Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hugo_silva22
New Contributor

Fortigate HA Cluster + BGP Dual WAN cenario to same ISP and AS

Hello,

 

I have been trying to implement an HA Cluster with dual WAN load balancing. Local Fortigates have the same AS, and the ISP neighboors too.

 

I am not adding any metrics since it was told by ISP that CORE would do load balancing.

 

The problem is, it is only possible to have 1 established BGP session at the same time. The other one stays allways on mode active unless the previous session disconnects. Is there any command to issue the Cluster to have 2 sessions the same time? Or maybe the problem is with the Core peers (Loop prevention?)

 

What happens:

FW_GOPACA_185257_SEC # get router info bgp summary 
BGP router identifier X1, local AS number 65081
BGP table version is 2
2 BGP AS-PATH entries
0 BGP community entries
 
Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
X1    4       2860   11646   13308        1    0    0 2d00h30m        1
X2  4       2860       0       0        0    0    0    never Active     
 
Total number of neighbors 2
  
FW_GOPACA_185257_SEC #  

 

Note: Both fortigates connect via WAN 1 and WAN 2 to ISP primary and secundary given address. VLANs where checked and tested on local switchs. HA mode is OK and in mode Active-Passive. Route-map is only used to announce a prefix-list to core.

 

Configs bellow:

 

config router bgp     set as 65081     set router-id X1     set ebgp-multipath enable     config neighbor         edit "X1"             set remote-as 2860             set route-map-out "ToNOS"             set send-community6 disable             set password ENC LCPzRWp+p/ceSAfwuI2vb+XhC/rzW1pNOUXI1kKhZM739msCdrHpko5QANMDC3l40zLyH1s+MJr9my/gbh0Dto3e3iK9ixfwvnb4cnGKQPbz5qLa8DCgt0XUMO5FPKpZUqJXz2LgrjERXLmk+VDkAgiBFz7lrDnb3kUG/a/6JGHP1bz7C3jXh+WosWzxsdsUvK7eqg==         next         edit "X2"             set remote-as 2860             set route-map-out "ToNOS2"             set send-community6 disable             set password ENC FJvnjaxbejVQLUhx05KNfkJcSK7IpjP/nvIX/L0xGaszNlfMCSv5nv1LZgVO3ZERSFEDXkzIusjnikkyt/f+Oc+ccP7Blt+Y78DH64ImuAioVXYVtAgddmakXhh562WrnNwW9FpDEodqF2x7kn3OHhxrkAwj5Sh86veT4AnTwH70cJWtj7GQSS6C0/Nw31HjImFwSQ==         next     end

 

Thank you.

1 REPLY 1
hugo_silva22
New Contributor

Hello,

 

Turned out that i find a way to fix it. There were misconfiged switches on local network.

 

Now i get the following routing table:

 

FW_GOPACA_185257_SEC # get router info bgp network
BGP table version is 4, local router ID is 88.157.162.166
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
 
   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0/0        88.157.156.1             0             0 2860 174 i
*                   88.157.162.165           0             0 2860 174 i
*> 195.23.50.72/29  0.0.0.0                       100  32768 i
 
Total number of prefixes 2

 

It turns out the the first hop is being prefered over the second one. How can i fix it in order to both hops become prefered?

 

Thank you

Labels
Top Kudoed Authors