I have an edge network with 2 ISPs terminating on 2 separate routers. Both ISP's will peer BGP and we'll advertise some ARIN assigned IP space to them. Both of the ISP's are sending us local+1 routes and a default route. Both of those routers connect to L3 switches downstream which are peered iBGP with the routers in a mesh fashion and will only accept the default route.
Our firewalls will sit downstream from the switches and will have links to both switches and use ECMP BGP (fortinet) through a VIP on the switches VRRP or HSRP staggered between 2 /30s to the 2 wan ports on the firewall.
Everything works but I can figure out how to get the default route to flow through to the fortinets, the switches aren't advertising them because they are learned through iBGP. I tried the neighbor default originate command and no luck.
The only solution that seems to work is use a different AS number on the fortigates but they will advertise some public IP routes as well so that could be a problem with the ISP.
I'm sure this is something simple or my design is just terrible but I've hit a wall and figured I'd ask.
Mockup in GNS3 below... disregard the cloud thing attached.
The goal is for the fortigates to receive default routes but be able to advertise to BGP also routes originating.
No comments:
Post a Comment