Fortinet black logo

Handbook

Controlling redundant links by cost

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:346270
Download PDF

Controlling redundant links by cost

In this scenario, two FortiGate devices have redundant links: one link between their WAN1 interfaces and one link between their WAN2 interfaces.

FortiGate 1 should learn the route to network 192.168.182.0 and FortiGate 2 should learn the route to network 10.160.0.0. Under normal conditions, they should learn these routes through the WAN1 link. The WAN2 link should be used only as a backup.

With the default settings, each FortiGate learns these routes from both WAN1 and WAN2.

FortiGate 1:

FGT1 # get router info ospf neighbor

OSPF process 0:

Neighbor ID Pri State Dead Time Address Interface

10.2.2.2 1 Full/Backup 00:00:33 10.182.0.187 wan1

10.2.2.2 1 Full/Backup 00:00:31 10.183.0.187 wan2

FGT1 # get router info routing-table ospf

O*E2 0.0.0.0/0 [110/10] via 10.183.0.187, wan2, 00:00:01

[110/10] via 10.182.0.187, wan1, 00:00:01

O 192.168.182.0/23 [110/20] via 10.183.0.187, wan2, 00:02:04

[110/20] via 10.182.0.187, wan1, 00:02:04

FortiGate 2:

FGT2 # get router info ospf neighbor

OSPF process 0:

Neighbor ID Pri State Dead Time Address Interface

10.1.1.1 1 Full/DR 00:00:38 10.182.0.57 wan1

10.1.1.1 1 Full/DR 00:00:38 10.183.0.57 wan2

FGT2 # get router info routing-table ospf

O 10.160.0.0/23 [110/20] via 10.183.0.57, wan2, 00:00:39

[110/20] via 10.182.0.57, wan1, 00:00:39

Adjusting the route costs

On both FortiGate devices, the cost of the route through WAN2 is adjusted higher so that this route will only be used if the route through WAN1 is unavailable. The default cost is 10. The WAN2 route will be changed to a cost of 200.

On both FortiGate devices:

config router ospf

config ospf-interface

edit "WAN2_higher_cost"

set cost 200

set interface "wan2"

end

Now, both FortiGate devices use only the WAN1 route:

FortiGate 1:

FGT1 # get router info routing-table ospf

O*E2 0.0.0.0/0 [110/10] via 10.182.0.187, wan1, 00:00:40

O 192.168.182.0/23 [110/20] via 10.182.0.187, wan1, 00:00:40

FortiGate 2:

FGT2 # get router info routing-table ospf

O 10.160.0.0/23 [110/20] via 10.182.0.57, wan1, 00:09:37

LSDB check on FortiGate 1:

FGT1 # get router info ospf database router lsa

Router Link States (Area 0.0.0.0)

LS age: 81

Options: 0x2 (*|-|-|-|-|-|E|-)

Flags: 0x0

LS Type: router-LSA

Link State ID: 10.1.1.1

Advertising Router: 10.1.1.1

LS Seq Number: 8000000b

Checksum: 0xe637

Length: 60

Number of Links: 3

Link connected to: Stub Network

(Link ID) Network/subnet number: 10.160.0.0

(Link Data) Network Mask: 255.255.254.0

Number of TOS metrics: 0

TOS 0 Metric: 10

Link connected to: a Transit Network

(Link ID) Designated Router address: 10.183.0.187

(Link Data) Router Interface address: 10.183.0.57

Number of TOS metrics: 0

TOS 0 Metric: 200

Link connected to: a Transit Network

(Link ID) Designated Router address: 10.182.0.57

(Link Data) Router Interface address: 10.182.0.57

Number of TOS metrics: 0

TOS 0 Metric: 10

LS age: 83

Options: 0x2 (*|-|-|-|-|-|E|-)

Flags: 0x2 : ASBR

LS Type: router-LSA

Link State ID: 10.2.2.2

Advertising Router: 10.2.2.2

LS Seq Number: 8000000e

Checksum: 0xfc9b

Length: 60

Number of Links: 3

Link connected to: Stub Network

(Link ID) Network/subnet number: 192.168.182.0

(Link Data) Network Mask: 255.255.254.0

Number of TOS metrics: 0

TOS 0 Metric: 10

Link connected to: a Transit Network

(Link ID) Designated Router address: 10.183.0.187

(Link Data) Router Interface address: 10.183.0.187

Number of TOS metrics: 0

TOS 0 Metric: 200

Link connected to: a Transit Network

(Link ID) Designated Router address: 10.182.0.57

(Link Data) Router Interface address: 10.182.0.187

Number of TOS metrics: 0

TOS 0 Metric: 10

Verifying route redundancy

Bring down WAN1 and then check the routes on the two FortiGate devices.

FortiGate 1:

FGT1 # get router info routing-table ospf

FGT1 # get router info routing-table ospf

O*E2 0.0.0.0/0 [110/10] via 10.183.0.187, wan2, 00:00:06

O 192.168.182.0/23 [110/210] via 10.183.0.187, wan2, 00:00:06

FortiGate 2:

FGT2 # get router info routing-table ospf

O 10.160.0.0/23 [110/210] via 10.183.0.57, wan2, 00:00:14

The WAN2 interface is now in use on both units.

Controlling redundant links by cost

In this scenario, two FortiGate devices have redundant links: one link between their WAN1 interfaces and one link between their WAN2 interfaces.

FortiGate 1 should learn the route to network 192.168.182.0 and FortiGate 2 should learn the route to network 10.160.0.0. Under normal conditions, they should learn these routes through the WAN1 link. The WAN2 link should be used only as a backup.

With the default settings, each FortiGate learns these routes from both WAN1 and WAN2.

FortiGate 1:

FGT1 # get router info ospf neighbor

OSPF process 0:

Neighbor ID Pri State Dead Time Address Interface

10.2.2.2 1 Full/Backup 00:00:33 10.182.0.187 wan1

10.2.2.2 1 Full/Backup 00:00:31 10.183.0.187 wan2

FGT1 # get router info routing-table ospf

O*E2 0.0.0.0/0 [110/10] via 10.183.0.187, wan2, 00:00:01

[110/10] via 10.182.0.187, wan1, 00:00:01

O 192.168.182.0/23 [110/20] via 10.183.0.187, wan2, 00:02:04

[110/20] via 10.182.0.187, wan1, 00:02:04

FortiGate 2:

FGT2 # get router info ospf neighbor

OSPF process 0:

Neighbor ID Pri State Dead Time Address Interface

10.1.1.1 1 Full/DR 00:00:38 10.182.0.57 wan1

10.1.1.1 1 Full/DR 00:00:38 10.183.0.57 wan2

FGT2 # get router info routing-table ospf

O 10.160.0.0/23 [110/20] via 10.183.0.57, wan2, 00:00:39

[110/20] via 10.182.0.57, wan1, 00:00:39

Adjusting the route costs

On both FortiGate devices, the cost of the route through WAN2 is adjusted higher so that this route will only be used if the route through WAN1 is unavailable. The default cost is 10. The WAN2 route will be changed to a cost of 200.

On both FortiGate devices:

config router ospf

config ospf-interface

edit "WAN2_higher_cost"

set cost 200

set interface "wan2"

end

Now, both FortiGate devices use only the WAN1 route:

FortiGate 1:

FGT1 # get router info routing-table ospf

O*E2 0.0.0.0/0 [110/10] via 10.182.0.187, wan1, 00:00:40

O 192.168.182.0/23 [110/20] via 10.182.0.187, wan1, 00:00:40

FortiGate 2:

FGT2 # get router info routing-table ospf

O 10.160.0.0/23 [110/20] via 10.182.0.57, wan1, 00:09:37

LSDB check on FortiGate 1:

FGT1 # get router info ospf database router lsa

Router Link States (Area 0.0.0.0)

LS age: 81

Options: 0x2 (*|-|-|-|-|-|E|-)

Flags: 0x0

LS Type: router-LSA

Link State ID: 10.1.1.1

Advertising Router: 10.1.1.1

LS Seq Number: 8000000b

Checksum: 0xe637

Length: 60

Number of Links: 3

Link connected to: Stub Network

(Link ID) Network/subnet number: 10.160.0.0

(Link Data) Network Mask: 255.255.254.0

Number of TOS metrics: 0

TOS 0 Metric: 10

Link connected to: a Transit Network

(Link ID) Designated Router address: 10.183.0.187

(Link Data) Router Interface address: 10.183.0.57

Number of TOS metrics: 0

TOS 0 Metric: 200

Link connected to: a Transit Network

(Link ID) Designated Router address: 10.182.0.57

(Link Data) Router Interface address: 10.182.0.57

Number of TOS metrics: 0

TOS 0 Metric: 10

LS age: 83

Options: 0x2 (*|-|-|-|-|-|E|-)

Flags: 0x2 : ASBR

LS Type: router-LSA

Link State ID: 10.2.2.2

Advertising Router: 10.2.2.2

LS Seq Number: 8000000e

Checksum: 0xfc9b

Length: 60

Number of Links: 3

Link connected to: Stub Network

(Link ID) Network/subnet number: 192.168.182.0

(Link Data) Network Mask: 255.255.254.0

Number of TOS metrics: 0

TOS 0 Metric: 10

Link connected to: a Transit Network

(Link ID) Designated Router address: 10.183.0.187

(Link Data) Router Interface address: 10.183.0.187

Number of TOS metrics: 0

TOS 0 Metric: 200

Link connected to: a Transit Network

(Link ID) Designated Router address: 10.182.0.57

(Link Data) Router Interface address: 10.182.0.187

Number of TOS metrics: 0

TOS 0 Metric: 10

Verifying route redundancy

Bring down WAN1 and then check the routes on the two FortiGate devices.

FortiGate 1:

FGT1 # get router info routing-table ospf

FGT1 # get router info routing-table ospf

O*E2 0.0.0.0/0 [110/10] via 10.183.0.187, wan2, 00:00:06

O 192.168.182.0/23 [110/210] via 10.183.0.187, wan2, 00:00:06

FortiGate 2:

FGT2 # get router info routing-table ospf

O 10.160.0.0/23 [110/210] via 10.183.0.57, wan2, 00:00:14

The WAN2 interface is now in use on both units.