Fortinet black logo

Handbook

Configuring SD-WAN load balancing

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:49719
Download PDF

Configuring SD-WAN load balancing

Specify the SD-WAN load balancing method that you want the FortiGate to use for all Internet traffic between SD-WAN interface members.

Specify the SD-WAN load balancing method – GUI
  1. Go to Network > SD-WAN Rules.
  2. Select the rule named sd-wan and select Edit.

    The load balancing options are displayed.

  3. In the Load Balancing Algorithm field, select one of the following options:
  4. GUI option

    Description

    Additional configuration steps

    Source IP

    The FortiGate divides traffic equally between the interfaces included in the SD-WAN interface. However, sessions that start at the same source IP address use the same path. This is the default.

    None

    Sessions

    The FortiGate distributes the work load based on the number of sessions that are connected through the interfaces.

    The FortiGate uses the weight that you assign to each interface to calculate a percentage of the total sessions that are allowed to connect through each interface. The FortiGate then distributes the number of sessions between the interfaces accordingly. Sessions with the same source and destination IP addresses (src-ip and dst-ip) will be forwarded to the same path, but will still be considered in later session ratio calculations.

    In the Weight column, set a weight distribution (integer value) for each interface.

    The pie chart shows the percentage of sessions that are distributed between the interfaces.

    Spillover

    If the amount of traffic bandwidth on an interface exceeds the ingress or egress thresholds that you set for that interface, the FortiGate sends additional traffic through one of the other SD-WAN member interfaces.

    In the Ingress Spillover Threshold column, set a threshold (in kbps) for each interface. In the Egress Spillover Threshold column, set a threshold (in kbps) for each interface.

    The pie chart shows the percentage of spillover thresholds that are distributed between the interfaces.

    Source-Destination IP

    The FortiGate divides traffic equally between the interfaces included in the SD-WAN interface.

    However, sessions that start at the same source IP address and go to the same destination IP address use the same path.

    None

    Volume

    The FortiGate distributes the work load based on the amount of packets going through the interfaces.

    The FortiGate uses the volume weight that you assign to each interface to calculate a percentage of the total bandwidth that’s allowed to go through each interface. The FortiGate then distributes the bandwidth between the interfaces accordingly.

    In the Weight column, set a weight distribution (integer value) for each interface.

    The pie chart shows the percentage of bandwidth that’s distributed between the interfaces.

  5. Click OK.
Specify the SD-WAN load balancing method – CLI

config system virtual-wan-link

set load-balance-mode {source-ip-based | weight-based | usage-based | source-dest-ip-based | measured-volume-based}

end

Where you set one of the following options:

CLI option

Description

Additional configuration steps

source-ip-based

This is the same as the Source IP option in the GUI.

None

weight-based

This is the same as the Sessions option in the GUI.

Set a weight for each interface:

config members

edit <sequence_number>

set weight <weight>

next

end

The range is 0 to 255.

usage-based

This is the same as the Spillover option in the GUI.

Set ingress and egress thresholds for each interface:

config members

edit <sequence_number>

set spillover-threshold <threshold>

set ingress-spillover-threshold <threshold>

next

end

The range for both thresholds is 0 to 16776000 kbps.

source-dest-ip-based

This is the same as the Source-Destination IP option in the GUI.

None

measured-volume-based

This is the same as the Volume option in the GUI.

Set a volume weight for each interface:

config members

edit <sequence_number>

set volume-ratio <weight>

next

end

The range is 0 to 255.

Configuring SD-WAN load balancing

Specify the SD-WAN load balancing method that you want the FortiGate to use for all Internet traffic between SD-WAN interface members.

Specify the SD-WAN load balancing method – GUI
  1. Go to Network > SD-WAN Rules.
  2. Select the rule named sd-wan and select Edit.

    The load balancing options are displayed.

  3. In the Load Balancing Algorithm field, select one of the following options:
  4. GUI option

    Description

    Additional configuration steps

    Source IP

    The FortiGate divides traffic equally between the interfaces included in the SD-WAN interface. However, sessions that start at the same source IP address use the same path. This is the default.

    None

    Sessions

    The FortiGate distributes the work load based on the number of sessions that are connected through the interfaces.

    The FortiGate uses the weight that you assign to each interface to calculate a percentage of the total sessions that are allowed to connect through each interface. The FortiGate then distributes the number of sessions between the interfaces accordingly. Sessions with the same source and destination IP addresses (src-ip and dst-ip) will be forwarded to the same path, but will still be considered in later session ratio calculations.

    In the Weight column, set a weight distribution (integer value) for each interface.

    The pie chart shows the percentage of sessions that are distributed between the interfaces.

    Spillover

    If the amount of traffic bandwidth on an interface exceeds the ingress or egress thresholds that you set for that interface, the FortiGate sends additional traffic through one of the other SD-WAN member interfaces.

    In the Ingress Spillover Threshold column, set a threshold (in kbps) for each interface. In the Egress Spillover Threshold column, set a threshold (in kbps) for each interface.

    The pie chart shows the percentage of spillover thresholds that are distributed between the interfaces.

    Source-Destination IP

    The FortiGate divides traffic equally between the interfaces included in the SD-WAN interface.

    However, sessions that start at the same source IP address and go to the same destination IP address use the same path.

    None

    Volume

    The FortiGate distributes the work load based on the amount of packets going through the interfaces.

    The FortiGate uses the volume weight that you assign to each interface to calculate a percentage of the total bandwidth that’s allowed to go through each interface. The FortiGate then distributes the bandwidth between the interfaces accordingly.

    In the Weight column, set a weight distribution (integer value) for each interface.

    The pie chart shows the percentage of bandwidth that’s distributed between the interfaces.

  5. Click OK.
Specify the SD-WAN load balancing method – CLI

config system virtual-wan-link

set load-balance-mode {source-ip-based | weight-based | usage-based | source-dest-ip-based | measured-volume-based}

end

Where you set one of the following options:

CLI option

Description

Additional configuration steps

source-ip-based

This is the same as the Source IP option in the GUI.

None

weight-based

This is the same as the Sessions option in the GUI.

Set a weight for each interface:

config members

edit <sequence_number>

set weight <weight>

next

end

The range is 0 to 255.

usage-based

This is the same as the Spillover option in the GUI.

Set ingress and egress thresholds for each interface:

config members

edit <sequence_number>

set spillover-threshold <threshold>

set ingress-spillover-threshold <threshold>

next

end

The range for both thresholds is 0 to 16776000 kbps.

source-dest-ip-based

This is the same as the Source-Destination IP option in the GUI.

None

measured-volume-based

This is the same as the Volume option in the GUI.

Set a volume weight for each interface:

config members

edit <sequence_number>

set volume-ratio <weight>

next

end

The range is 0 to 255.