Classifying SLA probes for traffic prioritization
This information is also available in the FortiOS 7.4 Administration Guide: |
Support for traffic classification on SLA probes has been implemented to ensure they are prioritized in times of congestion. This prevents SD-WAN link flapping and unexpected routing behaviors, and stabilizes SD-WAN from unnecessary failovers.
SLA probes can now be classified into a specific class ID so that SLA probes assigned to a class ID with higher priority are prioritized over other traffic. SLA probes are assigned using the class-id
command:
config system sdwan config health-check edit <health-check name> set class-id <class name> next end end
Example
In this example, SLA probes are assigned into different class ID. The interfaces dmz and vd1-01 both have outbandwidth of 1000000 Kbps (1 Gbps) configured. Three traffic shaping classes are defined:
Class ID |
Name |
Definition |
---|---|---|
2 | sla_probe | High priority with a guaranteed 10% of bandwidth (100 Mbps) |
3 | default | Low priority with a guaranteed 80% of bandwidth (800 Mbps) |
4 | sla_probe_2 | Medium priority with a guaranteed 10% of bandwidth (100 Mbps) |
Under this scheme, when congestion occurs, traffic in each class will have their guaranteed bandwidth honored. If there is remaining bandwidth, higher priority traffic will get the bandwidth. On the SD-WAN health check, probes to server 2.2.2.2 are assigned to class 2 (sla_probe). This means it has a guaranteed bandwidth and has the highest priority to use unused bandwidth. This allows SD-WAN health check to function properly even during times of congestion.
To classify SLA probes for traffic prioritization:
-
Configure the firewall traffic class:
config firewall traffic-class edit 2 set class-name "sla_probe" next edit 3 set class-name "default" next edit 4 set class-name "sla_probe_2" next end
-
Configure the class ID priority and guaranteed bandwidth:
config firewall shaping-profile edit "profile-1" set default-class-id 3 config shaping-entries edit 2 set class-id 2 set priority high set guaranteed-bandwidth-percentage 10 set maximum-bandwidth-percentage 100 next edit 3 set class-id 3 set priority low set guaranteed-bandwidth-percentage 80 set maximum-bandwidth-percentage 100 next edit 4 set class-id 4 set priority medium set guaranteed-bandwidth-percentage 10 set maximum-bandwidth-percentage 100 next end next end
-
Configure the interfaces:
config system interface edit "dmz" set outbandwidth 1000000 set egress-shaping-profile "profile-1" ... next edit "vd1-p1" set outbandwidth 1000000 set egress-shaping-profile "profile-1" ... next end
-
Configure the SD-WAN health check and assign the SLA probes into class 2:
config system sdwan set status enable config zone edit "virtual-wan-link" next end config members edit 1 set interface "dmz" set gateway 172.16.208.2 next edit 2 set interface "vd1-p1" next end config health-check edit "1" set server "2.2.2.2" set members 1 2 set class-id 2 config sla edit 1 next end next end end
To verify the SLA probe assignment:
-
Verify the health check diagnostics:
diagnose sys sdwan health-check Health Check(1): Seq(1 dmz): state(alive), packet-loss(0.000%) latency(0.247), jitter(0.022), mos(4.404), bandwidth-up(999999), bandwidth-dw(999997), bandwidth-bi(1999996) sla_map=0x1 Seq(2 vd1-p1): state(alive), packet-loss(0.000%) latency(0.247), jitter(0.018), mos(4.404), bandwidth-up(999999), bandwidth-dw(1000000), bandwidth-bi(1999999) sla_map=0x1
-
Verify the SLA probes are assigned into class 2:
# diagnose netlink interface list dmz if=dmz family=00 type=1 index=5 mtu=1500 link=0 master=0 ref=36 state=start present fw_flags=10018000 flags=up broadcast run multicast Qdisc=mq hw_addr=e0:23:ff:9d:f9:9e broadcast_addr=ff:ff:ff:ff:ff:ff egress traffic control: bandwidth=1000000(kbps) lock_hit=0 default_class=3 n_active_class=3 class-id=3 allocated-bandwidth=800000(kbps) guaranteed-bandwidth=800000(kbps) max-bandwidth=1000000(kbps) current-bandwidth=1(kbps) priority=low forwarded_bytes=1446 dropped_packets=0 dropped_bytes=0 class-id=4 allocated-bandwidth=100000(kbps) guaranteed-bandwidth=100000(kbps) max-bandwidth=1000000(kbps) current-bandwidth=0(kbps) priority=medium forwarded_bytes=0 dropped_packets=0 dropped_bytes=0 class-id=2 allocated-bandwidth=100000(kbps) guaranteed-bandwidth=100000(kbps) max-bandwidth=1000000(kbps) current-bandwidth=1(kbps) priority=high forwarded_bytes=1404 dropped_packets=0 dropped_bytes=0 stat: rxp=19502 txp=14844 rxb=2233923 txb=802522 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 @ time=1675121675 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=36 # diagnose netlink interface list vd1-p1 if=vd1-p1 family=00 type=768 index=99 mtu=1420 link=0 master=0 ref=20 state=start present fw_flags=10010000 flags=up p2p run noarp multicast Qdisc=noqueue egress traffic control: bandwidth=1000000(kbps) lock_hit=0 default_class=3 n_active_class=3 class-id=3 allocated-bandwidth=800000(kbps) guaranteed-bandwidth=800000(kbps) max-bandwidth=1000000(kbps) current-bandwidth=0(kbps) priority=low forwarded_bytes=0 dropped_packets=0 dropped_bytes=0 class-id=4 allocated-bandwidth=100000(kbps) guaranteed-bandwidth=100000(kbps) max-bandwidth=1000000(kbps) current-bandwidth=0(kbps) priority=medium forwarded_bytes=0 dropped_packets=0 dropped_bytes=0 class-id=2 allocated-bandwidth=100000(kbps) guaranteed-bandwidth=100000(kbps) max-bandwidth=1000000(kbps) current-bandwidth=1(kbps) priority=high forwarded_bytes=1120 dropped_packets=0 dropped_bytes=0 stat: rxp=4097 txp=4586 rxb=540622 txb=221500 rxe=0 txe=19 rxd=0 txd=0 mc=0 collision=0 @ time=1675121742 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=20
When verifying the class assignment, the counter value should increase.
The example also demonstrates assigning SLA probes to class 4 (sla_probe_2), in which case the probes get medium priority.
To assign the SLA probe to medium priority:
-
Assign SLA probes into class 4:
config sys sdwan config health-check edit 1 set class-id 4 next end set status disable end config sys sdwan set status enable end
-
Verify the SLA probes are assigned into class 4.
# diagnose netlink interface list dmz if=dmz family=00 type=1 index=5 mtu=1500 link=0 master=0 ref=34 state=start present fw_flags=10018000 flags=up broadcast run multicast Qdisc=mq hw_addr=e0:23:ff:9d:f9:9e broadcast_addr=ff:ff:ff:ff:ff:ff egress traffic control: bandwidth=1000000(kbps) lock_hit=0 default_class=3 n_active_class=3 class-id=3 allocated-bandwidth=800000(kbps) guaranteed-bandwidth=800000(kbps) max-bandwidth=1000000(kbps) current-bandwidth=1(kbps) priority=low forwarded_bytes=24K dropped_packets=0 dropped_bytes=0 class-id=4 allocated-bandwidth=100000(kbps) guaranteed-bandwidth=100000(kbps) max-bandwidth=1000000(kbps) current-bandwidth=1(kbps) priority=medium forwarded_bytes=1674 dropped_packets=0 dropped_bytes=0 class-id=2 allocated-bandwidth=100000(kbps) guaranteed-bandwidth=100000(kbps) max-bandwidth=1000000(kbps) current-bandwidth=0(kbps) priority=high forwarded_bytes=0 dropped_packets=0 dropped_bytes=0 stat: rxp=20818 txp=15874 rxb=2382789 txb=857674 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 @ time=1675122057 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=34 # diagnose netlink interface list vd1-p1 if=vd1-p1 family=00 type=768 index=99 mtu=1420 link=0 master=0 ref=20 state=start present fw_flags=10010000 flags=up p2p run noarp multicast Qdisc=noqueue egress traffic control: bandwidth=1000000(kbps) lock_hit=0 default_class=3 n_active_class=3 class-id=3 allocated-bandwidth=800000(kbps) guaranteed-bandwidth=800000(kbps) max-bandwidth=1000000(kbps) current-bandwidth=0(kbps) priority=low forwarded_bytes=0 dropped_packets=0 dropped_bytes=0 class-id=4 allocated-bandwidth=100000(kbps) guaranteed-bandwidth=100000(kbps) max-bandwidth=1000000(kbps) current-bandwidth=1(kbps) priority=medium forwarded_bytes=1280 dropped_packets=0 dropped_bytes=0 class-id=2 allocated-bandwidth=100000(kbps) guaranteed-bandwidth=100000(kbps) max-bandwidth=1000000(kbps) current-bandwidth=0(kbps) priority=high forwarded_bytes=0 dropped_packets=0 dropped_bytes=0 stat: rxp=4097 txp=4703 rxb=540622 txb=226180 rxe=0 txe=19 rxd=0 txd=0 mc=0 collision=0 @ time=1675122058 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=20