Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Related Videos

sidebar video

SD-WAN Rule Improvement: Load Balancing

  • 2,096 views
  • 2 years ago

More Links

Manual interface speedtest

Administration Guide

Download PDF
Copy Link

Maximize bandwidth (SLA) strategy

SD-WAN rules are used to control how sessions are distributed to SD-WAN members. Rules can be configured in one of five modes:

  • auto: Interfaces are assigned a priority based on quality.
  • Manual (manual): Interfaces are manually assigned a priority.
  • Best Quality (priority): Interface are assigned a priority based on the link-cost-factor of the interface. See Best quality strategy.
  • Lowest Cost (SLA) (sla): Interfaces are assigned a priority based on selected SLA settings. See Lowest cost (SLA) strategy.
  • Maximize Bandwidth (SLA) (load-balance): Traffic is distributed among all available links based on the selected load balancing algorithm.

When using Maximize Bandwidth mode (load-balance in the CLI), SD-WAN will choose all of the links that satisfies SLA to forward traffic based on a load balancing algorithm. The load balancing algorithm, or hash method, can be one of the following:

round-robin

All traffic are distributed to selected interfaces in equal portions and circular order.

This is the default method, and the only option available when using the GUI.

source-ip-based

All traffic from a source IP is sent to the same interface.

source-dest-ip-based

All traffic from a source IP to a destination IP is sent to the same interface.

inbandwidth

All traffic are distributed to a selected interface with most available bandwidth for incoming traffic.

outbandwidth

All traffic are distributed to a selected interface with most available bandwidth for outgoing traffic.

bibandwidth

All traffic are distributed to a selected interface with most available bandwidth for both incoming and outgoing traffic.

When the inbandwidth, outbandwidth), or bibandwidth load balancing algorithm is used, the FortiGate will compare the bandwidth based on the configured upstream and downstream bandwidth values.

The interface speedtest can be used to populate the bandwidth values based on the speedtest results. See Manual interface speedtest for details.

To manually configure the upstream and downstream bandwidth values:
config system interface
    edit <interface>
        set estimated-upstream-bandwidth <speed in kbps>
        set estimated-downstream-bandwidth <speed in kbps>
    next
end
Note

ADVPN is not supported in this mode.

In this example, your wan1 and wan2 SD-WAN interfaces connect to two ISPs that both go to the public internet. You want to configure Gmail services to use both of the interface, but the link quality must meet a standard of latency: 10ms, and jitter: 5ms. This can maximize the bandwidth usage.

To configure an SD-WAN rule to use Maximize Bandwidth (SLA):
  1. On the FortiGate, add wan1 and wan2 as SD-WAN members, then add a policy and static route. See SD-WAN quick start for details.
  2. Create a new Performance SLA named google that includes an SLA Target 1 with Latency threshold = 10ms and Jitter threshold = 5ms. See Link monitoring example.
  3. Go to Network > SD-WAN, select the SD-WAN Rules tab, and click Create New.
  4. Enter a name for the rule, such as gmail.
  5. Configure the following settings:

    Field

    Setting

    Internet Service

    Google-Gmail

    Strategy

    Maximize Bandwidth (SLA)

    Interface preference

    wan1 and wan2

    Required SLA target

    google (created in step 2).

  6. Click OK to create the rule.
To configure an SD-WAN rule to use SLA:
config system sdwan
    config health-check
        edit "google"
            set server "google.com"
            set members 1 2
            config sla
                edit 1
                    set latency-threshold 10
                    set jitter-threshold 5
                next
            end
        next
    end
    config service
        edit 1
            set name "gmail"
            set addr-mode ipv4
            set mode load-balance
            set hash-mode round-robin
            set internet-service enable
            set internet-service-name Google-Gmail
            config sla
                edit "google"
                    set id 1
                next
            end
            set priority-members 1 2
        next
    end
end
To diagnose the performance SLA status:
FGT # diagnose sys sdwan health-check google
Health Check(google):
Seq(1): state(alive), packet-loss(0.000%) latency(14.563), jitter(4.334) sla_map=0x0
Seq(2): state(alive), packet-loss(0.000%) latency(12.633), jitter(6.265) sla_map=0x0

FGT # diagnose sys sdwan service 1
Service(1): Address Mode(IPV4) flags=0x0

    TOS(0x0/0x0), Protocol(0: 1->65535), Mode(load-balance)
    Members:<<BR>>

        1: Seq_num(1), alive, sla(0x1), num of pass(1), selected
        2: Seq_num(2), alive, sla(0x1), num of pass(1), selected

    Internet Service: Google.Gmail(65646)

When both wan1 and wan2 meet the SLA requirements, Gmail traffic will use both wan1 and wan2. If only one of the interfaces meets the SLA requirements, Gmail traffic will only use that interface.

If neither interface meets the requirements but health-check is still alive, then wan1 and wan2 tie. The traffic will try to balance between wan1 and wan2, using both interfaces to forward traffic.

Related Videos

sidebar video

SD-WAN Rule Improvement: Load Balancing

  • 2,096 views
  • 2 years ago

More Links

Maximize bandwidth (SLA) strategy

SD-WAN rules are used to control how sessions are distributed to SD-WAN members. Rules can be configured in one of five modes:

  • auto: Interfaces are assigned a priority based on quality.
  • Manual (manual): Interfaces are manually assigned a priority.
  • Best Quality (priority): Interface are assigned a priority based on the link-cost-factor of the interface. See Best quality strategy.
  • Lowest Cost (SLA) (sla): Interfaces are assigned a priority based on selected SLA settings. See Lowest cost (SLA) strategy.
  • Maximize Bandwidth (SLA) (load-balance): Traffic is distributed among all available links based on the selected load balancing algorithm.

When using Maximize Bandwidth mode (load-balance in the CLI), SD-WAN will choose all of the links that satisfies SLA to forward traffic based on a load balancing algorithm. The load balancing algorithm, or hash method, can be one of the following:

round-robin

All traffic are distributed to selected interfaces in equal portions and circular order.

This is the default method, and the only option available when using the GUI.

source-ip-based

All traffic from a source IP is sent to the same interface.

source-dest-ip-based

All traffic from a source IP to a destination IP is sent to the same interface.

inbandwidth

All traffic are distributed to a selected interface with most available bandwidth for incoming traffic.

outbandwidth

All traffic are distributed to a selected interface with most available bandwidth for outgoing traffic.

bibandwidth

All traffic are distributed to a selected interface with most available bandwidth for both incoming and outgoing traffic.

When the inbandwidth, outbandwidth), or bibandwidth load balancing algorithm is used, the FortiGate will compare the bandwidth based on the configured upstream and downstream bandwidth values.

The interface speedtest can be used to populate the bandwidth values based on the speedtest results. See Manual interface speedtest for details.

To manually configure the upstream and downstream bandwidth values:
config system interface
    edit <interface>
        set estimated-upstream-bandwidth <speed in kbps>
        set estimated-downstream-bandwidth <speed in kbps>
    next
end
Note

ADVPN is not supported in this mode.

In this example, your wan1 and wan2 SD-WAN interfaces connect to two ISPs that both go to the public internet. You want to configure Gmail services to use both of the interface, but the link quality must meet a standard of latency: 10ms, and jitter: 5ms. This can maximize the bandwidth usage.

To configure an SD-WAN rule to use Maximize Bandwidth (SLA):
  1. On the FortiGate, add wan1 and wan2 as SD-WAN members, then add a policy and static route. See SD-WAN quick start for details.
  2. Create a new Performance SLA named google that includes an SLA Target 1 with Latency threshold = 10ms and Jitter threshold = 5ms. See Link monitoring example.
  3. Go to Network > SD-WAN, select the SD-WAN Rules tab, and click Create New.
  4. Enter a name for the rule, such as gmail.
  5. Configure the following settings:

    Field

    Setting

    Internet Service

    Google-Gmail

    Strategy

    Maximize Bandwidth (SLA)

    Interface preference

    wan1 and wan2

    Required SLA target

    google (created in step 2).

  6. Click OK to create the rule.
To configure an SD-WAN rule to use SLA:
config system sdwan
    config health-check
        edit "google"
            set server "google.com"
            set members 1 2
            config sla
                edit 1
                    set latency-threshold 10
                    set jitter-threshold 5
                next
            end
        next
    end
    config service
        edit 1
            set name "gmail"
            set addr-mode ipv4
            set mode load-balance
            set hash-mode round-robin
            set internet-service enable
            set internet-service-name Google-Gmail
            config sla
                edit "google"
                    set id 1
                next
            end
            set priority-members 1 2
        next
    end
end
To diagnose the performance SLA status:
FGT # diagnose sys sdwan health-check google
Health Check(google):
Seq(1): state(alive), packet-loss(0.000%) latency(14.563), jitter(4.334) sla_map=0x0
Seq(2): state(alive), packet-loss(0.000%) latency(12.633), jitter(6.265) sla_map=0x0

FGT # diagnose sys sdwan service 1
Service(1): Address Mode(IPV4) flags=0x0

    TOS(0x0/0x0), Protocol(0: 1->65535), Mode(load-balance)
    Members:<<BR>>

        1: Seq_num(1), alive, sla(0x1), num of pass(1), selected
        2: Seq_num(2), alive, sla(0x1), num of pass(1), selected

    Internet Service: Google.Gmail(65646)

When both wan1 and wan2 meet the SLA requirements, Gmail traffic will use both wan1 and wan2. If only one of the interfaces meets the SLA requirements, Gmail traffic will only use that interface.

If neither interface meets the requirements but health-check is still alive, then wan1 and wan2 tie. The traffic will try to balance between wan1 and wan2, using both interfaces to forward traffic.