Fortinet black logo

Examples

Home FortiManager 6.4.0 Examples

Configuring hub to hub routing

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
Copy Link
Copy Doc ID 5ecc39ba-34cd-11eb-96b9-00505692583a:625819
Download PDF

Configuring hub to hub routing

This topic describes how to add BGP peering over the tunnels.

Note

Note that we do NOT need to enable ADVPN forwarding on these tunnels. Spoke traffic will never be forwarded between the Hubs, because each Spoke connects to each of the Hubs directly. The sole purpose of these tunnels is to forward inter-DC traffic! We also need to keep this in mind when configuring BGP!

We are going to configure IBGP between the Hubs with the sole purpose to advertise DC prefixes.

We will not advertise any Spoke prefixes between the Hubs!

We will not use SD-WAN here either. Instead, we will do it the “conventional” way, preferring Internet connection with BGP local-preference attribute.

BGP configuration will be done as usual, using CLI Templates.

  • We configure Hub-to-Hub tunnel IPs (note how we use the meta variables here)
  • We configure prefix-list for the local DC LAN:

    config router prefix-list

    edit "LAN_DC$(dc-id)"

    config rule

    edit 1

    set prefix 10.$(dc-id).0.0 255.255.255.0

    unset ge

    unset le

    next

    end

    next

    end

  • We configure route-map to advertise only the DC LAN subnet:

    config router route-map

    edit "DC2DC_OUT"

    config rule

    edit 1

    set match-ip-address "LAN_DC$(dc-id)"

    next

    edit 2

    set action deny

    next

    end

    next

    end

  • We configure route-map to prefer the link over the Internet:

    config router route-map

    edit "DC2DC_INET_IN"

    config rule

    edit 1

    set local-preference 200

    next

    end

    next

    end

  • We configure BGP neighbors, applying the above route-maps:

    config router bgp

    config neighbor

    edit "10.200.10.$(remote-dc-id)"

    set route-map-in "DC2DC_INET_IN"

    set route-map-out "DC2DC_OUT"

    next

    edit "10.200.20.$(remote-dc-id)"

    set route-map-out "DC2DC_OUT"

    next

    end

    end

To create a CLI script template for hubs:
  1. Go to Device Manager > Provisioning Templates > CLI Template.
  2. Click Create New > CLI Template.
  3. In the Template Name box, type Hub-Routing-InterDC.
  4. In the script details box, copy and paste the above commands, and click OK to create the CLI script.
To add the CLI script to the CLI template group:
  1. Go to Device Manager > Provisioning Templates > CLI Template.
  2. Under CLI Template Group, double-click Hub-Template to open the group for editing.
  3. Beside Members, click Add (+), select Hub-Routing-InterDC, and click OK.

    The CLI script is added to the CLI template group.

  4. Install the changes to hub devices.
Previous
Next

Configuring hub to hub routing

This topic describes how to add BGP peering over the tunnels.

Note

Note that we do NOT need to enable ADVPN forwarding on these tunnels. Spoke traffic will never be forwarded between the Hubs, because each Spoke connects to each of the Hubs directly. The sole purpose of these tunnels is to forward inter-DC traffic! We also need to keep this in mind when configuring BGP!

We are going to configure IBGP between the Hubs with the sole purpose to advertise DC prefixes.

We will not advertise any Spoke prefixes between the Hubs!

We will not use SD-WAN here either. Instead, we will do it the “conventional” way, preferring Internet connection with BGP local-preference attribute.

BGP configuration will be done as usual, using CLI Templates.

  • We configure Hub-to-Hub tunnel IPs (note how we use the meta variables here)
  • We configure prefix-list for the local DC LAN:

    config router prefix-list

    edit "LAN_DC$(dc-id)"

    config rule

    edit 1

    set prefix 10.$(dc-id).0.0 255.255.255.0

    unset ge

    unset le

    next

    end

    next

    end

  • We configure route-map to advertise only the DC LAN subnet:

    config router route-map

    edit "DC2DC_OUT"

    config rule

    edit 1

    set match-ip-address "LAN_DC$(dc-id)"

    next

    edit 2

    set action deny

    next

    end

    next

    end

  • We configure route-map to prefer the link over the Internet:

    config router route-map

    edit "DC2DC_INET_IN"

    config rule

    edit 1

    set local-preference 200

    next

    end

    next

    end

  • We configure BGP neighbors, applying the above route-maps:

    config router bgp

    config neighbor

    edit "10.200.10.$(remote-dc-id)"

    set route-map-in "DC2DC_INET_IN"

    set route-map-out "DC2DC_OUT"

    next

    edit "10.200.20.$(remote-dc-id)"

    set route-map-out "DC2DC_OUT"

    next

    end

    end

To create a CLI script template for hubs:
  1. Go to Device Manager > Provisioning Templates > CLI Template.
  2. Click Create New > CLI Template.
  3. In the Template Name box, type Hub-Routing-InterDC.
  4. In the script details box, copy and paste the above commands, and click OK to create the CLI script.
To add the CLI script to the CLI template group:
  1. Go to Device Manager > Provisioning Templates > CLI Template.
  2. Under CLI Template Group, double-click Hub-Template to open the group for editing.
  3. Beside Members, click Add (+), select Hub-Routing-InterDC, and click OK.

    The CLI script is added to the CLI template group.

  4. Install the changes to hub devices.
Previous
Next