WAN failover—SD-WAN or BGP?

Moony · ‎10-21-2024

Hey guys, I’m setting up a failover connection for a larger corporate office and I’m deciding between two options: BGP or SDWAN. I’ve created two graphs below to illustrate both scenarios.

Do you think SDWAN would be the better choice? Since everything is Active/Passive, I’m thinking I’d need to set up a broadcast domain on the Cisco switch stack and a few LACP links from the FortiGate to the switch’s broadcast domain to ensure SDWAN works during failover. But honestly, that feels a bit over-engineered compared to just managing it all on the Cisco stack with BGP.

What are your thoughts?

Toshi_Esumi · ‎10-21-2024

With your design, it's not about SD-WAN vs. BGP, but it's about FGT's WAN failover or Catalyst's WAN failover.
For the former, the wan public IPs are terminated at the FGT, while for the latter set up, the Catalysts would terminate them and interconnect between the Catalysts and the FGTs.

I prefer the former because anything I would like to do with those public IP like VIPs etc. can be done at the FGTs. Of course you would be able to do it at the Catalysts if you want.
So it's just a matter of preference to me.

Toshi

Toshi_Esumi · ‎10-21-2024

Also, if they're terminated at the FGT and you only need the entire circuit fail-over, you can accomplish the objective with a link-monitor on the primary circuit. SD-WAN is not the only option with FGTs. It's the same with Cisco's IP SLA.

Toshi

WAN failover—SD-WAN or BGP?

Nominate a Forum Post for Knowledge Article Creation