I think I know what needs to happen, but I'd like to make sure before starting the config:
All sites are using FortiGates for routing/firewall.
Company has 4 total sites - HQ, DR Branch, and two branches.
OSPF is currently in-place for static routes and directly-connected sites.
All sites currently connected with a layer 2 point-to-multipoint ring.
Currently, default routes are statically configured - HQ and DR sites have internet access. Branches point to HQ for their internet, DR uses its own because why not?
Goals:
- HQ is default for all branches except DR
- If HQ goes down, all sites use DR for internet access (easy - just make sure DR site is backup designated, manipulate ospf priority to do so).
- In general, DR should always only use its own internet (I can use a link monitor to disable the default route in case it goes down for an extended period, I think)
Point 3 is the tricky one - I want everything else to use HQ, but DR to only use its own unless ISP goes down and I'm not 100% sure how the cost manipulation should work.
No comments:
Post a Comment