Fortinet Document Library

Version:


Table of Contents

More Links

Using BGP tags with SD-WAN rules

New Features

6.4.0
Download PDF
Copy Link

SD-WAN IPv6 route tag 6.4.4

The route-tag is a mechanism to map a BGP community string to a specific tag. The string may correspond to a specific network that a BGP router advertised. With this tag, an SD-WAN service rule can be used to define specific traffic handling to that network. IPv6 route tags are now supported. The SD-WAN link quality information is also shown in IPv6 traffic logs.

To configure an IPv6 route tag:
  1. Configure the route map:
    config router route-map
        edit "comm1"
            config rule
                edit 1
                    set match-community "30:5"
                    unset set-ip-nexthop
                    unset set-ip6-nexthop
                    unset set-ip6-nexthop-local
                    unset set-originator-id
                    set set-route-tag 15
                next
                edit 2
                    unset set-ip-nexthop
                    unset set-ip6-nexthop
                    unset set-ip6-nexthop-local
                    unset set-originator-id
                next
            end
        next
    end
  2. Configure SD-WAN:
    config system sdwan
        set status enable
        config zone
            edit "virtual-wan-link"
            next
        end
        config members
            edit 1
                set interface "R150"
                set gateway 10.100.1.1
                set gateway6 2004:10:100:1::1
            next
            edit 2
                set interface "R160"
                set gateway 10.100.1.5
                set gateway6 2004:10:100:1::5
                set priority 20
            next
        end
        config health-check
            edit "ping6"
                set addr-mode ipv6
                set server "2000:10:100:2::22"
                set members 1 2
            next
        end
        config service
            edit 1
                set addr-mode ipv6
                set route-tag 15
                set priority-members 1 2
            next
        end
    end
  3. Verify the traffic log:
    1: date=2020-11-18 time=17:30:39 eventtime=1605749439420496570 tz="-0800" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=2000:172:16:205::11 identifier=523 srcintf="port10" srcintfrole="undefined" dstip=2008:3:3:3::3 dstintf="R150" dstintfrole="undefined" sessionid=3781 proto=58 action="accept" policyid=1 policytype="policy" poluuid="0fda65ea-4077-51e9-006b-da60dff24c0d" service="PING6" dstcountry="Reserved" srccountry="Reserved" trandisp="noop" duration=8 sentbyte=104 rcvdbyte=104 sentpkt=1 rcvdpkt=1 vwlid=22 vwlquality="Seq_num(1 R150), alive, sla(0x1), gid(0), cfg_order(0), cost(0), selected" appcat="unscanned"

More Links

SD-WAN IPv6 route tag 6.4.4

The route-tag is a mechanism to map a BGP community string to a specific tag. The string may correspond to a specific network that a BGP router advertised. With this tag, an SD-WAN service rule can be used to define specific traffic handling to that network. IPv6 route tags are now supported. The SD-WAN link quality information is also shown in IPv6 traffic logs.

To configure an IPv6 route tag:
  1. Configure the route map:
    config router route-map
        edit "comm1"
            config rule
                edit 1
                    set match-community "30:5"
                    unset set-ip-nexthop
                    unset set-ip6-nexthop
                    unset set-ip6-nexthop-local
                    unset set-originator-id
                    set set-route-tag 15
                next
                edit 2
                    unset set-ip-nexthop
                    unset set-ip6-nexthop
                    unset set-ip6-nexthop-local
                    unset set-originator-id
                next
            end
        next
    end
  2. Configure SD-WAN:
    config system sdwan
        set status enable
        config zone
            edit "virtual-wan-link"
            next
        end
        config members
            edit 1
                set interface "R150"
                set gateway 10.100.1.1
                set gateway6 2004:10:100:1::1
            next
            edit 2
                set interface "R160"
                set gateway 10.100.1.5
                set gateway6 2004:10:100:1::5
                set priority 20
            next
        end
        config health-check
            edit "ping6"
                set addr-mode ipv6
                set server "2000:10:100:2::22"
                set members 1 2
            next
        end
        config service
            edit 1
                set addr-mode ipv6
                set route-tag 15
                set priority-members 1 2
            next
        end
    end
  3. Verify the traffic log:
    1: date=2020-11-18 time=17:30:39 eventtime=1605749439420496570 tz="-0800" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=2000:172:16:205::11 identifier=523 srcintf="port10" srcintfrole="undefined" dstip=2008:3:3:3::3 dstintf="R150" dstintfrole="undefined" sessionid=3781 proto=58 action="accept" policyid=1 policytype="policy" poluuid="0fda65ea-4077-51e9-006b-da60dff24c0d" service="PING6" dstcountry="Reserved" srccountry="Reserved" trandisp="noop" duration=8 sentbyte=104 rcvdbyte=104 sentpkt=1 rcvdpkt=1 vwlid=22 vwlquality="Seq_num(1 R150), alive, sla(0x1), gid(0), cfg_order(0), cost(0), selected" appcat="unscanned"