Implementing route discovery with BGP
BGP allows the branch and data center FortiGates to dynamically discover routes from each other. To make this happen add the data center FortiGate IPsec VPN tunnel interface IP addresses to the branch BGP configuration as BGP peers.
Routes that have the same network mask, administrative distance, and priority are automatically considered for SD-WAN when the interfaces where those routes are learned are added to the SD-WAN interface group.
Begin by adding a route-map to set the extended tag to 10.
config router route-map
edit "add-tag"
config rule
edit 1
set set-extended_tag 10
end
The branch BGP configuration includes:
- Enabling
ebgp-multipath - Enabling
soft-reconfiguration,link-down-failover, andebgp-enforce-multihopfor each BGP peer - Adding the data center
remote-as(which is 65500) to each peer configuration - Setting the
prefixfor the neighbor range to the network matching the BGP peers - Set
route-map-into the configuredroute-maptag (add-tag) for each BGP peer.
To facilitate the fastest route failovers, the following timers are set to their lowest values:
scan-timeadvertisement-intervalkeep-alive timerholdtime-timer
config router bgp
set as 65501
set router-id 10.254.0.2
set keepalive-timer 1
set holdtime-timer 3
set ebgp-multipath enable
set scan-time 5
set distance-external 1
config neighbor
edit "10.254.0.1"
set advertisement-interval 1
set link-down-failover enable
set soft-reconfiguration enable
set remote-as 65500
set route-map-in add-tag
set ebgp-enforce-multihop enable
next
edit "10.254.1.1"
set advertisement-interval 1
set link-down-failover enable
set soft-reconfiguration enable
set remote-as 65500
set route-map-in add-tag
set ebgp-enforce-multihop enable
next
end
end