Fortinet black logo

SD-WAN / SD-Branch Architecture for MSSPs

Home FortiGate / FortiOS 7.2.0 SD-WAN / SD-Branch Architecture for MSSPs
7.2.0
7.2.0
7.0.0
6.4.0

Planning guidelines

Planning guidelines

  1. During the design stage, we must allocate a tunnel subnet to each overlay in the region. Remember that we create a separate overlay per Hub and over each underlay transport! Every such overlay will require its own unique tunnel subnet.

    For example, for a Dual-Hub region with two underlay transports, a total of four different tunnel subnets will be required. The size of the subnets is determined by the size of the region: it must accommodate all the Spokes and of course the Hubs themselves.

    Note

    For the ease of configuration, we recommend making your tunnel subnets summarizable. For example, you can use tunnel subnets 10.201.1.0/24, 10.202.1.0/24, ..., all of which can be summarized by 10.200.0.0/14.

  2. On the Hubs, the tunnel IPs must be configured manually.
    For the Spokes, however, we can utilize IKE Mode Config, to let the Hubs automatically allocate the tunnel IPs to each connecting Spoke.

    Note

    Using IKE Mode Config is not mandatory. Manually allocating and configuring tunnel IPs on the Spokes can simplify the troubleshooting, since it will be easier to identify the originator of each route, based on its BGP NH. The trade-off is the extra effort in allocating and configuring the tunnel IPs for all the devices and all the overlays.
Note

Make sure you consult the SD-WAN Deployment for MSSPs Guide for more details and follow the recommended configuration approach!
Previous
Next

Planning guidelines

  1. During the design stage, we must allocate a tunnel subnet to each overlay in the region. Remember that we create a separate overlay per Hub and over each underlay transport! Every such overlay will require its own unique tunnel subnet.

    For example, for a Dual-Hub region with two underlay transports, a total of four different tunnel subnets will be required. The size of the subnets is determined by the size of the region: it must accommodate all the Spokes and of course the Hubs themselves.

    Note

    For the ease of configuration, we recommend making your tunnel subnets summarizable. For example, you can use tunnel subnets 10.201.1.0/24, 10.202.1.0/24, ..., all of which can be summarized by 10.200.0.0/14.

  2. On the Hubs, the tunnel IPs must be configured manually.
    For the Spokes, however, we can utilize IKE Mode Config, to let the Hubs automatically allocate the tunnel IPs to each connecting Spoke.

    Note

    Using IKE Mode Config is not mandatory. Manually allocating and configuring tunnel IPs on the Spokes can simplify the troubleshooting, since it will be easier to identify the originator of each route, based on its BGP NH. The trade-off is the extra effort in allocating and configuring the tunnel IPs for all the devices and all the overlays.
Note

Make sure you consult the SD-WAN Deployment for MSSPs Guide for more details and follow the recommended configuration approach!
Previous
Next