Shouldn't the AD for ebgp be the selecting criteria for routes? --> ah I found that AD is only for same routes if received from different routing protocol. 

Hi Suraj, I wonder if you would be able to advise, as it seems this is my issue and I cant seem to solve it,  I have an SD-WAN with 2 IPSEC hub and spoke (IBGP) and then this goes to a cisco switch running  (EBGP)  if one of the tunnels goes down on one side, the switch on the other side , still thinks it has a valid route, but it cant as the VPN link is down, can you help at all?

Can you please share a simple topology diagram along with the route table entry from the switch (to confirm how it learns these destinations).

DC1 is active and has the preferred interface in the SDWAN, if this goes down (I manually disable the ipsec interface) the LAN network now goes voa DC2, but the switch on DC2 side still believes the best way is via DC1 Switch:

* 192.168.1.0/24  X.X.2.1 0 65400 ?
*> 10.99.2.5 25600512 32768 ?

The best route has "32768" weight, so its prefered, but I cant set the weigh on the Neighbour higher like "4000" as it will then always prefer that route! hope that makes sense

Hello The_Nude_Deer, 

Thank you for posting. Your post appears to be a new issue. Instead of replying in this thread, can you please create a new thread instead? It will be easier for users and staff to follow which replies relate to which issue, and our moderation team can do our best to ensure you receive replies.

Thanks for understanding, 

Stephen

its the same issue, easier to keep the same issues in one place rather that creating multiple threads?

It's very difficult to separate my own old posts from your new issues when those are inserted in-between. And you don't know if the cause is the same as this original issue (if so you didn't have to post your issue). Most likely different.
Also the original post doesn't have any involvement of EIGRP.

Just start a new post then refer to the original thread by adding a link, which should be very easy to do.

Besides, you can't mark the best answer as "solved" since you didn't start this thread.

Toshi

Hello The_Nude_Deer,

I appreciate that this is a very similar issue, but this one has been solved by srajeswaran, so we would consider yours a new issue (even if it's essentially the same one with a different cause/different solution).

I really appreciate you trying to reduce topic clutter, but I think a new topic is justified here. Because you can't mark answers here as solutions, I think it'll be easier for future viewers to find solutions to your same issue in a new topic instead (especially since, as Toshi pointed out, the replies are already getting difficult to follow here).

These are the reasons for my request, which I hope make sense. Feel free to link to your new topic from here for anyone who follows it along later, and let me know if you have any more questions.

Thanks,

Don't you consider this is a bug? If all the other factors above (1-6) are tie including local-pref, the eBGP route should take precedence over the same iBGP route.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-BGP-route-selection-process/ta-p/195932

Toshi