hi
i have 2 fortigates that are linked with 2 point to point lines between them.
each p2p line is from another isp for redundancy.
main line is 100mbps and backup line from 2nd isp is 40mbps
i've setup a bgp, i control bgp on both sides. everything is working fine. on a regular basis, the main line works, and i fail the main line, a route failover occur and it flips to the backup line. with local preference on both sides, when the main line comes back up, it fails back to it.
my problem/question is that the failover/failback is quite long.
i know i'm supposed to "play" with : holdtimer, graceful restart and graceful-stalepath
the holdtimer part i understand, it's explained simply and understood. it states the time to "declare" the path dead and look for another one. but i didn't quite get the last two.
i'm looking for the best practice to my situation, bare in mind i'm controlling both ends, no isp bgp is involved here.
thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Graceful-anything is the opposite of what you are trying to achieve. Graceful restart, once enabled, tells your Fortigate to WAIT even if it detects that its BGP peer has failed, and thus NOT to tear down peering. This is done to prevent flapping in case of occasional crash/restart of the BGP peer. In other words, it will prolong fail over.
You have few options to speed up failover:
[ol]
many thanks for you great answer!
about this : "Enable BFD under BGP peering"
both sides are fortigates, so they support BFD
lines are l2 from the isp. the layer 3 is created by me. each side's opposite hop is the opposite fortigate.
In such case you can enable BFD on both sides with no fear, it will give the fastest failover possible.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.