Normally we expect the LAN prefixes to be summaried on the regional boundaries (that is, on the Hub-to-Hub EBGP peering). However, this is not always possible: network addressing is not always under customer's tight control.
This enhancement makes the LAN summarization optional.
In fact, it was already optional within the region. Now it becomes optional also for a multi-regional deployment.
Below we summarize the routing behavior.
Within a region:
If the LAN summary is configured:
It is automatically advertised to all the Spokes.
In a multi-VRF deployment, this advertisement is done for each CE VRF.
If the LAN summary is not configured:
The user must make sure that the Spokes have a valid route to all the LAN destinations via the overlay tunnels.
In a single-VRF deployment, this can be achieved simply by adding a static default route via the entire SD-WAN zone.
In the offline mode, this is automatically done by the Jinja Orchestrator.
In FortiManager-based deployment, this must be done externally.
In a multi-VRF deployment, such a default route must be added to each CE VRF, which becomes a burden.
The Jinja Orchestrator does not handle this.
Between regions:
If the LAN summary is configured:
It is automatically advertised over the Hub-to-Hub tunnels, aggregating the individual Spoke prefixes.
In a multi-VRF deployment, this advertisement is done for each CE VRF.
If the LAN summary is not configured:
All individual Spoke prefixes are advertised over the Hub-to-Hub tunnels, to guarantee inter-regional reachability.
These advertisements are not sent down to the Spokes of the remote region.
The expectation is, again, that Spokes have a valid route (e.g. default route) to all the LAN destinations via the overlay tunnels.
The bottom line is: we recommend configuring LAN summaries whenever the network addressing permits that, to guarantee the most scalable routing design. At the same time, we support network environments where this summarization is not possible.
Normally we expect the LAN prefixes to be summaried on the regional boundaries (that is, on the Hub-to-Hub EBGP peering). However, this is not always possible: network addressing is not always under customer's tight control.
This enhancement makes the LAN summarization optional.
In fact, it was already optional within the region. Now it becomes optional also for a multi-regional deployment. Below we summarize the routing behavior.
Within a region:
If the LAN summary is configured:
It is automatically advertised to all the Spokes.
In a multi-VRF deployment, this advertisement is done for each CE VRF.
If the LAN summary is not configured:
The user must make sure that the Spokes have a valid route to all the LAN destinations via the overlay tunnels.
In a single-VRF deployment, this can be achieved simply by adding a static default route via the entire SD-WAN zone.
In the offline mode, this is automatically done by the Jinja Orchestrator.
In FortiManager-based deployment, this must be done externally.
In a multi-VRF deployment, such a default route must be added to each CE VRF, which becomes a burden.
The Jinja Orchestrator does not handle this.
Between regions:
If the LAN summary is configured:
It is automatically advertised over the Hub-to-Hub tunnels, aggregating the individual Spoke prefixes.
In a multi-VRF deployment, this advertisement is done for each CE VRF.
If the LAN summary is not configured:
All individual Spoke prefixes are advertised over the Hub-to-Hub tunnels, to guarantee inter-regional reachability.
These advertisements are not sent down to the Spokes of the remote region.
The expectation is, again, that Spokes have a valid route (e.g. default route) to all the LAN destinations via the overlay tunnels.
The bottom line is: we recommend configuring LAN summaries whenever the network addressing permits that, to guarantee the most scalable routing design. At the same time, we support network environments where this summarization is not possible.