Fortinet black logo

Hub BGP signaling

7.2.0
Copy Link
Copy Doc ID 26c6e1e8-cd7a-11ec-bb32-fa163e15d75b:75691
Download PDF

Hub BGP signaling

Enabling BGP route steering on the HUB is comprised of the following steps:

  1. Edit the BGP template to edit neighbor groups VPN1 and VPN2 to create a new Route Map In with new rules for each neighbor group. See Editing the BGP template.
  2. Edit the SD-WAN template to define which VPN is used based on the received tags. See Editing the SD-WAN template.
  3. Install the device settings to the branch and hub devices.

Editing the BGP template

Edit the BGP template to edit neighbor groups VPN1 and VPN2 to create a new Route Map In with new rules for each neighbor group. The process:

  • Defines router community lists for each of the three (3) communities that may be sent.
  • Defining a Route Map In for each VPN to set route tags.
To define router community lists:
  1. Go to Device Manager > Provisioning Templates > BGP Templates.
  2. Double-click the ACME SD-WAN Overlay_hub1_bgp template to open it for editing.
  3. Edit the neighbor group named VPN1 to create a new Route Map In with new rules:
    1. In the Neighbor Group section, double-click the VPN1 group to open it for editing. The Edit Neighbor Group pane is displayed.
    2. Under IPv4 Filtering, enable Route Map In.
    3. Beside Route Map In, click the dropdown box, and click +. The Create New Route Map pane is displayed.
    4. In the Name box, type VPN1-RouteMap_IN.
    5. Create a new rule:
      1. Under Rules, click Create New. The Create New Route Map Rule pane is displayed
      2. Set the following options:

        ID3
        Match Community
        1. Toggle on.
        2. Click the dropdown, and click +. The Create New Community List pane is displayed.
        3. Set Name to 65000:1.
        4. Under Rules, click Create New. The Community List Rule Edit pane is displayed.
        5. Set ID to 1.
        6. Set Match to 65000:1, and click OK to save the rule.
        7. Click OK to save the community list.
        8. Select the newly created rule named 65000:1 for Match Community.
        Set route tag

        1

      3. Click OK to save the route map rule.
    6. Create another new rule:
      1. Under Rules, click Create New. The Create New Route Map Rule pane is displayed
      2. Set the following options:

        ID4
        Match Community
        1. Toggle on.
        2. Click the dropdown, and click +. The Create New Community List pane is displayed.
        3. Set Name to 65000:2.
        4. Under Rules, click Create New. The Community List Rule Edit pane is displayed.
        5. Set ID to 1.
        6. Set Match to 65000:2, and click OK to save the rule.
        7. Click OK to save the community list.
        8. Select the newly created rule named 65000:2 for Match Community.
        Set route tag

        2

      3. Click OK to save the route map rule.
    7. Create a third new rule:
      1. Under Rules, click Create New. The Create New Route Map Rule pane is displayed
      2. Set the following options:

        ID5
        Match Community
        1. Toggle on.
        2. Click the dropdown, and click +. The Create New Community List pane is displayed.
        3. Set Name to 65000:5.
        4. Under Rules, click Create New. The Community List Rule Edit pane is displayed.
        5. Set ID to 1.
        6. Set Match to 65000:5, and click OK to save the rule.
        7. Click OK to save the community list.
        8. Select the newly created rule named 65000:5 for Match Community.
        Set route tag

        5

      3. Click OK to save the route map rule.
    8. Click OK to save the route map. The Edit Neighbor Group pane is displayed.
  4. For Route Map In, select the newly created VPN1-RouteMap_IN, and click OK.
  5. Repeat this procedure for VPN2, replacing the Route Map In name with VPN2-RouteMap_IN.

    You can select the previously created communities when creating the three (3) rules for VPN2.

  6. Click OK to save the BGP template.

Editing the SD-WAN template

Edit the SD-WAN template to define which VPN is used based on the received tags.

To edit the SD-WAN template:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Templates.
  2. Double-click the Hub_SDWAN template to open it for editing.
  3. Under SD-WAN Rules, define a new rule:
    1. Click +Create New. The Create New SD-WAN Rule pane is displayed.
    2. Set the following options, and click OK:

      Name

      ToBranches_VPN1

      Source Address

      all

      Route Tag

      1

      Interface Preference

      VPN1

  4. Under SD-WAN Rules, define a second rule:
    1. Click +Create New. The Create New SD-WAN Rule pane is displayed.
    2. Set the following options, and click OK:

      Name

      ToBranches_VPN2

      Source Address

      all

      Route Tag

      2

      Interface Preference

      VPN2

  5. Click OK to save the template.
  6. Install the device settings to the branch and hub devices.

Hub BGP signaling

Enabling BGP route steering on the HUB is comprised of the following steps:

  1. Edit the BGP template to edit neighbor groups VPN1 and VPN2 to create a new Route Map In with new rules for each neighbor group. See Editing the BGP template.
  2. Edit the SD-WAN template to define which VPN is used based on the received tags. See Editing the SD-WAN template.
  3. Install the device settings to the branch and hub devices.

Editing the BGP template

Edit the BGP template to edit neighbor groups VPN1 and VPN2 to create a new Route Map In with new rules for each neighbor group. The process:

  • Defines router community lists for each of the three (3) communities that may be sent.
  • Defining a Route Map In for each VPN to set route tags.
To define router community lists:
  1. Go to Device Manager > Provisioning Templates > BGP Templates.
  2. Double-click the ACME SD-WAN Overlay_hub1_bgp template to open it for editing.
  3. Edit the neighbor group named VPN1 to create a new Route Map In with new rules:
    1. In the Neighbor Group section, double-click the VPN1 group to open it for editing. The Edit Neighbor Group pane is displayed.
    2. Under IPv4 Filtering, enable Route Map In.
    3. Beside Route Map In, click the dropdown box, and click +. The Create New Route Map pane is displayed.
    4. In the Name box, type VPN1-RouteMap_IN.
    5. Create a new rule:
      1. Under Rules, click Create New. The Create New Route Map Rule pane is displayed
      2. Set the following options:

        ID3
        Match Community
        1. Toggle on.
        2. Click the dropdown, and click +. The Create New Community List pane is displayed.
        3. Set Name to 65000:1.
        4. Under Rules, click Create New. The Community List Rule Edit pane is displayed.
        5. Set ID to 1.
        6. Set Match to 65000:1, and click OK to save the rule.
        7. Click OK to save the community list.
        8. Select the newly created rule named 65000:1 for Match Community.
        Set route tag

        1

      3. Click OK to save the route map rule.
    6. Create another new rule:
      1. Under Rules, click Create New. The Create New Route Map Rule pane is displayed
      2. Set the following options:

        ID4
        Match Community
        1. Toggle on.
        2. Click the dropdown, and click +. The Create New Community List pane is displayed.
        3. Set Name to 65000:2.
        4. Under Rules, click Create New. The Community List Rule Edit pane is displayed.
        5. Set ID to 1.
        6. Set Match to 65000:2, and click OK to save the rule.
        7. Click OK to save the community list.
        8. Select the newly created rule named 65000:2 for Match Community.
        Set route tag

        2

      3. Click OK to save the route map rule.
    7. Create a third new rule:
      1. Under Rules, click Create New. The Create New Route Map Rule pane is displayed
      2. Set the following options:

        ID5
        Match Community
        1. Toggle on.
        2. Click the dropdown, and click +. The Create New Community List pane is displayed.
        3. Set Name to 65000:5.
        4. Under Rules, click Create New. The Community List Rule Edit pane is displayed.
        5. Set ID to 1.
        6. Set Match to 65000:5, and click OK to save the rule.
        7. Click OK to save the community list.
        8. Select the newly created rule named 65000:5 for Match Community.
        Set route tag

        5

      3. Click OK to save the route map rule.
    8. Click OK to save the route map. The Edit Neighbor Group pane is displayed.
  4. For Route Map In, select the newly created VPN1-RouteMap_IN, and click OK.
  5. Repeat this procedure for VPN2, replacing the Route Map In name with VPN2-RouteMap_IN.

    You can select the previously created communities when creating the three (3) rules for VPN2.

  6. Click OK to save the BGP template.

Editing the SD-WAN template

Edit the SD-WAN template to define which VPN is used based on the received tags.

To edit the SD-WAN template:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Templates.
  2. Double-click the Hub_SDWAN template to open it for editing.
  3. Under SD-WAN Rules, define a new rule:
    1. Click +Create New. The Create New SD-WAN Rule pane is displayed.
    2. Set the following options, and click OK:

      Name

      ToBranches_VPN1

      Source Address

      all

      Route Tag

      1

      Interface Preference

      VPN1

  4. Under SD-WAN Rules, define a second rule:
    1. Click +Create New. The Create New SD-WAN Rule pane is displayed.
    2. Set the following options, and click OK:

      Name

      ToBranches_VPN2

      Source Address

      all

      Route Tag

      2

      Interface Preference

      VPN2

  5. Click OK to save the template.
  6. Install the device settings to the branch and hub devices.