Fortinet black logo

Branch BGP signaling

7.2.0
Copy Link
Copy Doc ID 1a45e9c2-cd7a-11ec-bb32-fa163e15d75b:154747
Download PDF

Branch BGP signaling

Following is a summary of enabling route steering on branch devices:

  1. Edit BGP neighbors to define an access list for the branch LAN, define route maps that use the access list, and edit the BGP neighbors to send the route maps. See Editing BGP neighbors.
  2. Edit SD-WAN templates to define the conditions for when each route map is sen. See Editing SD-WAN templates.
  3. Install the device settings to the branch and hub devices.

Editing BGP neighbors

Edit the BGP neighbors to:

  • Define an access list for the branch LAN.
  • Define two (2) route maps using this access list, which adjusts the BGP community sent.
  • Edit the BGP neighbors to send these route maps.
To edit the BGP neighbor:
  1. Go to Device Manager > Provisioning Templates > BGP Templates, and double-click the ACME SD-WAN Overlay_branch_bgp template to open it for editing.
  2. Edit the neighbor that corresponds to the hub device's VPN1 interface:
    1. Double-click the neighbor. The Edit Neighbor pane is displayed.
    2. Beside Route Map Out Preferable, click the dropdown menu, and click +. The Create New Route Map pane is displayed.
    3. Set the following options:

      NamePrimary
      ID1
      Rules
      1. Click Create New. The Create New Route Map Rule pane is displayed.
      2. Toggle on Match IP address.
      3. Click the dropdown box, and click + > Access List. The Create New Access List pane is displayed.
      4. Set Name to LAN1.
      5. Under Rules, click Create New. The Create New Access List Rule pane is displayed.
      6. Set Type to Prefix.
      7. Set Prefix to Specify, and enter the desired subnet LAN, for example, 10.1.1.0/24. Repeat this step for any additional LANs.
      8. Click OK to save the access rule.
      9. Click OK to save the access list. The Create New Route Map Rule pane is displayed.
      10. In the Match IP address list, select the access list.
      11. Click OK to save the route map rule.
    4. Click OK to save the route map.
    5. In the Route Map Out Preferable, select the Primary route map.
    6. Under IPv4 Filtering, enable Route Map Out.
    7. Click the dropdown list, and click +. The Create New Route Map pane is displayed.
    8. Set the following options:

      NameOut-Of-SLA
      Rules
      1. Click Create New. The Create New Route Map Rule pane is displayed.
      2. Set ID to 1.
      3. Toggle on Match IP address.
      4. Click the dropdown box, select LAN1.
      5. Enable Set Community, and enter 65000:1.
      6. Click OK to save the route map rule.
    9. Click OK to save the route map.
    10. Set Route Map Out to Out-of-SLA.
    11. Click OK to save the HUB's VPN1 interface neighbor.
  3. Edit the second neighbor that corresponds to HUB VPN2 interface:
    1. Double-click the neighbor. The Edit Neighbor pane is displayed.
    2. Beside Route Map Out Preferable, click the dropdown menu, and click +. The Create New Route Map pane is displayed.
    3. Set the following options:

      NameSecondary
      ID1
      Rules
      1. Click Create New. The Create New Route Map Rule pane is displayed.
      2. Set ID to 1.
      3. Set Match IP address to LAN1.
      4. Enable Community, and enter 65000:2.
      5. Click OK to save the route map rule.
    4. Click OK to save the route map.
    5. Set Route Map Out to Out-of-SLA.
    6. Click OK to save the HUB's VPN2 interface neighbor.
  4. Click OK to save the BGP template.

Editing SD-WAN templates

Edit the SD-WAN neighbor to define the conditions for when each route map is sent.

To edit the SD-WAN template:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Templates.
  2. Double-click the Branches template to open it for editing.
  3. Under Neighbor, create a new neighbor for HUB’s VPN1:
    1. Click +Create New. The Create New SD-WAN Neighbor pane is displayed.
    2. Set the following options, and click OK:

      IP

      Specify the IP address of the HUB’s VPN1 interface

      Interface Member

      HUB1-VPN1

      Performance SLA

      HUB1_HC

      SLA

      1

      Role

      Standalone

  4. Under Neighbor, create a new neighbor for HUB’s VPN2:
    1. Click +Create New. The Create New SD-WAN Neighbor pane is displayed.
    2. Set the following options, and click OK:

      IP

      Specify the IP address of the HUB’s VPN2 interface

      Interface Member

      HUB1-VPN1

      Performance SLA

      HUB1_HC

      SLA

      1

      Role

      Standalone

  5. Click OK to save the template.
  6. Install the device settings to the branch and hub devices.

Branch BGP signaling

Following is a summary of enabling route steering on branch devices:

  1. Edit BGP neighbors to define an access list for the branch LAN, define route maps that use the access list, and edit the BGP neighbors to send the route maps. See Editing BGP neighbors.
  2. Edit SD-WAN templates to define the conditions for when each route map is sen. See Editing SD-WAN templates.
  3. Install the device settings to the branch and hub devices.

Editing BGP neighbors

Edit the BGP neighbors to:

  • Define an access list for the branch LAN.
  • Define two (2) route maps using this access list, which adjusts the BGP community sent.
  • Edit the BGP neighbors to send these route maps.
To edit the BGP neighbor:
  1. Go to Device Manager > Provisioning Templates > BGP Templates, and double-click the ACME SD-WAN Overlay_branch_bgp template to open it for editing.
  2. Edit the neighbor that corresponds to the hub device's VPN1 interface:
    1. Double-click the neighbor. The Edit Neighbor pane is displayed.
    2. Beside Route Map Out Preferable, click the dropdown menu, and click +. The Create New Route Map pane is displayed.
    3. Set the following options:

      NamePrimary
      ID1
      Rules
      1. Click Create New. The Create New Route Map Rule pane is displayed.
      2. Toggle on Match IP address.
      3. Click the dropdown box, and click + > Access List. The Create New Access List pane is displayed.
      4. Set Name to LAN1.
      5. Under Rules, click Create New. The Create New Access List Rule pane is displayed.
      6. Set Type to Prefix.
      7. Set Prefix to Specify, and enter the desired subnet LAN, for example, 10.1.1.0/24. Repeat this step for any additional LANs.
      8. Click OK to save the access rule.
      9. Click OK to save the access list. The Create New Route Map Rule pane is displayed.
      10. In the Match IP address list, select the access list.
      11. Click OK to save the route map rule.
    4. Click OK to save the route map.
    5. In the Route Map Out Preferable, select the Primary route map.
    6. Under IPv4 Filtering, enable Route Map Out.
    7. Click the dropdown list, and click +. The Create New Route Map pane is displayed.
    8. Set the following options:

      NameOut-Of-SLA
      Rules
      1. Click Create New. The Create New Route Map Rule pane is displayed.
      2. Set ID to 1.
      3. Toggle on Match IP address.
      4. Click the dropdown box, select LAN1.
      5. Enable Set Community, and enter 65000:1.
      6. Click OK to save the route map rule.
    9. Click OK to save the route map.
    10. Set Route Map Out to Out-of-SLA.
    11. Click OK to save the HUB's VPN1 interface neighbor.
  3. Edit the second neighbor that corresponds to HUB VPN2 interface:
    1. Double-click the neighbor. The Edit Neighbor pane is displayed.
    2. Beside Route Map Out Preferable, click the dropdown menu, and click +. The Create New Route Map pane is displayed.
    3. Set the following options:

      NameSecondary
      ID1
      Rules
      1. Click Create New. The Create New Route Map Rule pane is displayed.
      2. Set ID to 1.
      3. Set Match IP address to LAN1.
      4. Enable Community, and enter 65000:2.
      5. Click OK to save the route map rule.
    4. Click OK to save the route map.
    5. Set Route Map Out to Out-of-SLA.
    6. Click OK to save the HUB's VPN2 interface neighbor.
  4. Click OK to save the BGP template.

Editing SD-WAN templates

Edit the SD-WAN neighbor to define the conditions for when each route map is sent.

To edit the SD-WAN template:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Templates.
  2. Double-click the Branches template to open it for editing.
  3. Under Neighbor, create a new neighbor for HUB’s VPN1:
    1. Click +Create New. The Create New SD-WAN Neighbor pane is displayed.
    2. Set the following options, and click OK:

      IP

      Specify the IP address of the HUB’s VPN1 interface

      Interface Member

      HUB1-VPN1

      Performance SLA

      HUB1_HC

      SLA

      1

      Role

      Standalone

  4. Under Neighbor, create a new neighbor for HUB’s VPN2:
    1. Click +Create New. The Create New SD-WAN Neighbor pane is displayed.
    2. Set the following options, and click OK:

      IP

      Specify the IP address of the HUB’s VPN2 interface

      Interface Member

      HUB1-VPN1

      Performance SLA

      HUB1_HC

      SLA

      1

      Role

      Standalone

  5. Click OK to save the template.
  6. Install the device settings to the branch and hub devices.