Fortinet black logo

New Features

7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

VRF-aware SD-WAN IPv6 health checks

VRF-aware SD-WAN IPv6 health checks

VRF and source can be configured in SD-WAN IPv6 health checks.

config system sdwan
   config health-check
      edit <name>
         set addr-mode ipv6
         set vrf <vrf id>
         set source6 <IPv6 address>
      next
   end
end

This example shows how to configure VRF and source for SD-WAN IPv6 health check on a standalone FortiGate.

To configure the VRF and source for SD-WAN IPv6 health check:
config system sdwan
    set status enable
    config zone
        edit "virtual-wan-link"
        next
    end
    config members
        edit 1
            set interface "R150"
            set gateway 10.100.1.1
            set gateway6 2000:10:100:1::1
        next
        edit 2
            set interface "R160"
            set gateway 10.100.1.5
            set gateway6 2000:10:100:1::5
        next
    end
    config health-check
        edit "ping6"
            set addr-mode ipv6
            set server "2000:10:100:2::22"
            set vrf 10
            set source6 2000:10:100:1::2
            set members 1 2
        next
    end
end

If an SD-WAN member can reach the server, but not on VRF 10, then it is dead:

# diagnose sys sdwan health-check
Health Check(ping6):
Seq(1 R150): state(alive), packet-loss(0.000%) latency(0.042), jitter(0.022), mos(4.404), bandwidth-up(0), bandwidth-dw(0), bandwidth-bi(0) sla_map=0x0
Seq(2 R160): state(dead), packet-loss(100.000%) sla_map=0x0

Only the SD-WAN member with the proper VRF route can have the protocol 17 route, so the VRF is functioning correctly:

# diagnose ipv6 route list | grep protocol=17
vf=0 tbl=10 type=01(unicast) protocol=17(fortios) flag=00000000 prio=1024 src:2000:10:100:1::2/128-> dst:2000:10:100:2::22/128 gwy:2000:10:100:1::1 dev=48(R150) pmtu=1500
Previous
Next

VRF-aware SD-WAN IPv6 health checks

VRF and source can be configured in SD-WAN IPv6 health checks.

config system sdwan
   config health-check
      edit <name>
         set addr-mode ipv6
         set vrf <vrf id>
         set source6 <IPv6 address>
      next
   end
end

This example shows how to configure VRF and source for SD-WAN IPv6 health check on a standalone FortiGate.

To configure the VRF and source for SD-WAN IPv6 health check:
config system sdwan
    set status enable
    config zone
        edit "virtual-wan-link"
        next
    end
    config members
        edit 1
            set interface "R150"
            set gateway 10.100.1.1
            set gateway6 2000:10:100:1::1
        next
        edit 2
            set interface "R160"
            set gateway 10.100.1.5
            set gateway6 2000:10:100:1::5
        next
    end
    config health-check
        edit "ping6"
            set addr-mode ipv6
            set server "2000:10:100:2::22"
            set vrf 10
            set source6 2000:10:100:1::2
            set members 1 2
        next
    end
end

If an SD-WAN member can reach the server, but not on VRF 10, then it is dead:

# diagnose sys sdwan health-check
Health Check(ping6):
Seq(1 R150): state(alive), packet-loss(0.000%) latency(0.042), jitter(0.022), mos(4.404), bandwidth-up(0), bandwidth-dw(0), bandwidth-bi(0) sla_map=0x0
Seq(2 R160): state(dead), packet-loss(100.000%) sla_map=0x0

Only the SD-WAN member with the proper VRF route can have the protocol 17 route, so the VRF is functioning correctly:

# diagnose ipv6 route list | grep protocol=17
vf=0 tbl=10 type=01(unicast) protocol=17(fortios) flag=00000000 prio=1024 src:2000:10:100:1::2/128-> dst:2000:10:100:2::22/128 gwy:2000:10:100:1::1 dev=48(R150) pmtu=1500
Previous
Next