05-11-2024 05:53 PM
I recently started a new job and they have their firewalls setup with two circuit connections.
Primary is MPLS running BGP and secondary is internet with a Site to Site VPN and static routes pointing to this tunnel.
I'm not aware of what has been set/configured to make the traffic choose the MPLS/BGP interface vs the Site to Site interface, in my mind since the tunnel has static routes pointing to it in the VR it would have precedence. I'm mainly curious for when I need to setup a new site, how to make sure it chooses the MPLS/BGP interface connection over the Site to Site tunnel interface. Thanks in advance.
05-12-2024 02:44 PM
Hello @C.Rowe724515
thanks for posting.
There are two things that come to my mind. Either BGP learned routes have smaller prefixes compared to what is configured with static routes or static routes are configured with higher administrative distance.
Could you go to: Network > Virtual Router > [VR name] > More Runtime Stats > Routing > Forwarding Table. Refer to destination column, then check subnet masks of routes from remote sites. If these routes have more specific subnet mask to what is configured in static routes, then BGP learned routes will take a precedence.
Regarding administrative distance, could you go to: Network > Virtual Router > [VR name] > Router Settings, then refer to Administrative Distances. If all prefixes have the same length, then a tie breaker will be the Administrative Distance (Lower value is preferred). In your case if BGP routes are in forwarding table, then static routes should have higher Administrative Distance value than BGP.
Kind Regards
Pavel
05-12-2024 02:44 PM
Hello @C.Rowe724515
thanks for posting.
There are two things that come to my mind. Either BGP learned routes have smaller prefixes compared to what is configured with static routes or static routes are configured with higher administrative distance.
Could you go to: Network > Virtual Router > [VR name] > More Runtime Stats > Routing > Forwarding Table. Refer to destination column, then check subnet masks of routes from remote sites. If these routes have more specific subnet mask to what is configured in static routes, then BGP learned routes will take a precedence.
Regarding administrative distance, could you go to: Network > Virtual Router > [VR name] > Router Settings, then refer to Administrative Distances. If all prefixes have the same length, then a tie breaker will be the Administrative Distance (Lower value is preferred). In your case if BGP routes are in forwarding table, then static routes should have higher Administrative Distance value than BGP.
Kind Regards
Pavel
05-13-2024 05:30 AM
Thank you, after checking I do see that the routes in the forwarding table are more specific than the static routes which are all /16's.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
