Fortinet black logo

Administration Guide

Best quality strategy

Best quality strategy

SD-WAN rules are used to control how sessions are distributed to SD-WAN members. Rules can be configured in one of five modes:

  • auto: Interfaces are assigned a priority based on quality.
  • Manual (manual): Interfaces are manually assigned a priority.
  • Best Quality (priority): Interface are assigned a priority based on the link-cost-factor of the interface.
  • Lowest Cost (SLA) (sla): Interfaces are assigned a priority based on selected SLA settings. See Lowest cost (SLA) strategy.
  • Maximize Bandwith (SLA) (load-balance): Traffic is distributed among all available links based on the selected load balancing algorithm. See Maximize bandwidth (SLA) strategy.

When using Best Quality mode, SD-WAN will choose the best link to forward traffic by comparing the link-cost-factor, selected from one of the following:

GUI

CLI

Description

Latency

latency

Select a link based on latency.

Jitter

jitter

Select a link based on jitter.

Packet Loss

packet-loss

Select a link based on packet loss.

Downstream

inbandwidth

Select a link based on available bandwidth of incoming traffic.

Upstream

outbandwidth

Select a link based on available bandwidth of outgoing traffic.

Bandwidth

bibandwidth

Select a link based on available bandwidth of bidirectional traffic.

Customized profile

custom-profile-1

Select link based on customized profile. If selected, set the following weights:

  • packet-loss-weight: Coefficient of packet-loss.
  • latency-weight: Coefficient of latency.
  • jitter-weight: Coefficient of jitter.
  • bandwidth-weight: Coefficient of reciprocal of available bidirectional bandwidth.

If the Downstream (inbandwidth), Upstream (outbandwidth), or Bandwidth (bibandwidth) quality criteria is used, the FortiGate will compare the bandwidth based on the configured upstream and downstream bandwidth values.

The interface speedtest can be used to populate the bandwidth values based on the speedtest results. See Interface speedtest for details.

To manually configure the upstream and downstream bandwidth values:
config system interface
    edit <interface>
        set estimated-upstream-bandwidth <speed in kbps>
        set estimated-downstream-bandwidth <speed in kbps>
    next
end

Example

In this example, your wan1 and wan2 SD-WAN interfaces connect to two ISPs that both go to the public internet, and you want Gmail services to use the link with the least latency.

To configure an SD-WAN rule to use Best Quality:
  1. On the FortiGate, add wan1 and wan2 as SD-WAN members, then add a policy and static route. See SD-WAN quick start for details.
  2. Create a new Performance SLA named google. See Link monitoring example.
  3. Go to Network > SD-WAN Rules.
  4. Click Create New. The Priority Rule page opens.
  5. Enter a name for the rule, such as gmail.
  6. Configure the following settings:

    Field

    Setting

    Internet Service

    Google-Gmail

    Strategy

    Best Quality

    Interface preference

    wan1 and wan2

    Measured SLA

    google (created in step 2).

    Quality criteria

    Latency

  7. Click OK to create the rule.
To configure an SD-WAN rule to use priority:
config system sdwan
    config health-check
        edit "google"
            set server "google.com"
            set members 1 2
        next
    end
    config service
        edit 1
            set name "gmail"
            set mode priority
            set internet-service enable
            set internet-service-id 65646
            set health-check "google"
            set link-cost-factor latency
            set priority-members 1 2
        next
    end
end
To diagnose the Performance SLA status:
FGT # diagnose sys sdwan health-check google
Health Check(google):
Seq(1): state(alive), packet-loss(0.000%) latency(14.563), jitter(4.334) sla_map=0x0
Seq(2): state(alive), packet-loss(0.000%) latency(12.633), jitter(6.265) sla_map=0x0

FGT # diagnose sys sdwan service 1
Service(1):

    TOS(0x0/0x0), protocol(0: 1->65535), Mode(priority), link-cost-facotr(latency), link-cost-threshold(10), health-check(google) Members:

        1: Seq_num(2), alive, latency: 12.633, selected
        2: Seq_num(1), alive, latency: 14.563, selected

    Internet Service: Google-Gmail(65646)

As wan2 has a smaller latency, SD-WAN will put Seq_num(2) on top of Seq_num(1) and wan2 will be used to forward Gmail traffic.

More Links

Best quality strategy

SD-WAN rules are used to control how sessions are distributed to SD-WAN members. Rules can be configured in one of five modes:

  • auto: Interfaces are assigned a priority based on quality.
  • Manual (manual): Interfaces are manually assigned a priority.
  • Best Quality (priority): Interface are assigned a priority based on the link-cost-factor of the interface.
  • Lowest Cost (SLA) (sla): Interfaces are assigned a priority based on selected SLA settings. See Lowest cost (SLA) strategy.
  • Maximize Bandwith (SLA) (load-balance): Traffic is distributed among all available links based on the selected load balancing algorithm. See Maximize bandwidth (SLA) strategy.

When using Best Quality mode, SD-WAN will choose the best link to forward traffic by comparing the link-cost-factor, selected from one of the following:

GUI

CLI

Description

Latency

latency

Select a link based on latency.

Jitter

jitter

Select a link based on jitter.

Packet Loss

packet-loss

Select a link based on packet loss.

Downstream

inbandwidth

Select a link based on available bandwidth of incoming traffic.

Upstream

outbandwidth

Select a link based on available bandwidth of outgoing traffic.

Bandwidth

bibandwidth

Select a link based on available bandwidth of bidirectional traffic.

Customized profile

custom-profile-1

Select link based on customized profile. If selected, set the following weights:

  • packet-loss-weight: Coefficient of packet-loss.
  • latency-weight: Coefficient of latency.
  • jitter-weight: Coefficient of jitter.
  • bandwidth-weight: Coefficient of reciprocal of available bidirectional bandwidth.

If the Downstream (inbandwidth), Upstream (outbandwidth), or Bandwidth (bibandwidth) quality criteria is used, the FortiGate will compare the bandwidth based on the configured upstream and downstream bandwidth values.

The interface speedtest can be used to populate the bandwidth values based on the speedtest results. See Interface speedtest for details.

To manually configure the upstream and downstream bandwidth values:
config system interface
    edit <interface>
        set estimated-upstream-bandwidth <speed in kbps>
        set estimated-downstream-bandwidth <speed in kbps>
    next
end

Example

In this example, your wan1 and wan2 SD-WAN interfaces connect to two ISPs that both go to the public internet, and you want Gmail services to use the link with the least latency.

To configure an SD-WAN rule to use Best Quality:
  1. On the FortiGate, add wan1 and wan2 as SD-WAN members, then add a policy and static route. See SD-WAN quick start for details.
  2. Create a new Performance SLA named google. See Link monitoring example.
  3. Go to Network > SD-WAN Rules.
  4. Click Create New. The Priority Rule page opens.
  5. Enter a name for the rule, such as gmail.
  6. Configure the following settings:

    Field

    Setting

    Internet Service

    Google-Gmail

    Strategy

    Best Quality

    Interface preference

    wan1 and wan2

    Measured SLA

    google (created in step 2).

    Quality criteria

    Latency

  7. Click OK to create the rule.
To configure an SD-WAN rule to use priority:
config system sdwan
    config health-check
        edit "google"
            set server "google.com"
            set members 1 2
        next
    end
    config service
        edit 1
            set name "gmail"
            set mode priority
            set internet-service enable
            set internet-service-id 65646
            set health-check "google"
            set link-cost-factor latency
            set priority-members 1 2
        next
    end
end
To diagnose the Performance SLA status:
FGT # diagnose sys sdwan health-check google
Health Check(google):
Seq(1): state(alive), packet-loss(0.000%) latency(14.563), jitter(4.334) sla_map=0x0
Seq(2): state(alive), packet-loss(0.000%) latency(12.633), jitter(6.265) sla_map=0x0

FGT # diagnose sys sdwan service 1
Service(1):

    TOS(0x0/0x0), protocol(0: 1->65535), Mode(priority), link-cost-facotr(latency), link-cost-threshold(10), health-check(google) Members:

        1: Seq_num(2), alive, latency: 12.633, selected
        2: Seq_num(1), alive, latency: 14.563, selected

    Internet Service: Google-Gmail(65646)

As wan2 has a smaller latency, SD-WAN will put Seq_num(2) on top of Seq_num(1) and wan2 will be used to forward Gmail traffic.