Fortinet white logo
Fortinet white logo

SD-WAN routing logic

SD-WAN routing logic

In this guide, we have made several recommendations for SD-WAN configuration with regards to its interaction with the traditional routing subsystem:

  • We have recommended to enable the tie-break fib-best-match option on all SD-WAN Rules controlling ADVPN traffic. See Creating Edge SD-WAN templates.
  • We have recommended configuring all SD-WAN Zones (both “underlay” and “overlay”) to act as a default route. See Static route templates.

To help you better understand the logic behind these recommendations, we must explain the interaction between the Routing and the SD-WAN pillars in more detail. Let us recap the two main rules that apply by default:

  1. SD-WAN Rules are matched only if the best route to the destination points to SD-WAN.
  2. SD-WAN Member is selected only if it has a valid route to the destination (not necessarily the best route).

Both these rules can be disabled by using advanced options in SD-WAN rules:

  • Rule #1 is controlled by the advanced option default (corresponding to CLI set default*|enable).
  • Rule #2 is controlled by the advanced option gateway (corresponding to CLI set gateway disable*|enable and set tie-break cfg-order*|fib-best-match respectively).

Let us now look into several use cases in more detail:

SD-WAN routing logic

SD-WAN routing logic

In this guide, we have made several recommendations for SD-WAN configuration with regards to its interaction with the traditional routing subsystem:

  • We have recommended to enable the tie-break fib-best-match option on all SD-WAN Rules controlling ADVPN traffic. See Creating Edge SD-WAN templates.
  • We have recommended configuring all SD-WAN Zones (both “underlay” and “overlay”) to act as a default route. See Static route templates.

To help you better understand the logic behind these recommendations, we must explain the interaction between the Routing and the SD-WAN pillars in more detail. Let us recap the two main rules that apply by default:

  1. SD-WAN Rules are matched only if the best route to the destination points to SD-WAN.
  2. SD-WAN Member is selected only if it has a valid route to the destination (not necessarily the best route).

Both these rules can be disabled by using advanced options in SD-WAN rules:

  • Rule #1 is controlled by the advanced option default (corresponding to CLI set default*|enable).
  • Rule #2 is controlled by the advanced option gateway (corresponding to CLI set gateway disable*|enable and set tie-break cfg-order*|fib-best-match respectively).

Let us now look into several use cases in more detail: