Currently I'm trying to advertise my /22 IP Blocks using BGP using Fortigate 600E (OS 6.4.4). I understand a router it best fitted to do BGP but due to current financial situation, we cannot buy a router.
I have a X.X.120.0/22 IP Block that I'm advertising to two independent provider. I am advertising X.X.120.0/23 and X.X.120.0/22 via ISP1 and I am advertising X.X.122.0/23 and X.X.120.0/22 via ISP2. Each provider is sending me a default route and their respective IP Blocks. Using Weight, I can chose which default route I want entered in the routing table.
I assign a static IP on laptop of X.X.120.2, Gateway .1. If I make the default route from ISP1 to go in the routing table, everything is ok. If make the default route of ISP2 to go in the routing table, I am unable to browse. DIG DNS (UDP), PING (ICMP), and traceroute work ok. I do notice that I can browse some google or youtube sites but this is because its served using UDP. With this, it seems that its affecting TCP traffic only.
I even tried adjusting the TCP MSS (1300 - 1430) but that didnt help.
If I turn off ISP1 link, everything works using ISP2 only. If I turn off ISP2 link, everything works using ISP1 only.
The reason I'm trying to advertise two /23 is for loadbalancing and to maximize the link usage since each link is not cheap.
Things I've tried: * enabled asymmetric routing * enabled tcp-session-without-syn in both in to out and out to in firewall rules. * enabled auxiliary-session * route look up matches the default route. * policy look up matches the in to out firewall rule. I have a support case opened with fortinet but even them seem to be lost and puzzled.
No comments:
Post a Comment