VRF-aware SD-WAN IPv6 health checks
VRF and source can be configured in SD-WAN IPv6 health checks.
config system sdwan config health-check edit <name> set addr-mode ipv6 set vrf <vrf id> set source6 <IPv6 address> next end end
This example shows how to configure VRF and source for SD-WAN IPv6 health check on a standalone FortiGate.
To configure the VRF and source for SD-WAN IPv6 health check:
config system sdwan set status enable config zone edit "virtual-wan-link" next end config members edit 1 set interface "R150" set gateway 10.100.1.1 set gateway6 2000:10:100:1::1 next edit 2 set interface "R160" set gateway 10.100.1.5 set gateway6 2000:10:100:1::5 next end config health-check edit "ping6" set addr-mode ipv6 set server "2000:10:100:2::22" set vrf 10 set source6 2000:10:100:1::2 set members 1 2 next end end
If an SD-WAN member can reach the server, but not on VRF 10, then it is dead:
# diagnose sys sdwan health-check Health Check(ping6): Seq(1 R150): state(alive), packet-loss(0.000%) latency(0.042), jitter(0.022), mos(4.404), bandwidth-up(0), bandwidth-dw(0), bandwidth-bi(0) sla_map=0x0 Seq(2 R160): state(dead), packet-loss(100.000%) sla_map=0x0
Only the SD-WAN member with the proper VRF route can have the protocol 17 route, so the VRF is functioning correctly:
# diagnose ipv6 route list | grep protocol=17 vf=0 tbl=10 type=01(unicast) protocol=17(fortios) flag=00000000 prio=1024 src:2000:10:100:1::2/128-> dst:2000:10:100:2::22/128 gwy:2000:10:100:1::1 dev=48(R150) pmtu=1500