Task 2 - Configure Spokes

GoalComplete NCC BGP configurations
TaskAccess newly created spokes and configure BGP
Verify task completionYou should see two BGP configruations for each NCC Fortigate spoke

Configure BGP for Spokes

After the previous section, we should now see a Hub and two Spokes in Network Connectivity Center. In this section, we will configure BGP on these Spokes.

  1. Click on Network Connectivity Center > SPOKES and select the first spoke

    Spokes Spokes

  2. Click the arrow next to the Instance name. And Click on CONFIGURE BGP SESSION to configure the first BGP Session. Notice that there are two sessions configure. This provides redundancy in case of a failure.

    Info

    Take note of the IP address next to the instance name. The picture below shows 10.15.0.2, but this may different in your lab. This IP will be used as the router ID when configuring BGP on the FortiGate in the next chapter.

    Spoke1 Spoke1

  3. Configure Cloud Router

    • For cloud router, select Create new router
    • Provide a Name
    • Provide an ASN. This will need to be a different ASN than is used for FortiGate. We will use 65100.
    • Set BGP peer keepalive interval to 20
    • For BGP identifier, leave it blank.
    • Click on CREATE & CONTINUE

    Cloud Router Cloud Router

    Info

    We will be configuring two bgp sessions for each FortiGate. There are two FortiGates deployed, one in us-central1 and one in us-east1. meaning we will be configuring a total of four bgp sessions.

  4. Configure BGP Sessions

    • Click on EDIT BGP SESSION to edit the first BGP session.
    • Select IPv4 BGP session
    • Type in a name for the session
    • For Peer ASN, we will use 65200 (This will be the ASN confgired on FortiGate)
    • Leave Advertised route priority (MED) empty.
    • Cloud Router BGP IP for the first session will be 10.15.0.252
    • Leave Advanced options as default
    • Click SAVE AND CONTINUE

    BGP Config BGP Config

    • Repeat for the second BGP session
      • Type in a different name for the BGP session
      • The Cloud Router BGP IP for the second session will be 10.15.0.253
    • When done click SAVE AND CONTINUE
    • Click CREATE
    • The end result will be two BGP Session configured for FortiGate one in the Central region

    spoke1 done spoke1 done

  5. Return to Network Connectivity Center > SPOKES and repeat steps 1 and 2 above for the FortiGate in US-EAST1

    Info

    We will reuse 65100 as the “Cloud Router ASN” when configuring the Cloud Router in us-east1. We will also reuse 65200 as the “Peer ASN” when configuring the BGP sessions in us-east1

    • All values will be the same with the below exceptions:
    • The names will need to be different
    • FortiGate BGP Session fgt2-1 will have Cloud Router BGP IP 10.16.0.252
    • FortiGate BGP Session fgt2-1 will have cloud Router BGP IP 10.16.0.253
    • The result should look like below:

    Spoke2 done Spoke2 done

Discussion

In this task, we created the GCP cloud router and BGP configurations which will be used to peer with the FortiGate Router Appliance. This will allow NCC to share routing information with FortiGate to allow connectivity between all GCP and on-prem resources.

Proceed to the next section