Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • SD-WAN New Features

    Home FortiGate / FortiOS 7.6.0 SD-WAN New Features
    7.6.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0

    Allow SD-WAN rules to steer IPv6 multicast traffic

    Allow SD-WAN rules to steer IPv6 multicast traffic

    SD-WAN rules can now steer IPv6 multicast traffic. Previously only IPv4 multicast traffic was supported. When an SD-WAN member is out of SLA, multicast traffic can fail over to another SD-WAN member, and switch back when SLA recovers.

    The new pim-use-sdwan option enables or disables the use of SD-WAN for PIM (Protocol Independent Multicast) when checking RP (Rendezvous Point) neighbors and sending PIM-SM join or register packets.

    config router multicast6
    config pim-sm-global
        set pim-use-sdwan {enable | disable}
    end
end
    Note

    When SD-WAN steers multicast traffic, ADVPN is not supported. Use the set shortcut option to disable shortcuts for the service:

    config system sdwan
    config service
        edit <id>
            set shortcut {enable | disable}
        next
    end
end

    Example

    In the following example, three PIM-SM enabled tunnels are configured between Spoke-1 and the Hub. The multicast source is located at Hub, and the multicast receiver is attached to Spoke-1.

    This example focuses on configuration related to the new feature. Following is an overview of the configuration steps:

    1. On the hub FortiGate, configure multicast routing for the source and the multicast RP.

    2. On the spoke FortiGate, configuring multicast routing and enable SD-WAN for steering.

    3. Verify traffic failover for the following scenarios:

      • When the cost of an SD-WAN member changes

      • When a link is in SLA

      • When a link is out of SLA

    To configure the Hub:

    1. On Hub, configure multicast routing for the source and the multicast RP:

      In this example, port5 is used for the multicast source, and 20000:172:16:205::1 is the IPv6 address for the RP.

      config router multicast6
    set multicast-routing enable
    config interface
        edit "hub-phase1"           
        next
        edit "hub2-phase1"
        next
        edit "port5"
        next
        edit "hub3-phase1"
        next
    end
    config pim-sm-global
        config rp-address
            edit 1
                set ip6-address 2000:172:16:205::1
            next
        end
    end
end

    2. Configure the firewall policy:

      config firewall multicast-policy6
    edit 1
        set srcintf "port5"
        set dstintf "any"
        set srcaddr "all"
        set dstaddr "all"
    next
end

    3. Verify that all PIM-SM neighbors are established:

      # get router info6 multicast pim sparse-mode neighbor
Neighbor                    Interface          Uptime/Expires    Ver   DR
Address                                                                Prio/Mode
fe80::1                     hub-phase1         06:49:35/00:01:39 v2    1 /
fe80::2                     hub2-phase1        06:49:34/00:01:42 v2    1 /
fe80::1                     hub3-phase1        02:41:17/00:01:31 v2    1 /
    To configure Spoke-1:

    1. On Spoke-1, configure multicast routing and enable SD-WAN for steering:

      In this example, port5 is used for the multicast receiver, the use of SD-WAN for steering is enabled, and 20000:172:16:205::1 is the IPv6 address for the RP.

      config router multicast6
    set multicast-routing enable
    config interface
        edit "spoke11-p1"
        next
        edit "spoke12-p1"
        next
        edit "port2"
        next
        edit "spoke13-p1"
        next
    end
    config pim-sm-global
        set pim-use-sdwan enable
        config rp-address
            edit 1
                set ip6-address 2000:172:16:205::1
            next
        end
    end
end

    2. Configure the firewall policy:

      config firewall multicast-policy6
    edit 1
        set srcintf "any"
        set dstintf "any"
        set srcaddr "all"
        set dstaddr "all"
    next
end

    3. Configure SD-WAN:

      In this example, the protocol is set to 103 to match PIM-SM join/register messages.

      config system sdwan
    set status enable
    config zone
        edit "virtual-wan-link"
        next
    end
    config members
        edit 1
            set interface "spoke11-p1"
        next
        edit 2
            set interface "spoke12-p1"
        next
        edit 3
            set interface "spoke13-p1"
        next
    end
    config health-check
        edit "1"
            set addr-mode ipv6
            set server "2000::9:0:0:1"
            set update-static-route disable
            set members 1
            config sla
                edit 1
                next
            end
        next
        edit "2"
            set addr-mode ipv6
            set server "2000::9:0:0:2"
            set update-static-route disable
            set members 2
            config sla
                edit 1
                next
            end
        next
        edit "3"
            set addr-mode ipv6
            set server "2000::9:0:0:3"
            set update-static-route disable
            set members 3
            config sla
                edit 1
                next
            end
        next
    end
    config service
        edit 1
            set name "1"
            set addr-mode ipv6
            set mode sla
            set protocol 103
            config sla
                edit "1"
                    set id 1
                next
                edit "2"
                    set id 1
                next
                edit "3"
                    set id 1
                next
            end
            set priority-members 1 2 3
            set sla-compare-method number
            set dst6 "all"
        next
    end
end

    4. Verify that all PIM-SM neighbors are established:

      # get router info6 multicast pim sparse-mode neighbor
Neighbor                    Interface          Uptime/Expires    Ver   DR
Address                                                                Prio/Mode
fe80:10:10:15::253          spoke11-p1         06:49:50/00:01:16 v2    1 / DR
fe80:10:10:16::253          spoke12-p1         06:49:50/00:01:26 v2    1 / DR
fe80:10:10:17::253          spoke13-p1         02:41:32/00:01:43 v2    1 / DR
    To verify traffic failover:

    1. On Spoke-1, diagnose the SD-WAN service. The preferred route is spoke11-p1 to hub-phase1:

      # diagnose sys sdwan service6

Service(1): Address Mode(IPV6) flags=0x4200 use-shortcut-sla use-shortcut
 Tie break: cfg
 Shortcut priority: 2
  Gen(1), TOS(0x0/0x0), Protocol(103): src(1->65535):dst(1->65535), Mode(sla), sla-compare-number
  Members(3):
    1: Seq_num(1 spoke11-p1 virtual-wan-link), alive, sla(0x1), gid(0), cfg_order(0), local cost(0), selected           >>>>>>> spoke11-p1 which is connected to hub-phase1 is preferred
    2: Seq_num(2 spoke12-p1 virtual-wan-link), alive, sla(0x2), gid(0), cfg_order(1), local cost(0), selected
    3: Seq_num(3 spoke13-p1 virtual-wan-link), alive, sla(0x4), gid(0), cfg_order(2), local cost(0), selected
  Dst6 address(1): ::/0

    2. When the receiver initiates IGMP to join group ff15::10, view mroute on Spoke-1 and Hub:

      • On Spoke-1:

        The RPF idx is connected to hub-phase1, indicating that PIM-SM join message follows SD-WAN service and is sent to spoke11-p1, and port2 is connected to the receiver.

        FGT_B (root)# get router info6 multicast pim sparse-mode mroute ff15::10
IP Multicast Routing Table

......

(*, ff15::10)
RP: 2000:172:16:205::1
RPF nbr: fe80:10:10:15::253
RPF idx: spoke11-p1 
Upstream State: JOINED
 Local:
     port2 
 Joined:
 Asserted:
FCR:
Source: 2000:172:16:205::100
 Outgoing:
     port2
 KAT timer running, 196 seconds remaining
 Packet count 168
...

      • On the Hub:

        We see that hub-phase1 is connected to spoke11-p1 on Spoke-1.

        FGT_A (root) (Interim)# get router info6 multicast pim sparse-mode mroute ff15::10
IP Multicast Routing Table

......

(*, ff15::10)
RP: 2000:172:16:205::1
RPF nbr: ::
RPF idx: None
Upstream State: JOINED
 Local:
 Joined:
     hub-phase1
 Asserted:
FCR:

...

    3. The server starts to send multicast traffic to group ff15::10, and Hub forwards the traffic to Spoke-1 through hub-phase1.

      FGT_A (root) (Interim)# diagnose sniffer packet any 'host  ff15::10' 4
interfaces=[any]
filters=[host  ff15::10]
0.637174 port5 in 2000:172:16:205::100.38823 -> ff15::10.12345: udp 46 [flowlabel 0x8ea58]
0.637228 hub-phase1 out 2000:172:16:205::100.38823 -> ff15::10.12345: udp 46 [flowlabel 0x8ea58]

    4. When the cost of member spoke11-p1 and spoke12-p1 is increased, SD-WAN prefers spoke13-p1.

      The PIM-SM join message from Spoke-1 to RP is sent to member spoke13-p1, and multicast traffic fails over to hub3-phase1 on the Hub accordingly.

      • On Spoke-1:

        In this example, spoke13-p1, which is connected to hub-phase3, is preferred. 

        FGT_B (root) (Interim)# diagnose sys sdwan service6

Service(1): Address Mode(IPV6) flags=0x4200 use-shortcut-sla use-shortcut
 Tie break: cfg
 Shortcut priority: 2
  Gen(1), TOS(0x0/0x0), Protocol(103): src(1->65535):dst(1->65535), Mode(sla), sla-compare-number
  Members(3):
    1: Seq_num(3 spoke13-p1 virtual-wan-link), alive, sla(0x4), gid(0), cfg_order(2), local cost(0), selected
    2: Seq_num(1 spoke11-p1 virtual-wan-link), alive, sla(0x1), gid(0), cfg_order(0), local cost(20), selected
    3: Seq_num(2 spoke12-p1 virtual-wan-link), alive, sla(0x2), gid(0), cfg_order(1), local cost(20), selected
  Dst6 address(1): ::/0

      • On the Hub:

        Once the cost of spoke11-p1 is increased, multicast traffic fails over to hub2-phase1. Once the cost of spoke12-p1 is increased, multicast traffic fails over to hub3-phase1.

        FGT_A (root) (Interim)# diagnose sniffer packet any 'host  ff15::10' 4
interfaces=[any]
filters=[host  ff15::10]

....
385.497887 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
385.497927 hub-phase1 out 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
386.497967 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
386.498258 hub2-phase1 out 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
387.498044 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
...
400.499075 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
400.499120 hub2-phase1 out 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d] 
401.499180 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
401.499515 hub3-phase1 out 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
402.499254 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
402.499319 hub3-phase1 out 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
403.499330 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
...

    5. When spoke13-p1 becomes out of SLA, SD-WAN selects spoke11-p1 as the preferred member.

      This change redirects the PIM-SM join message from Spoke-1 to RP towards spoke11-p1, causing the multicast traffic to failover to hub-phase1 on the Hub.

    6. Conversely, when spoke13-p1 is in SLA again, it is prioritized by SD-WAN.

      This adjustment redirects the PIM-SM join message from Spoke-1 to RP towards spoke13-p1, triggering a failover of the multicast traffic to hub3-phase1 on the Hub.

    Previous
    Next

    Allow SD-WAN rules to steer IPv6 multicast traffic

    Allow SD-WAN rules to steer IPv6 multicast traffic

    SD-WAN rules can now steer IPv6 multicast traffic. Previously only IPv4 multicast traffic was supported. When an SD-WAN member is out of SLA, multicast traffic can fail over to another SD-WAN member, and switch back when SLA recovers.

    The new pim-use-sdwan option enables or disables the use of SD-WAN for PIM (Protocol Independent Multicast) when checking RP (Rendezvous Point) neighbors and sending PIM-SM join or register packets.

    config router multicast6
    config pim-sm-global
        set pim-use-sdwan {enable | disable}
    end
end
    Note

    When SD-WAN steers multicast traffic, ADVPN is not supported. Use the set shortcut option to disable shortcuts for the service:

    config system sdwan
    config service
        edit <id>
            set shortcut {enable | disable}
        next
    end
end

    Example

    In the following example, three PIM-SM enabled tunnels are configured between Spoke-1 and the Hub. The multicast source is located at Hub, and the multicast receiver is attached to Spoke-1.

    This example focuses on configuration related to the new feature. Following is an overview of the configuration steps:

    1. On the hub FortiGate, configure multicast routing for the source and the multicast RP.

    2. On the spoke FortiGate, configuring multicast routing and enable SD-WAN for steering.

    3. Verify traffic failover for the following scenarios:

      • When the cost of an SD-WAN member changes

      • When a link is in SLA

      • When a link is out of SLA

    To configure the Hub:

    1. On Hub, configure multicast routing for the source and the multicast RP:

      In this example, port5 is used for the multicast source, and 20000:172:16:205::1 is the IPv6 address for the RP.

      config router multicast6
    set multicast-routing enable
    config interface
        edit "hub-phase1"           
        next
        edit "hub2-phase1"
        next
        edit "port5"
        next
        edit "hub3-phase1"
        next
    end
    config pim-sm-global
        config rp-address
            edit 1
                set ip6-address 2000:172:16:205::1
            next
        end
    end
end

    2. Configure the firewall policy:

      config firewall multicast-policy6
    edit 1
        set srcintf "port5"
        set dstintf "any"
        set srcaddr "all"
        set dstaddr "all"
    next
end

    3. Verify that all PIM-SM neighbors are established:

      # get router info6 multicast pim sparse-mode neighbor
Neighbor                    Interface          Uptime/Expires    Ver   DR
Address                                                                Prio/Mode
fe80::1                     hub-phase1         06:49:35/00:01:39 v2    1 /
fe80::2                     hub2-phase1        06:49:34/00:01:42 v2    1 /
fe80::1                     hub3-phase1        02:41:17/00:01:31 v2    1 /
    To configure Spoke-1:

    1. On Spoke-1, configure multicast routing and enable SD-WAN for steering:

      In this example, port5 is used for the multicast receiver, the use of SD-WAN for steering is enabled, and 20000:172:16:205::1 is the IPv6 address for the RP.

      config router multicast6
    set multicast-routing enable
    config interface
        edit "spoke11-p1"
        next
        edit "spoke12-p1"
        next
        edit "port2"
        next
        edit "spoke13-p1"
        next
    end
    config pim-sm-global
        set pim-use-sdwan enable
        config rp-address
            edit 1
                set ip6-address 2000:172:16:205::1
            next
        end
    end
end

    2. Configure the firewall policy:

      config firewall multicast-policy6
    edit 1
        set srcintf "any"
        set dstintf "any"
        set srcaddr "all"
        set dstaddr "all"
    next
end

    3. Configure SD-WAN:

      In this example, the protocol is set to 103 to match PIM-SM join/register messages.

      config system sdwan
    set status enable
    config zone
        edit "virtual-wan-link"
        next
    end
    config members
        edit 1
            set interface "spoke11-p1"
        next
        edit 2
            set interface "spoke12-p1"
        next
        edit 3
            set interface "spoke13-p1"
        next
    end
    config health-check
        edit "1"
            set addr-mode ipv6
            set server "2000::9:0:0:1"
            set update-static-route disable
            set members 1
            config sla
                edit 1
                next
            end
        next
        edit "2"
            set addr-mode ipv6
            set server "2000::9:0:0:2"
            set update-static-route disable
            set members 2
            config sla
                edit 1
                next
            end
        next
        edit "3"
            set addr-mode ipv6
            set server "2000::9:0:0:3"
            set update-static-route disable
            set members 3
            config sla
                edit 1
                next
            end
        next
    end
    config service
        edit 1
            set name "1"
            set addr-mode ipv6
            set mode sla
            set protocol 103
            config sla
                edit "1"
                    set id 1
                next
                edit "2"
                    set id 1
                next
                edit "3"
                    set id 1
                next
            end
            set priority-members 1 2 3
            set sla-compare-method number
            set dst6 "all"
        next
    end
end

    4. Verify that all PIM-SM neighbors are established:

      # get router info6 multicast pim sparse-mode neighbor
Neighbor                    Interface          Uptime/Expires    Ver   DR
Address                                                                Prio/Mode
fe80:10:10:15::253          spoke11-p1         06:49:50/00:01:16 v2    1 / DR
fe80:10:10:16::253          spoke12-p1         06:49:50/00:01:26 v2    1 / DR
fe80:10:10:17::253          spoke13-p1         02:41:32/00:01:43 v2    1 / DR
    To verify traffic failover:

    1. On Spoke-1, diagnose the SD-WAN service. The preferred route is spoke11-p1 to hub-phase1:

      # diagnose sys sdwan service6

Service(1): Address Mode(IPV6) flags=0x4200 use-shortcut-sla use-shortcut
 Tie break: cfg
 Shortcut priority: 2
  Gen(1), TOS(0x0/0x0), Protocol(103): src(1->65535):dst(1->65535), Mode(sla), sla-compare-number
  Members(3):
    1: Seq_num(1 spoke11-p1 virtual-wan-link), alive, sla(0x1), gid(0), cfg_order(0), local cost(0), selected           >>>>>>> spoke11-p1 which is connected to hub-phase1 is preferred
    2: Seq_num(2 spoke12-p1 virtual-wan-link), alive, sla(0x2), gid(0), cfg_order(1), local cost(0), selected
    3: Seq_num(3 spoke13-p1 virtual-wan-link), alive, sla(0x4), gid(0), cfg_order(2), local cost(0), selected
  Dst6 address(1): ::/0

    2. When the receiver initiates IGMP to join group ff15::10, view mroute on Spoke-1 and Hub:

      • On Spoke-1:

        The RPF idx is connected to hub-phase1, indicating that PIM-SM join message follows SD-WAN service and is sent to spoke11-p1, and port2 is connected to the receiver.

        FGT_B (root)# get router info6 multicast pim sparse-mode mroute ff15::10
IP Multicast Routing Table

......

(*, ff15::10)
RP: 2000:172:16:205::1
RPF nbr: fe80:10:10:15::253
RPF idx: spoke11-p1 
Upstream State: JOINED
 Local:
     port2 
 Joined:
 Asserted:
FCR:
Source: 2000:172:16:205::100
 Outgoing:
     port2
 KAT timer running, 196 seconds remaining
 Packet count 168
...

      • On the Hub:

        We see that hub-phase1 is connected to spoke11-p1 on Spoke-1.

        FGT_A (root) (Interim)# get router info6 multicast pim sparse-mode mroute ff15::10
IP Multicast Routing Table

......

(*, ff15::10)
RP: 2000:172:16:205::1
RPF nbr: ::
RPF idx: None
Upstream State: JOINED
 Local:
 Joined:
     hub-phase1
 Asserted:
FCR:

...

    3. The server starts to send multicast traffic to group ff15::10, and Hub forwards the traffic to Spoke-1 through hub-phase1.

      FGT_A (root) (Interim)# diagnose sniffer packet any 'host  ff15::10' 4
interfaces=[any]
filters=[host  ff15::10]
0.637174 port5 in 2000:172:16:205::100.38823 -> ff15::10.12345: udp 46 [flowlabel 0x8ea58]
0.637228 hub-phase1 out 2000:172:16:205::100.38823 -> ff15::10.12345: udp 46 [flowlabel 0x8ea58]

    4. When the cost of member spoke11-p1 and spoke12-p1 is increased, SD-WAN prefers spoke13-p1.

      The PIM-SM join message from Spoke-1 to RP is sent to member spoke13-p1, and multicast traffic fails over to hub3-phase1 on the Hub accordingly.

      • On Spoke-1:

        In this example, spoke13-p1, which is connected to hub-phase3, is preferred. 

        FGT_B (root) (Interim)# diagnose sys sdwan service6

Service(1): Address Mode(IPV6) flags=0x4200 use-shortcut-sla use-shortcut
 Tie break: cfg
 Shortcut priority: 2
  Gen(1), TOS(0x0/0x0), Protocol(103): src(1->65535):dst(1->65535), Mode(sla), sla-compare-number
  Members(3):
    1: Seq_num(3 spoke13-p1 virtual-wan-link), alive, sla(0x4), gid(0), cfg_order(2), local cost(0), selected
    2: Seq_num(1 spoke11-p1 virtual-wan-link), alive, sla(0x1), gid(0), cfg_order(0), local cost(20), selected
    3: Seq_num(2 spoke12-p1 virtual-wan-link), alive, sla(0x2), gid(0), cfg_order(1), local cost(20), selected
  Dst6 address(1): ::/0

      • On the Hub:

        Once the cost of spoke11-p1 is increased, multicast traffic fails over to hub2-phase1. Once the cost of spoke12-p1 is increased, multicast traffic fails over to hub3-phase1.

        FGT_A (root) (Interim)# diagnose sniffer packet any 'host  ff15::10' 4
interfaces=[any]
filters=[host  ff15::10]

....
385.497887 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
385.497927 hub-phase1 out 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
386.497967 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
386.498258 hub2-phase1 out 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
387.498044 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
...
400.499075 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
400.499120 hub2-phase1 out 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d] 
401.499180 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
401.499515 hub3-phase1 out 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
402.499254 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
402.499319 hub3-phase1 out 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
403.499330 port5 in 2000:172:16:205::100.41944 -> ff15::10.12345: udp 46 [flowlabel 0xa5e3d]
...

    5. When spoke13-p1 becomes out of SLA, SD-WAN selects spoke11-p1 as the preferred member.

      This change redirects the PIM-SM join message from Spoke-1 to RP towards spoke11-p1, causing the multicast traffic to failover to hub-phase1 on the Hub.

    6. Conversely, when spoke13-p1 is in SLA again, it is prioritized by SD-WAN.

      This adjustment redirects the PIM-SM join message from Spoke-1 to RP towards spoke13-p1, triggering a failover of the multicast traffic to hub3-phase1 on the Hub.

    Previous
    Next