The following procedure explains how to configure dynamic routing on the hub and spokes, and configure Policy Based Routing on the spokes.
Procedure
Step 1 | Configure dynamic routing for the hub using BGP.
-
Choose Device > Device Management > Routing.
-
On the left pane, choose General Settings > BGP.
-
Check the Enable BGP check box and enter the AS number.
You can configure the other fields as per your requirement.
-
Click Save.
-
On the left pane, choose BGP > IPv4.
-
Check the Enable IPv4 check box.
-
Click the Neighbor tab, click Add and configure the parameters.
-
IP Address: Enter the tunnel interface IP address of Spoke 1.
-
Remote AS: AS number of Spoke 1.
-
Check the Enabled Address check box.
-
Click OK.
Repeat the above steps to add Spoke 2 as a neighbor.
-
Click Save.
-
Click the Networks tab and click Add to advertise the network behind the hub to the peers.
|
Step 2 | Configure dynamic routing for the spokes using BGP.
The BGP configuration for the spokes is similar to that of the hub except for the following differences:
-
Configure Hub 1 and Hub 2 as the neighbors for both the spokes and use the tunnel interface IP address of the hubs.
-
When you configure networks, use the network behind each spoke.
|
Step 3 | Configure Policy Based Routing on the spokes.
-
On the left pane, choose Policy Based Routing and click Add.
-
Choose the Ingress Interface from the drop-down list.
-
Click Add to configure a Match ACL.
For example, for spoke 1, source network is 192.168.20.0/24 and destination network is 192.168.10.0/24.
-
Choose Egress Interfaces from the Send to drop-down list.
-
Choose Order from the Interface Ordering drop-down list.
-
Select the SVTI-1 and SVTI-2 interfaces as the egress interfaces.
-
Click Save.
If you want to use the hubs as a load-balancing pair, you must configure ECMP.
|
Step 4 | Deploy the configurations on the hub and spokes. |
What to do next
Verify the configurations and tunnel statuses. For more information, see Verify the Multiple Hubs Configuration in a Route-based VPN.