Skip to main content
BensonLEI
BensonLEI
New Member
October 7, 2022
Question

Question for the SDWAN SLA configuration

  • October 7, 2022
  • 2 replies
  • 4152 views

Hi, guys,

 

I am using Fortigate 400E with FortiOS v7.0.3, and the SDWAN SLA performance configuration for the 3-link SDWAN ( SDWAN health-check ) is below:

 

SLA configuration and verification:

-----------------------------------------------------------
13Forti400e01 (Pingtest_to_61LAN) # show
config health-check
edit "Pingtest_to_61LAN"
set server "10.61.200.254"
set interval 1500
set probe-timeout 1000
set recoverytime 3
set members 2 11 13
config sla
edit 1
set link-cost-factor latency packet-loss
set latency-threshold 500
set packetloss-threshold 50
next
end
next
end

 

 

13Forti400e01 (Pingtest_to_61LAN) # get
name : Pingtest_to_61LAN
probe-packets : enable
addr-mode : ipv4
server : "10.61.200.254"
detect-mode : active
protocol : ping
ha-priority : 1
interval : 1500
probe-timeout : 1000
failtime : 5
recoverytime : 3
probe-count : 30
diffservcode : 000000
update-cascade-interface: enable
update-static-route : enable
sla-fail-log-period : 0
sla-pass-log-period : 0
threshold-warning-packetloss: 0
threshold-alert-packetloss: 0
threshold-warning-latency: 0
threshold-alert-latency: 0
threshold-warning-jitter: 0
threshold-alert-jitter: 0
members : 2 11 13
sla:
== [ 1 ]
id: 1

 

 

 

SDWAN eventlog

----------------------------


1: date=2022-10-06 time=18:11:22 eventtime=1665051082440260483 tz="+0800" logid="0100022921" type="event" subtype="system" level="critical" vd="root" logdesc="Routing information changed" name="Pingtest_to_61LAN" interface="Vlan606" status="up" msg="Static route on interface Vlan606 may be added by health-check Pingtest_to_61LAN. Route: (10.10.61.57->10.61.200.254 ping-up)"
2: date=2022-10-06 time=18:07:18 eventtime=1665050838874349798 tz="+0800" logid="0100022921" type="event" subtype="system" level="critical" vd="root" logdesc="Routing information changed" name="Pingtest_to_61LAN" interface="Vlan606" status="down" msg="Static route on interface Vlan606 may be removed by health-check Pingtest_to_61LAN. Route: (10.10.61.57->10.61.200.254 ping-down)"

 

-------------------------------

 

My questions:

1. Is anything of my SLA configuration problem, what reason causes the link "down -> up" period consumed 4 minutes ?

2. Any parameters/attributes for adjusting the probes, period, testing period ?

 

 

 

 

 

 

    2 replies

    jintrah_FTNT
    Staff
    jintrah_FTNT
    Staff
    October 7, 2022

    Hi,

     

    1. 3 consecutive successful ICMP responses/replies from server 10.61.200.254 should have been recorded only after 4 minutes to turn the health check status back to up state.

    2. I dont think any change needed, but it depends on your requirements on how fast or slow the probes should be send to converge the network based on the health checks.

     

    Best regards,

    Jin

    BensonLEI
    BensonLEIAuthor
    New Member
    October 7, 2022

    May I know if any way to upload my detailed SLA log results (diag sys sdwan sla-log SLAtest_LL_Links_to13DC 3 ), in ord to explain more ?

    jintrah_FTNT
    Staff
    jintrah_FTNT
    Staff
    October 7, 2022

    Yes, max of 5 files of size 5 MB max could be attached to a post.

     

    best regards,

    Jin

    BensonLEI
    BensonLEIAuthor
    New Member
    October 11, 2022

    Hi, jintrah_FTNT

     

    Thanks so much for your kind reply.

    The root reason is found, based on the Fortigate admin guide:

    1. Configure SLA Target:

      If the health check is used in an SD-WAN rule that uses Manual or Best Quality strategies, enabling SLA Target is optional. If the health check is used in an SD-WAN rule that uses Lowest Cost (SLA) or Maximum Bandwidth (SLA) strategies, then SLA Target is enabled.

      When SLA Target is enabled, configure the following:

      • Latency threshold: Calculated based on last 30 probes (default = 5ms).
      • Jitter threshold: Calculated based on last 30 probes (default = 5ms).
      • Packet Loss threshold: Calculated based on last 100 probes (default = 0%).

     

    I am currently using the FortiOS v7.0.3, May I know if the probe count of the Packet Loss can be adjusted ( due to I cant find this attribute to Packet Loss) ?

     

    Thanks so much.

    Benson

    Terms & ConditionsAccessibility statement