Scribd
Upload
123 views12 pages

SDWAN BiDir

SD WAN Fortinet

Uploaded by

Erick Vinicio Sanchez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
123 views12 pages

SDWAN BiDir

SD WAN Fortinet

Uploaded by

Erick Vinicio Sanchez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Demo

Agenda

1 Topología

2 Bidirectional SD-WAN (BGP)

3 Configuración Spoke

4 Configuración Hub

© Fortinet Inc. All Rights Reserved. 2


Topología
Hub 1

Hub

HA

Internet

WAN 1 WAN 2 MPLS

Branch 1 Branch 2 Branch 3

© Fortinet Inc. All Rights Reserved. 3


Bidirectional SD-WAN (BGP)
 Sondeo pasivo en el HQ/DC
 SLA puede modificar el anuncio BGP dependiendo de la calidad del enlace

BGP comunidad 65000:1


Informa al Hub que el enlace
está dentro del SLA
Hub 1

Branch 1
Hub

HA

Anuncio BGP

Branch 2
Enlace con SLA válido
© Fortinet Inc. All Rights Reserved. 4
Bidirectional SD-WAN (BGP)
 Spokes “comparte” la calidad del enlace con el HUB
 El HUB no consume ancho de banda con sondeo activo

BGP comunidad 65000:1


Informa al Hub que el enlace
está dentro del SLA
Hub 1

Branch 1
Hub

BGP comunidad 65000:2


Informa al Hub que el enlace
está fuera del SLA HA

Anuncio BGP

Enlace con SLA válido

Enlace con SLA no válido


Branch 2

© Fortinet Inc. All Rights Reserved. 5


Configuración Spoke
config router bgp
set as 65100 config router route-map
set router-id 192.168.66.14 edit "10.10.10.1" edit "Out-of-SLA"
set ibgp-multipath enable set advertisement-interval 1 config rule
set additional-path enable set bfd enable edit 1
set graceful-restart enable set link-down-failover enable set match-ip-address "LAN"
set additional-path-select 4 set next-hop-self enable set set-community "65100:5"
config neighbor set soft-reconfiguration enable next
edit "10.10.8.1" set remote-as 65100 end
set advertisement-interval 1 set route-map-out "Out-of-SLA" next
set bfd enable set route-map-out-preferable "Tertiary" edit "Primary"
set link-down-failover enable set connect-timer 1 config rule
set next-hop-self enable set additional-path both edit 1
set soft-reconfiguration enable next set match-ip-address "LAN"
set remote-as 65100 end set set-community "65100:1"
set route-map-out "Out-of-SLA" end next
set route-map-out-preferable "Primary" end
set connect-timer 1 next
set additional-path both edit "Secondary"
next config rule
edit "10.10.9.1" edit 1
set advertisement-interval 1 set match-ip-address "LAN"
set bfd enable set set-community "65100:2"
set link-down-failover enable next
set next-hop-self enable end
set soft-reconfiguration enable next
set remote-as 65100 edit "Tertiary"
set route-map-out "Out-of-SLA" config rule
set route-map-out-preferable "Secondary" edit 1
set connect-timer 1 set match-ip-address "LAN"
set additional-path both set set-community "65100:3"
next next
end end
next
end
© Fortinet Inc. All Rights Reserved. 6
Configuración Spoke
config system sdwan
config health-check
edit "DC1"
set server "192.168.63.1"
set sla-fail-log-period 30
set sla-pass-log-period 60
set members 3 4 5
config sla
edit 1
set latency-threshold 50
next
end
next
end
config neighbor
edit "10.10.8.1"
set member 3
set health-check "DC1"
set sla-id 1
next
edit "10.10.9.1"
set member 4
set health-check "DC1"
set sla-id 1
next
edit "10.10.10.1"
set member 5
set health-check "DC1"
set sla-id 1
next
end
end
© Fortinet Inc. All Rights Reserved. 7
Configuración Hub
config router bgp config router route-map
set as 65100 edit "RM_ISP1_IN"
set router-id 192.168.69.254 config rule
set ibgp-multipath enable edit 3
set additional-path enable set match-community "65100:1"
set graceful-restart enable set set-route-tag 1
set additional-path-select 4 next
config neighbor-group edit 4
edit "BGP_ISP1" set match-community "65100:5"
set advertisement-interval 1 set set-route-tag 5
set bfd enable next
set link-down-failover enable end
set soft-reconfiguration enable next
set remote-as 65100 edit "RM_ISP2_IN"
set route-map-in "RM_ISP1_IN" config rule
set additional-path both edit 3
set route-reflector-client enable set match-community "65100:2"
next set set-route-tag 2
edit "BGP_ISP2" next
set advertisement-interval 1 edit 4
set bfd enable set match-community "65100:5"
set link-down-failover enable set set-route-tag 5
set soft-reconfiguration enable next
set remote-as 65100 end
set route-map-in "RM_ISP2_IN" next
set additional-path both edit "RM_MPLS_IN"
set route-reflector-client enable config rule
next edit 3
edit "BGP_MPLS" set match-community "65100:3"
set advertisement-interval 1 set set-route-tag 3
set bfd enable next
set link-down-failover enable edit 4
set soft-reconfiguration enable set match-community "65100:5"
set remote-as 65100 set set-route-tag 5
set route-map-in "RM_MPLS_IN" next
set additional-path both end
set route-reflector-client enable next © Fortinet Inc. All Rights Reserved. 8
next
Configuración Hub

config system sdwan


config members config service
edit 3 edit 1
set interface "VPN_ISP1" set name "To_Tag1"
set zone "overlay" set route-tag 1
set gateway 10.10.8.1 set src "all"
next set priority-members 3
edit 4 next
set interface "VPN_ISP2" edit 2
set zone "overlay" set name "To_Tag2"
set gateway 10.10.9.1 set route-tag 2
next set src "all"
edit 5 set priority-members 4
set interface "VPN_MPLS" next
set zone "overlay" edit 3
set gateway 10.10.10.1 set name "To_Tag3"
next set route-tag 3
end set src "all"
set priority-members 5
next
end

© Fortinet Inc. All Rights Reserved. 9


Bidirectional SD-WAN (BGP)
SLA OK: Comunidad 65000:1
Internet 1
Hub 1

SLA OK: Comunidad 65000:2 Comunidad 65000:1 > Route-Tag 1


Internet 2
Comunidad 65000:2 > Route-Tag 2
Hub
SLA OK: Comunidad 65000:3
Branch 1 MPLS Comunidad 65000:3 > Route-Tag 3

HA Comunidad 65000:5 > Route-Tag 5


SLA NOK: Comunidad 65000:5
MPLS

Internet 1 Hub 1 Route-Tag 1 > Internet 1

Internet 2 SD-WAN Hub Route-Tag 2 > Internet 2

MPLS
Route-Tag 3 > MPLS

© Fortinet Inc. All Rights Reserved. 10


Demo
© Fortinet Inc. All Rights Reserved. 11

You might also like