BGP Prefix Paths and SD-WAN

Questions and Answers

Which direction must fec-egress be enabled in order for FortiGate to send parity packets?

Egress (correct)

Neither Ingress nor Egress

Both Ingress and Egress

Ingress

Which direction must fec-ingress be enabled in order for FortiGate to process parity packets sent by the remote FortiGate?

Both Ingress and Egress

Egress

Neither Ingress nor Egress

Ingress (correct)

What must be enabled on the firewall policy that matches the traffic you want to generate parity packets for?

FEC (correct)

Neither FEC nor Hardware Offloading

Hardware Offloading

Both FEC and Hardware Offloading

What does FortiOS automatically do on sessions that are subject to FEC?

Manually disable hardware offloading

What does FortiGate use for original and parity packets when FEC is enabled?

Specific security payload index

What does a packet capture taken using the example configuration show?

Original and parity packets

What is the impact of FEC on the quality of IPsec overlays?

Positive impact

What is the reported packet loss before enabling FEC?

27%

What is the reported packet loss after increasing fec-redundant to 3?

1%

What should you keep in mind when increasing the value of fec-redundant?

Increased bandwidth usage

Which of the following is true about FortiGate's default behavior when advertising BGP prefixes?

FortiGate advertises one path per prefix by default.

In the SD-WAN overlay deployment shown, how many paths does the hub reflect for each prefix?

One path

Why is it recommended to have sites learn all available paths to all possible destinations in SD-WAN?

To ensure SD-WAN rules are not skipped.

How many paths does the hub learn for the prefix 10.0.1.0/24 in the diagram on this slide?

Two paths

What are the next hop addresses for the two paths learned by the hub for the prefix 10.0.1.0/24?

10.201.1.1 and 10.202.1.1

How many additional paths does the hub send in addition to the two paths it learns for the prefix 10.0.1.0/24?

Two additional paths

What is the purpose of configuring the spoke to receive any additional paths sent by the neighbor?

To allow the spoke to learn all available paths for a prefix.

How many routes does spoke2 receive for the prefix 10.0.1.0/24 from the hub?

Four routes

What does the routing table on spoke2 show for the prefix 10.0.1.0/24?

Duplicate routes

What does the hub do to the prefixes learned from clients?

Reflects the prefixes to all peers.

Which command can be used to view the identified paths in FortiGate's BGP configuration?

get router info bgp network

How can you control the number of selected identified paths to be advertised by the hub in FortiGate's BGP configuration?

By enabling additional-path-select setting

What does FortiOS 7.0.1 and 6.4.7 do with duplicate routes in the routing table?

Consolidates them for cosmetic purposes

What is the purpose of Forward Error Correction (FEC) in FortiGate's IPsec overlays?

To reduce the number of retransmissions

Which command can be used to configure FEC on an IPsec overlay in FortiGate?

CLI configuration

What happens if the fec-send-timeout period is reached in FortiGate's FEC configuration?

FortiGate sends the parity packets regardless of fec-base

Which SPI is used for both original and parity packets in FortiGate's FEC implementation?

0x00000001

What is the purpose of parity packets in FortiGate's FEC implementation?

To contain error-correcting data

Which FortiGate version introduced the consolidation of duplicate routes in the routing table?

FortiOS 7.0.0 and 6.4.7

What is the recommended use case for Forward Error Correction (FEC) in FortiGate's IPsec overlays?

Delivering a better user experience for business-critical applications