Skip to main content
oliverlag
oliverlag
New Member
February 10, 2012
Question

tracking unhealty interfaces / avoid interface flapping as hsrp does

  • February 10, 2012
  • 4 replies
  • 9361 views
Hello guys.. I was wondering how I could track health/unhealth of interfaces that continuosly flap. My situation is this one: a customer with 2 wans, the main one via wifi internet, the other one is an adsl. Customer wants always exit with wan1 but if this one flaps he prefers to go to wan2 and stay there till wan1 become stable again. I would like something like ip sla + hsrp but I see this is not an option. Unluckily it' s not an option switch the two wans and use the wan2 as primary and the wan1 as backup. For me would be also enough to put it in shut for X minutes as soon as I realize that the wan1 flaps any idea? even using vdom etc etc thanks in advance Oliver

    4 replies

    emnoc
    emnoc
    New Member
    February 10, 2012
    For me would be also enough to put it in shut for X minutes as soon as I realize that the wan1 flaps any idea?
    here' s a chicken and egg scenario, if the interface was in shut for X mins, how would the device know it' s stable? I agreed with you that fortigate don' t have any ip sla or better yet a EEM feature, but you might eliminate alot of the issues if you had a dynamic routing protocol like OSPF enable on wan1 to wan2 and between the next-hop gateway. What you really need is a cisco like EEM script language. I' m sorry, that I can' t offer any other suggestion.
    oliverlag
    oliverlagAuthor
    New Member
    February 10, 2012
    I agree with you emnoc.. indeed it' s weird but customer prefers wan1 stays down for a while and then go back online after their working hours. (during the night for example). a working solution would be put a cisco in front of it with ip sla and eem. I' m trying to avoid this.. I ' m testing a solution with vdom. tnx a lot for your reply :)
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    February 13, 2012
    IMHO much too complicated. You can tackle the situation using the built-in ECMP feature, as follows: - create 2 default routes via wan1, wan2 with the wan2 route having a lower priority. - activate Gateway Detection on both wan ports - select ping targets for both ports (at different ISPs) - fine-tune the number of pings that are needed to be missing before the route fails over - fine-tune the ping interval (if necessary) - this is CLI only Assume the WiFi link is flapping, then if you miss say 20 pings in a window of 60 seconds fail over to wan2 (ADSL). The FGT will continue to ping via wan1 to determine that the line reverts to a stable condition, and fail back automatically. The finetuning is necessary to find the compromise between a large observation window (to notice the instability) vs. short reaction time/short downtime.
    oliverlag
    oliverlagAuthor
    New Member
    February 22, 2012
    Ede, thanks a lot for your quick reply and sorry for me being late (I' ve been busy with other stuff). Your solution could be fine with me.. I will try to convince the customer this is the best one and let' s see what will tell me. tnx for your help :) Oliver
    Terms & ConditionsAccessibility statement