- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate HA Cluster + BGP Dual WAN cenario to same ISP and AS
Hello,
I have been trying to implement an HA Cluster with dual WAN load balancing. Local Fortigates have the same AS, and the ISP neighboors too.
I am not adding any metrics since it was told by ISP that CORE would do load balancing.
The problem is, it is only possible to have 1 established BGP session at the same time. The other one stays allways on mode active unless the previous session disconnects. Is there any command to issue the Cluster to have 2 sessions the same time? Or maybe the problem is with the Core peers (Loop prevention?)
What happens:
FW_GOPACA_185257_SEC # get router info bgp summary
BGP router identifier X1, local AS number 65081
BGP table version is 2
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
X1 4 2860 11646 13308 1 0 0 2d00h30m 1
X2 4 2860 0 0 0 0 0 never Active
Total number of neighbors 2
FW_GOPACA_185257_SEC #
Note: Both fortigates connect via WAN 1 and WAN 2 to ISP primary and secundary given address. VLANs where checked and tested on local switchs. HA mode is OK and in mode Active-Passive. Route-map is only used to announce a prefix-list to core.
Configs bellow:
config router bgp set as 65081 set router-id X1 set ebgp-multipath enable config neighbor edit "X1" set remote-as 2860 set route-map-out "ToNOS" set send-community6 disable set password ENC LCPzRWp+p/ceSAfwuI2vb+XhC/rzW1pNOUXI1kKhZM739msCdrHpko5QANMDC3l40zLyH1s+MJr9my/gbh0Dto3e3iK9ixfwvnb4cnGKQPbz5qLa8DCgt0XUMO5FPKpZUqJXz2LgrjERXLmk+VDkAgiBFz7lrDnb3kUG/a/6JGHP1bz7C3jXh+WosWzxsdsUvK7eqg== next edit "X2" set remote-as 2860 set route-map-out "ToNOS2" set send-community6 disable set password ENC FJvnjaxbejVQLUhx05KNfkJcSK7IpjP/nvIX/L0xGaszNlfMCSv5nv1LZgVO3ZERSFEDXkzIusjnikkyt/f+Oc+ccP7Blt+Y78DH64ImuAioVXYVtAgddmakXhh562WrnNwW9FpDEodqF2x7kn3OHhxrkAwj5Sh86veT4AnTwH70cJWtj7GQSS6C0/Nw31HjImFwSQ== next end
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Turned out that i find a way to fix it. There were misconfiged switches on local network.
Now i get the following routing table:
FW_GOPACA_185257_SEC # get router info bgp network
BGP table version is 4, local router ID is 88.157.162.166
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0/0 88.157.156.1 0 0 2860 174 i
* 88.157.162.165 0 0 2860 174 i
*> 195.23.50.72/29 0.0.0.0 100 32768 i
Total number of prefixes 2
It turns out the the first hop is being prefered over the second one. How can i fix it in order to both hops become prefered?
Thank you