Hi all, I've got a customer with a lot of transit circuits as well as vpn redundancy configured today, but adding prefixes is pretty painful with all the fortigates. I'm exploring using OCVPN or ADVPN along with extending BGP to the Fortigates to ease dealing with new routes and failover paths here.
I've ready everything I can find on OCVPN+BGP, there isn't a whole lot of detail how BGP works around it, other than the docs out there indicate it seems to use an IBGP mesh with the hubs being route reflectors. ADVPN docs indicate using EBGP between sites, which is really what I'm looking for to use EBGP between sites in general internally vs IBGP and needing to use reflectors. I just don't know if I can leverage OCVPN and EBGP that every hub/spoke site would be a new private ASN.
What is the preferred method of deploying BGP with OCVPN around either of these as an upgrade/replacement for traditional prefix-based tunnels? Is there a recommendation for/against OCVPN or ADVPN in these situations?
Ideally we're moving away from circuits and more toward sdwan, so a need for real dynamic routing is at hand. It's really just 5 sites, but a lot of prefixes, and traditional vpn today is pretty messy with phase2 exchanges. Ideally every site and layer is EBGP to each other and between layers and as dynamic as possible.
Thanks in advance!
Solved! Go to Solution.
Hello mb,
I found this documentation:
Could you please tell me if it helps?
Regards,
Hello mb,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello mb,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Hello mb,
I found this documentation:
Could you please tell me if it helps?
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.