Fortinet black logo

SD-WAN / SD-Branch Architecture for MSSPs

Home FortiGate / FortiOS 7.2.0 SD-WAN / SD-Branch Architecture for MSSPs
7.2.0
7.2.0
7.0.0
6.4.0

BGP extension: tag-based recursive resolution

BGP extension: tag-based recursive resolution

This feature extends the standard BGP route resolution algorithm by introducing a new method: Tag-based recursive resolution (or simply tag-match). It is supported starting from FOS 7.0.4.

In a nutshell, it allows assigning tags to the received BGP routes and attempts to recursively resolve them using only routes with the same tag.

In BGP on loopback design, Spokes assign different tags to the BGP routes received from each Hub. Therefore, the tag-based resolution will attempt to resolve each such BGP route only using routes learned from the same Hub. Neither routes learned from the other Hub nor (sic!) routes learned by other means will be used for the recursive resolution, even if they are the best-match routes!

The Tag-based recursive resolution can be enabled in two different modes. The mode which is of a particular interest to us is the "merge" mode, in which the algorithm will combine the outcome of the tag-based resolution with the outcome of the standard best-match resolution:

As we will show in the Example of route resolution with BGP on loopback, this helps to preserve all alternative overlay paths when there is an active ADVPN shortcut.

Note

Tag-based recursive resolution has only local significance on the FortiGate device, influencing its route resolution algorithm. The capability is not negotiated with the peers, and neither the tags nor the outcomes of the resolution are advertised to them. In other words, despite being a proprietary extension, all the communication with the peers still follows the BGP protocol standards.
Previous
Next

BGP extension: tag-based recursive resolution

This feature extends the standard BGP route resolution algorithm by introducing a new method: Tag-based recursive resolution (or simply tag-match). It is supported starting from FOS 7.0.4.

In a nutshell, it allows assigning tags to the received BGP routes and attempts to recursively resolve them using only routes with the same tag.

In BGP on loopback design, Spokes assign different tags to the BGP routes received from each Hub. Therefore, the tag-based resolution will attempt to resolve each such BGP route only using routes learned from the same Hub. Neither routes learned from the other Hub nor (sic!) routes learned by other means will be used for the recursive resolution, even if they are the best-match routes!

The Tag-based recursive resolution can be enabled in two different modes. The mode which is of a particular interest to us is the "merge" mode, in which the algorithm will combine the outcome of the tag-based resolution with the outcome of the standard best-match resolution:

As we will show in the Example of route resolution with BGP on loopback, this helps to preserve all alternative overlay paths when there is an active ADVPN shortcut.

Note

Tag-based recursive resolution has only local significance on the FortiGate device, influencing its route resolution algorithm. The capability is not negotiated with the peers, and neither the tags nor the outcomes of the resolution are advertised to them. In other words, despite being a proprietary extension, all the communication with the peers still follows the BGP protocol standards.
Previous
Next