Monitoring performance SLA
SD-WAN diagnostics can be used to help maintain your SD-WAN solution.
Monitoring SD-WAN link quality status
Link quality plays a significant role in link selection for SD-WAN. Investigate any prolonged issues with packet loss, latency, or jitter to ensure that your network does not experience degraded performance or an outage.
You can monitor the link quality status of SD-WAN interface members by going to Network > SD-WAN and selecting the Performance SLAs tab.
The live charts show the packet loss, latency, or jitter for the selected health check. Hover the cursor over a line in the chart to see the specific value for that interface at that specific time.
The table shows information about each health check, including the configured servers, link quality data, and thresholds. The colored arrow indicates the status of the interface when the last status check was performed: green means that the interface was active, and red means that the interface was inactive. Hover the cursor over the arrow for additional information.
Monitoring system event logs
The features adds an SD-WAN daemon function to keep a short, 10 minute history of SLA that can be viewed in the CLI.
Performance SLA results related to interface selection, session failover, and other information, can be logged. These logs can then be used for long-term monitoring of traffic issues at remote sites, and for reports and views in FortiAnalyzer.
The time intervals that Performance SLA fail and pass logs are generated in can be configured.
To configure the fail and pass logs' generation time interval:
config system sdwan config health-check edit "PingSLA" set sla-fail-log-period 30 set sla-pass-log-period 60 next end end
To view the 10 minute Performance SLA link status history:
FGDocs # diagnose sys sdwan sla-log PingSLA 1 Timestamp: Fri Sep 4 10:32:37 2020, vdom root, health-check PingSLA, interface: wan2, status: up, latency: 4.455, jitter: 0.430, packet loss: 0.000%. Timestamp: Fri Sep 4 10:32:37 2020, vdom root, health-check PingSLA, interface: wan2, status: up, latency: 4.461, jitter: 0.436, packet loss: 0.000%. Timestamp: Fri Sep 4 10:32:38 2020, vdom root, health-check PingSLA, interface: wan2, status: up, latency: 4.488, jitter: 0.415, packet loss: 0.000%. ... Timestamp: Fri Sep 4 10:42:36 2020, vdom root, health-check PingSLA, interface: wan2, status: up, latency: 6.280, jitter: 0.302, packet loss: 0.000%. Timestamp: Fri Sep 4 10:42:37 2020, vdom root, health-check PingSLA, interface: wan2, status: up, latency: 6.261, jitter: 0.257, packet loss: 0.000%. Timestamp: Fri Sep 4 10:42:37 2020, vdom root, health-check PingSLA, interface: wan2, status: up, latency: 6.229, jitter: 0.245, packet loss: 0.000%.
SLA pass logs
The FortiGate generates Performance SLA logs at the specified pass log interval (sla-pass-log-period
) when SLA passes.
date="2021-04-15" time="10:04:56" id=6951431609690095758 bid=52507 dvid=1047 itime=1618506296 euid=3 epid=3 dsteuid=3 dstepid=3 logver=700000066 logid="0113022925" type="event" subtype="sdwan" level="information" msg="Health Check SLA status." logdesc="SDWAN SLA information" status="up" interface="port1" eventtime=1618506296222639301 tz="-0700" eventtype="SLA" jitter="0.277" inbandwidthavailable="10.00Gbps" outbandwidthavailable="10.00Gbps" bibandwidthavailable="20.00Gbps" packetloss="1.000%" latency="186.071" slamap="0x1" healthcheck="BusinessCritical_CloudApps" slatargetid=1 outbandwidthused="40kbps" inbandwidthused="24kbps" bibandwidthused="64kbps" devid="FGVM02TM20000000" vd="root" devname="Branch_Office_01" csf="fabric"
date="2021-04-15" time="10:04:56" id=6951431609690095759 bid=52507 dvid=1047 itime=1618506296 euid=3 epid=3 dsteuid=3 dstepid=3 logver=700000066 logid="0113022925" type="event" subtype="sdwan" level="information" msg="Health Check SLA status." logdesc="SDWAN SLA information" status="up" interface="port2" eventtime=1618506296223163068 tz="-0700" eventtype="SLA" jitter="0.204" inbandwidthavailable="10.00Gbps" outbandwidthavailable="10.00Gbps" bibandwidthavailable="20.00Gbps" packetloss="0.000%" latency="185.939" slamap="0x1" healthcheck="BusinessCritical_CloudApps" slatargetid=1 outbandwidthused="142kbps" inbandwidthused="23kbps" bibandwidthused="165kbps" devid="FGVM02TM20000000" vd="root" devname="Branch_Office_01" csf="fabric"
In the FortiAnalyzer GUI:
SLA fail logs
The FortiGate generates Performance SLA logs at the specified fail log interval (sla-fail-log-period
) when SLA fails.
date="2021-04-15" time="10:04:59" id=6951431618280030243 bid=52507 dvid=1047 itime=1618506298 euid=3 epid=3 dsteuid=3 dstepid=3 logver=700000066 logid="0113022925" type="event" subtype="sdwan" level="notice" msg="Health Check SLA status. SLA failed due to being over the performance metric threshold." logdesc="SDWAN SLA information" status="down" interface="To-HQ-MPLS" eventtime=1618506299718862835 tz="-0700" eventtype="SLA" jitter="0.000" inbandwidthavailable="10.00Gbps" outbandwidthavailable="10.00Gbps" bibandwidthavailable="20.00Gbps" packetloss="100.000%" latency="0.000" slamap="0x0" healthcheck="BusinessCritical_CloudApps" slatargetid=1 metric="packetloss" outbandwidthused="0kbps" inbandwidthused="0kbps" bibandwidthused="0kbps" devid="FGVM02TM20000000" vd="root" devname="Branch_Office_01" csf="fabric"
date="2021-04-15" time="10:05:03" id=6951431639754866704 bid=52514 dvid=1046 itime=1618506303 euid=3 epid=3 dsteuid=3 dstepid=3 logver=700000066 logid="0113022925" type="event" subtype="sdwan" level="notice" msg="Health Check SLA status. SLA failed due to being over the performance metric threshold." logdesc="SDWAN SLA information" status="down" interface="To-HQ-MPLS" eventtime=1618506304085863643 tz="-0700" eventtype="SLA" jitter="0.000" inbandwidthavailable="10.00Gbps" outbandwidthavailable="10.00Gbps" bibandwidthavailable="20.00Gbps" packetloss="100.000%" latency="0.000" slamap="0x0" healthcheck="BusinessCritical_CloudApps" slatargetid=1 metric="packetloss" outbandwidthused="6kbps" inbandwidthused="3kbps" bibandwidthused="9kbps" devid="FGVM02TM20000000" vd="root" devname="Branch_Office_02" csf="fabric"
In the FortiAnalyzer GUI:
Monitoring using the REST API
SLA log and interface information can be monitored using the REST API. This feature is also used by FortiManager as part of its detailed SLA monitoring and drilldown features.
API call |
URL |
---|---|
Interface log |
https://172.172.172.9/api/v2/monitor/virtual-wan/interface-log |
SLA log |
https://172.172.172.9/api/v2/monitor/virtual-wan/sla-log |
Health check log |
https://172.172.172.9/api/v2/monitor/virtual-wan/health-check |
A comprehensive list of API calls with sample output is available on the Fortinet Developer Network.
CLI diagnose commands:
# diagnose sys sdwan intf-sla-log port13 Timestamp: Wed Jan 9 18:33:49 2019, used inbandwidth: 3208bps, used outbandwidth: 3453bps, used bibandwidth: 6661bps, tx bytes: 947234bytes, rx bytes: 898622bytes. Timestamp: Wed Jan 9 18:33:59 2019, used inbandwidth: 3317bps, used outbandwidth: 3450bps, used bibandwidth: 6767bps, tx bytes: 951284bytes, rx bytes: 902937bytes. Timestamp: Wed Jan 9 18:34:09 2019, used inbandwidth: 3302bps, used outbandwidth: 3389bps, used bibandwidth: 6691bps, tx bytes: 956268bytes, rx bytes: 907114bytes. Timestamp: Wed Jan 9 18:34:19 2019, used inbandwidth: 3279bps, used outbandwidth: 3352bps, used bibandwidth: 6631bps, tx bytes: 958920bytes, rx bytes: 910793bytes. Timestamp: Wed Jan 9 18:34:29 2019, used inbandwidth: 3233bps, used outbandwidth: 3371bps, used bibandwidth: 6604bps, tx bytes: 964374bytes, rx bytes: 914854bytes. Timestamp: Wed Jan 9 18:34:39 2019, used inbandwidth: 3235bps, used outbandwidth: 3362bps, used bibandwidth: 6597bps, tx bytes: 968250bytes, rx bytes: 918846bytes. Timestamp: Wed Jan 9 18:34:49 2019, used inbandwidth: 3165bps, used outbandwidth: 3362bps, used bibandwidth: 6527bps, tx bytes: 972298bytes, rx bytes: 922724bytes. Timestamp: Wed Jan 9 18:34:59 2019, used inbandwidth: 3184bps, used outbandwidth: 3362bps, used bibandwidth: 6546bps, tx bytes: 977282bytes, rx bytes: 927019bytes.
# diagnose sys sdwan sla-log ping 1 spoke11-p1_0 Timestamp: Wed Mar 3 15:35:20 2021, vdom root, health-check ping, interface: spoke11-p1_0, status: up, latency: 0.135, jitter: 0.029, packet loss: 0.000%. # diagnose sys sdwan sla-log ping 2 spoke12-p1_0 Timestamp: Wed Mar 3 15:36:08 2021, vdom root, health-check ping, interface: spoke12-p1_0, status: up, latency: 0.095, jitter: 0.010, packet loss: 0.000%.
# diagnose sys sdwan health-check Health Check(ping): Seq(1 spoke11-p1): state(alive), packet-loss(0.000%) latency(0.156), jitter(0.043) sla_map=0x1 Seq(1 spoke11-p1_0): state(alive), packet-loss(0.000%) latency(0.128), jitter(0.024) sla_map=0x1 Seq(2 spoke12-p1): state(alive), packet-loss(0.000%) latency(0.125), jitter(0.028) sla_map=0x1 Seq(2 spoke12-p1_0): state(alive), packet-loss(0.000%) latency(0.093), jitter(0.008) sla_map=0x1