Hi,
It seems the FortiGate is marking BGP routing traffic with TOS Hex (tos=ff/ff) which seems to be not getting preserved causing BGP dropouts during high link usage.
Is there a way to tag BGP traffic ? I tried creating a shaper matching port 179 but that didnt help.
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You may find both of these resources useful:-
https://docs.fortinet.com/document/fortigate/7.0.5/administration-guide/672387/using-bgp-tags-with-s... -> Binding BGP tags with SDWAN rules.
SD-WAN rules can use BGP learned routes as dynamic destinations.
https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/380145/configuring-sd-wan-ru... -> On the SDWAN rules, you can specify the TOS value
Hi @jiahoong112 Thanks for sharing. Yes those are good references for SDWAN with community and TOS marking. But I am looking for a plane BGP routing marked with CS6 with high priority so that the peering stays up even in case of high link utilization. Fortigate seems to be marking it with tos=ff/ff which seems to be not preserved. A manual shaper setting DSCP and reserving bandwidth is not helping.
BGP control plane traffic is not matching or getting remarked to DSCP CS6 and there should be something which I am missing in the configuration.
Actually, those are using BGP dynamic routing in an SDWAN configuration. My thought process of linking both documents is because you can configure SDWAN Rules to use BGP routing whilst using the TOS marking on those SDWAN rules, which in a way, might achieve what you're seeking. I personally have not tested this myself.
Yes you are correct in marking DSCP via SDWAN network. I am looking for peer to peer (CE-PE) routing protocol control traffic preservance. Fortigate seems to be not tagging it with CS6 why is why peering drops.
I'm incredibly impressed with your post because it has caught my curiosity so much. I anticipate seeing more fantastic posts. geometry dash
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.