We have MPLS connecting all of our sites and we just brought in secondary ISPs for backup.
I'm in the process of getting ADVPN set up between our main/hub site and a single spoke site.
For MPLS, we're using static routes back to the MPLS router.
On the spoke site, when I simulate a down - Fortigate removes all the routes (because of a link monitor) to that router, which is good because the BGP routes are there with a higher metric to take over.
However, on the hub site a link monitor or Performance SLA won't work because it would remove all routes for all sites instead of just the site that's down.
As I add in more spokes, I assume i'll run in to the exact same problem at those sites.
I haven't found much as far as examples, but did find this
example from fortinet. If i understand it correctly they're setting up an ipsec tunnel over the MPLS which doesn't seem efficient.
Is there a way to accomplish what we're trying to do without running an ipsec tunnel over the mpls?
