Greetings
I got this scenario where on the Headquarter office i got, 1 internet service, 1 MPLS p2p link to Data Center and 1 satellite link for DRS. Through the MPLS, I also route Internet access using the internet service on the Data Center. All this link are member of a SD-WAN zone. I create 2 IPSec VPN using the main internet service and the DRS internet to reach the Data Center in case that my MPLS link fail. The VPN link are also member in the SD-WAN zone. On the Data Center I got direct routing to AWS and HQ can reach AWS through the MPLS link and the 2 VPNs.
On my first lab I use static route between HQ and DC and everything works fine. I got fail over to Internet working perfectly and the traffic going to AWS fail over between MPLS and VPN just fine, Almost 0% packet lost (Lab environment).
Then i try using OSPF between HQ and DC using the MPLS and the 2 VPN link. Reachability works fine, OSPF neighborship are all up/full. But when I try fail over to DC, when my MPLS turn down, its fail over to my first VPN but it get a couple of packet loss. When the MPLS link get restore and it fail over back to the main link it also get packet loss. I implement BFD in the OSPF interface. Now when the MPLS link fail, I only get 2 packet loss and traffic goes to the 1st VPN. But when the MPLS link get restore it still get a couple of packet loss.
I didn't get this behavior when I use static route, on static route traffic switch fast, but using OSPF traffic do not switch as fast as in the static route scenario even with bfd enable.
What else could I do to tweak the configuration so that the traffic switch faster on OSPF?
PD: Internet traffic work fine, only traffic going to DC.
Thank you for all the information you can give me.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @jm-barreto
Try referring the following document
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Timers-used-for-speedup-Convergence-Failov...
Regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.