Fortinet black logo

SD-WAN Architecture for Enterprise

Home FortiGate / FortiOS 7.0.0 SD-WAN Architecture for Enterprise

Using IBGP between regions with inter-region ADVPN

7.0.0
7.2.0
7.0.0
Copy Link
Copy Doc ID 7030e0d2-4287-11ec-bdf2-fa163e15d75b:242856
Download PDF

Using IBGP between regions with inter-region ADVPN

A more complex option is to implement cross-regional ADVPN, which requires preserving specific prefixes (including their original BGP next-hop values) between spokes belonging to different regions. Hence, IBGP must also be used between the regional gateways, just like it is used between gateway and branches. Each regional gateway will reflect prefixes to its branches and remote regional gateway. As a result, all the sites throughout the entire solution will learn each other’s prefixes. This allows the use of ADVPN across the regions, dynamically building direct IPsec tunnels between any two sites willing to communicate.

Cross-regional branch-to-branch shortcuts will be built when two spokes belonging to different regions start communicating. The traffic will flow directly between them, thus bypassing both regional gateways on the way.

Cross-regional spoke-to-hub shortcuts will be built when a spoke is willing to reach a network behind a remote regional hub. The traffic will then bypass its local, regional hub.

Previous
Next

Using IBGP between regions with inter-region ADVPN

A more complex option is to implement cross-regional ADVPN, which requires preserving specific prefixes (including their original BGP next-hop values) between spokes belonging to different regions. Hence, IBGP must also be used between the regional gateways, just like it is used between gateway and branches. Each regional gateway will reflect prefixes to its branches and remote regional gateway. As a result, all the sites throughout the entire solution will learn each other’s prefixes. This allows the use of ADVPN across the regions, dynamically building direct IPsec tunnels between any two sites willing to communicate.

Cross-regional branch-to-branch shortcuts will be built when two spokes belonging to different regions start communicating. The traffic will flow directly between them, thus bypassing both regional gateways on the way.

Cross-regional spoke-to-hub shortcuts will be built when a spoke is willing to reach a network behind a remote regional hub. The traffic will then bypass its local, regional hub.

Previous
Next