Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jasonwinters
New Contributor

Seeking BGP Verification

The company I work for will be purchasing a redundant internet connection, as they have been moving services to the cloud.

The company has services in AWS which are accessed via duel IPSEC VPN tunnels for redundancy.

 

With the addition of an additional Internet connection I was hoping some experienced eyes could have a look over my proposed BGP config to verify it will fit the bill.

 

A diagram of the connectivity is attached, essentially we will have 2 internet connections with 2 IPSEC tunnels using BGP to AWS over each Internet link.

 

BGP

config router prefix-list
    edit "AWS_Prefix_List"
        config rule
            edit 1
                set action permit
                set prefix <x.x.x.x> <x.x.x.x>
                unset ge
                unset le
            next
            edit 2
                set action permit
                set prefix <x.x.x.x> <x.x.x.x>
                unset ge
                set le 32
            next
            edit 3
                set action deny
                set prefix 0.0.0.0 0.0.0.0
                unset ge
                unset le
            next
        end
    next
end

config router route-map
    edit "RMAP_IN_Primary"
        config rule
            edit 10
                set set-local-preference 500
            next
        end
    next
    edit "RMAP_IN_Secondary"
        config rule
            edit 10
                set set-local-preference 400
            next
        end
    next
    edit "RMAP_IN_Tertiary"
        config rule
            edit 10
                set set-local-preference 300
            next
        end
    next
    edit "RMAP_OUT_Secondary"
        config rule
            edit 10
                set set-aspath "<xxxxx> <xxxxx>"
            next
        end
    next
    edit "RMAP_OUT_Tertiary"
        config rule
            edit 10
                set set-aspath "<xxxxx> <xxxxx> <xxxxx>"
            next
        end
    next
    edit "RMAP_OUT_Quaternary"
        config rule
            edit 10
                set set-aspath "<xxxxx> <xxxxx> <xxxxx> <xxxxx>"
            next
        end
    next
end

config router bgp
    set as <xxxxx>
    set router-id <x.x.x.x>
    config neighbour
        edit "<x.x.x.x>"
            set route-map-in "RMAP_IN_Primary"
            set remote-as <xxxxx>
            set prefix-list-out "AWS_Prefix_List"
        next
        edit "<x.x.x.x>"
            set route-map-in "RMAP_IN_Secondary"
            set route-map-out "RMAP_OUT_Secondary"
            set remote-as <xxxxx>
            set prefix-list-out "AWS_Prefix_List"
        next
        edit "<x.x.x.x>"
            set route-map-in "RMAP_IN_Tertiary"
            set route-map-out "RMAP_OUT_Tertiary"
            set remote-as <xxxxx>
            set prefix-list-out "AWS_Prefix_List"
        next
        edit "<x.x.x.x>"
            set route-map-out "RMAP_OUT_Quaternary"
            set remote-as <xxxxx>
            set prefix-list-out "AWS_Prefix_List"
        next
    end
end

 

 

0 REPLIES 0
Labels
Top Kudoed Authors