Please enable JavaScript.
Coggle requires JavaScript to display documents.
๐ฃ๏ธ Day 5 - Coggle Diagram
๐ฃ๏ธ Day 5
Static Routing & Failover
๐ What is IP Routing?
IP Routing is the process of forwarding packets between networks based on the destination IP address.
FortiGate as an IP Router:
Receives packets, checks the routing table, and forwards them to the correct interface.
Handles local-out traffic (traffic generated by FortiGate itself, like updates or pings).
๐ Routing Table (RIB & FIB)
RIB (Routing Information Base)
Logical table of all known routes (static, dynamic, and connected).
FIB (Forwarding Information Base)
Optimized table used by FortiGateโs kernel for actual packet forwarding.
Main Components:
Network: Destination subnet (e.g., 10.0.0.0/24)
Gateway IP: Next-hop router address
Interface: Outgoing interface
Distance: Route source preference (lower = higher priority)
Metric/Priority: Used to break ties between equal-distance routes
๐ Route Lookup Process
If multiple equal routes exist โ ECMP logic applies.
If no matching route โ traffic is dropped (โno route to hostโ).
Checks routing table for the most specific route (longest prefix match).
Lowest AD
Lowest Priority
Firewall checks for destination IP in directly connected networks.
โ๏ธ Static Routes
Manually configured routes defining how to reach specific networks.
Default Route (0.0.0.0/0):
Acts as a โcatch-allโ for unknown destinations.
Typically points to ISP gateway (e.g., 192.168.1.1).
Example Configuration:
config router static
edit 1
set dst 0.0.0.0/0
set gateway 192.168.1.1
set device "wan1"
next
end
end
๐๏ธ Administrative Distance
Determines which route source FortiGate prefers when multiple exist for the same destination.
Lower distance = more trusted route.
Default Administrative Distances:
Connected โ 0
Static โ 10
BGP (Internal) โ 200
BGP (External) โ 20
OSPF โ 110
RIP โ 120
Can be manually adjusted to influence failover preference.
๐ Static Route Failover
Enables automatic switch between primary and backup routes based on distance.
Primary Route โ Lower Distance (10)
Backup Route โ Higher Distance (20)
When WAN1 fails, FortiGate uses WAN2 automatically.
Example Configuration:
config router static
edit 1
set dst 0.0.0.0/0
set gateway 192.168.1.1
set device "wan1"
set distance 10
next
edit 2
set dst 0.0.0.0/0
set gateway 192.168.2.1
set device "wan2"
set distance 20
next
end
โ๏ธ Equal Cost Multi-Path (ECMP)
ECMP allows load balancing across multiple equal-cost routes.
All routes must have the same destination, distance, and metric.
Benefits:
Better bandwidth utilization
Improved redundancy and reliability
๐งฎ ECMP Load Balancing Algorithms
source-ip-based โ Select next hop based on source IP.
source-dest-ip-based โ Select next hop based on both source and destination IP.
weight-based โ Distribute traffic according to assigned weights.
usage-based โ Select next hop based on link usage.
Example Configuration:
config system settings
set v4-ecmp-mode <MODE>
end