BGP Route

HS08 · ‎11-17-2025

I have advpn with 1 hub and 5 spoke like below picture.

Each spoke have 3 connection to the hub, two using internet and one using dedicated wan.

Wan connection for each spoke use different vendor.

when i check bgp neighbor from the spoke, i can see below prefix for each connection.

WAN :

Internet-2

From above 3 picture we can see for wan there is only one prefix for each spoke subnet but 2 prefix for each spoke subnet for internet link.

Need help and advice here should we block all prefix on internet-1 for nexthop 10.10.111.xxx and block all prefix for nexthop 10.10.112.xxx in internet-2?

Also if we see in the topology, let say there are initiate traffic from spoke1 to spoke2 and spoke 1 choose internet-1, it's possible the hub forward the traffic using internet2 and change the nexthop to 10.10.112.3?

funkylicious · ‎11-17-2025

if you want to block all prefixes towards/from a particular BGP peer, i would recommend using communities while advertising prefixes from spokes, one for each link and then you can do a route-map to match that community and deny/block the prefixes.

as for the forwarding traffic using a certain link, this can be possible manually by doing a policy route otherwise I would let SD-WAN select the appropriate link based on the SD-WAN policy youcreated/used toselect the traffic to go in or out.

i would look into https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-self-healing-with-bgp/559415/overview

"jack of all trades, master of none"

HS08 · ‎11-17-2025

hi @funkylicious

What do you think, should i block all prefix with nexthop 10.10.111.xxx on BGP isp1, and block nexthop 10.10.112.xxx on BGP isp2?

BGP Route

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website