Slightly Routing Loop between Two Fortigate SDWAN ?

Potato · ‎09-12-2023

Hi all,

(An interesting?) Question here.

We have Fortigates deployed in Two locations.

Both Locations have one Metronet for mutual Point 2 Point routing.

As the client requested, The P2P should be working as a second wan at the same time to protect both sites internet accessibility.

So, the design like this way:

The P2P and Internet ISP are in the same SDWAN Zone, the default route was pointed to the SDWAN interface.

My question is,

Assuming the ISP A is now down, the Fortigate at location A will use the P2P to access the internet.

However, if we have a SDWAN "Maximum bandwidth" setting for ISP B and the P2P, is that mean we will have 50% bandwidth loss / due to the looping like below:

For step 1, as Location A has only P2P working, the internet traffic is now routed to B.

For Location B, we use "Maximum Bandwidth" between P2P and ISP B.

Perhaps, would Step 2 appear in around 50% chance? And might be keep looping between 1 and 2?

Of course, Step 3 will be the last for location A internet access, I wonder if the performance is not good in this situation.

What is your opinion?

srajeswaran · ‎09-13-2023

Not an SDWAN expert, so this might be silly. Can we not implement conditional route advertisement via BGP between Site A and Site B?
Advertise the default route via P2P link only when the ISP link is active. That way, when location A looses ISP link, the P2P route advertised to Site B will be with drawn and the issue can be eliminated.

BGP conditional route advertisement - https://community.fortinet.com/t5/FortiGate/Technical-Tip-BGP-conditional-advertisement-example-in-a...

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.