B01_FG-SPOKE1 (neighbor) # edit 172.16.30.1
B01_FG-SPOKE1 (neighbor) # edit 172.16.31.1
B01_FG-SPOKE1 (neighbor) # edit 172.16.32.1 B01_FG-SPOKE1 (bgp) # end
Verification: Now, on the Spoke1 side, the routing-table the three paths for prefix 192.168.102.0/24:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.