I have a below setup.
Spoke locations: Single WAN link sites (Single Underlay) & Dual WAN link sites (2 Underlay)
Hub location: Single Hub with Dual WAN link
Single Underlay sites having 1 Overlay to Hub location
Dual Underlay sites having 2 Overlay to Hub location
I have a ADVPN with SDWAN setup, spoke-to-spoke communication is happening via shortcut tunnel.
In this case some fail-over scenarios are there between spoke-to-spoke communication,
Single Underlay Site - Overlay 1 is UP
Dual Underlay site - Overlay 1 is down (WAN 1 down) but Overlay 2 is UP (WAN 2)
But communication between these sites are not happening via Criss-Cross tunnel.
Question:
How to achieve this communication (Criss-Cross tunnel)?
Fail-over: As per TAC, Its not possible
I want to cheek anyone achieved this solution or design or not, If possible how it is done?
anyone having any idea? Need your suggestion.
Hi @KD_IFDU,
If wan1 is down, traffic should flow through wan2. Can you make sure that both tunnels appear in the routing table by running "get router info routing-table all".
Regards,
In the Dual WAN link site (Consider Branch2), WAN1 is down due to that Overlay1 down and learning about the single WAN link sites LAN subnet (Consider Branch1) via Overlay2
But on other side Branch1 WAN1 is UP, so Overlay1 is UP and there is no Overlay2 here, this is learning about Branch2 LAN subnet via Overlay1.
(Overlay1 via WAN1 & Overlay2 via WAN2 is built for all the sites)
Hub side (acting as RR in IBGP), SDWAN setup is done like, Overlay1 is primary for all the spoke-to-spoke communications, Overlay2 is secondary.
Routing details.
Branch1: Learning the Branch2 subnet via Overlay2
Branch2: Learning the Branch1 subnet via Overlay1
This is how I was learning the routing information.
Please provide a network diagram if possible. If I understand correctly, Branch1 only has 1 wan connection and one IPsec tunnel? It should have 2 tunnels to each wan interfaces of the hub.
Regards,
Are you advertising all the overlay subnets from hub so that recursive lookup happens for next hop
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.