Is there any way to tell BGP to deprioritize routes learned via a route reflector and prefer a route learned from a BGP peer that's one hop away?
The setup I have is that there are two hub sites (call them HQ1 and HQ2) with many spokes that each have a VPN connection to both hubs and the hubs have a VPN to each other. There are resources in both HQ sites that all spokes should be able to access but the spokes don't need to talk to each other. All routers are part of the same AS. What I would like is for each site to prefer to route traffic via the most direct route, and in the case that a VPN is down to route around the failure.
Setting each HQ site as a route reflector for each spoke neighbor allows almost everything to work as desired, but if I then want to also advertise those routes to the other hub so they can be used to route around a failed connection they sometimes supersede the routes that already exist on that hub. It does this because the distance of advertised routes doesn't change depending on whether it's advertised by the router directly connected to the network or by a router acting as a reflector, despite the one hop to the directly connected one being a shorter path.
Is this something that can be modified? Would conditional advertisement or BGP multipathing solve my problem? Should I be using a different AS for each hub? Or should I start over with something less complex?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If this is only for your internal network, no BGP neighborings with ISPs, the simplest way is to make all routers' ASN unique in the private ranges (either 2-byte or 4-byte private ASN range) then all neighborings become eBGP.
With eBGP, if no other metrics are different, the route with the shortest AS path length would be chosen. So 1 hop would win over 2 hops.
Toshi
Since iBGP learned routes are not advertised another iBGP neighbor, a special mechanism like route reflectors is necessary when hub1 router needs to advertise those remote routers' routes to hub2. With eBGP, you don't have to worry about those while all BGP routes can be advertised to any eBGP neighbors.
Thanks for the suggestions, but I ended up reconfiguring the sites using OSPF instead and so far it's been a significant improvement, decreasing both configuration complexity and convergence speed. I think my BGP idea was flawed to begin with.
You can set cluster-id on the hubs. They pretty much mimic as-path for ibgp. Any time a route passes through a cluster , the cluster-id is added to the route.
You would require route-reflector between hubs as well. But would also require a lot of route-maps to clean up the routing table.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.