Fortinet white logo
Fortinet white logo

SD-WAN / SD-Branch Architecture for MSSPs

Practical example

Practical example

Let us consider the practical example of prefering the MPLS overlay when sending traffic towards a certain group of sites.

  • Instead of statically configuring these destinations on all the SD-WAN nodes, we can attach a BGP community to all the routes originated by this group of sites.

  • This BGP community will be dynamically translated into a route-tag on all the receiving SD-WAN nodes.

  • Finally an SD-WAN rule will match this route-tag and apply a strategy preferring the MPLS overlay for this traffic.

The following diagram illustrates this approach:

Whenever a new destination must be added to this group, we can attach the same BGP community to it on the originating site. The route can be originated either by another SD-WAN node or by a third-party device outside of the SD-WAN network. The latter is possible, because the method relies on the industry-standard BGP functionality (namely, BGP communities). Note that the route-tags themselves have only local significance and are never advertised outside of the SD-WAN nodes.

Practical example

Practical example

Let us consider the practical example of prefering the MPLS overlay when sending traffic towards a certain group of sites.

  • Instead of statically configuring these destinations on all the SD-WAN nodes, we can attach a BGP community to all the routes originated by this group of sites.

  • This BGP community will be dynamically translated into a route-tag on all the receiving SD-WAN nodes.

  • Finally an SD-WAN rule will match this route-tag and apply a strategy preferring the MPLS overlay for this traffic.

The following diagram illustrates this approach:

Whenever a new destination must be added to this group, we can attach the same BGP community to it on the originating site. The route can be originated either by another SD-WAN node or by a third-party device outside of the SD-WAN network. The latter is possible, because the method relies on the industry-standard BGP functionality (namely, BGP communities). Note that the route-tags themselves have only local significance and are never advertised outside of the SD-WAN nodes.