Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
tgirard
Staff
Staff

Created on ‎09-18-2024 07:12 AM Edited on ‎09-18-2024 07:55 AM By Moderator

Article Id 342191

Technical Tip: SD-WAN/ADVPN: Behavior of the BGP session when using dynamic BGP between 2 spokes

Description This article describes the behavior of the dynamic BGP session between 2 spokes for SDWAN/ADVPN 2.0.
Scope Available from FortiOS 7.4.2.
Solution

Starting from FortiOS 7.4.2, SD-WAN/ADVPN 2.0 can establish a dynamic BGP session over a shortcut. This is available for BGP on Loopback ADVPN design and no longer requires the BGP route reflection being configured in the Hub.

Consider a typical network where 2 spokes have 2 uplinks to the Hub.

 

topology.PNG

 

Once the first shortcut is established, the BGP session will run between both loopback addresses over this shortcut as shown below:


firstshortcut.PNG

 

Should this shortcut come out of SLA, a new shortcut will be established, bypassing the out-of-SLA link.

 

newshortcut.PNG

 

User traffic will move over this new shortcut, but the dynamic BGP session will stay on the initial shortcut.

Should the link stay out of SLA for a time greater than the shortcut idle expire timer, the initial shortcut will be flushed and the dynamic BGP session will move to the new shortcut.
438
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.