Hi all, I've got a customer with a lot of transit circuits as well as vpn redundancy configured today, but adding prefixes is pretty painful with all the fortigates. I'm exploring using OCVPN or ADVPN along with extending BGP to the Fortigates to ease dealing with new routes and failover paths here.
I've ready everything I can find on OCVPN+BGP, there isn't a whole lot of detail how BGP works around it, other than the docs out there indicate it seems to use an IBGP mesh with the hubs being route reflectors. ADVPN docs indicate using EBGP between sites, which is really what I'm looking for to use EBGP between sites in general internally vs IBGP and needing to use reflectors. I just don't know if I can leverage OCVPN and EBGP that every hub/spoke site would be a new private ASN.
What is the preferred method of deploying BGP with OCVPN around either of these as an upgrade/replacement for traditional prefix-based tunnels? Is there a recommendation for/against OCVPN or ADVPN in these situations?
Ideally we're moving away from circuits and more toward sdwan, so a need for real dynamic routing is at hand. It's really just 5 sites, but a lot of prefixes, and traditional vpn today is pretty messy with phase2 exchanges. Ideally every site and layer is EBGP to each other and between layers and as dynamic as possible.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.