Technical Tip: The difference between the load-balancing algorithms in SD-WAN rules

Hassan97wsh · ‎09-23-2024

Description

This article highlights the differences in the load-balancing algorithms used when Load balancing is enabled on the SD-WAN rule. This option is also known as Maximize bandwidth (SLA) in FortiOS v7.4.0 and older.

Scope

FortiGate is configured with SDWAN and two or more internet links.

Solution

The below example shows the difference between two load-balancing algorithms round-robin (default) and inbandwidth.

With round-robin load-balancing, sessions will be distributed evenly across the selected SD-WAN members in a sequential manner (i.e. 1>2>3>1>2>3). With inbandwidth load-balancing, the FortiGate will consider the available bandwidth based on the configured estimated-downstream-bandwidth on the SD-WAN member and the current utilization.

The interface with the most available download bandwidth will be selected as the best interface.

Round-robin configuration:

config system sdwan

config service

edit 100

set mode load-balance <----- On v7.4.0 or older.

set load-balance enable<----- On v7.4.1 or newer.

set hash-mode round-robin

set priority-members 1 2

end

Round-robin SD-WAN debug:

FGT-B1 # diagnose sys sdwan service 100

Service(100): Address Mode(IPV4) flags=0x24200 use-shortcut-sla use-shortcut

Tie break: cfg

Shortcut priority: 2

Gen(4), TOS(0x0/0x0), Protocol(0): src(1->65535):dst(1->65535), Mode(sla hash-mode=round-robin)
Service role: standalone
Members(2):

1: Seq_num(2 port10 Underlay), alive, sla(0x1), gid(2), num of pass(1), selected
2: Seq_num(1 port9 Underlay), alive, sla(0x1), gid(2), num of pass(1), selected

Src address(1):

0.0.0.0-255.255.255.255

Dst address(1):

0.0.0.0-255.255.255.255

Round-robin packet capture:

2024-09-22 16:49:38.178635 port1 in 10.11.10.1 -> 8.8.8.8: icmp: echo request
2024-09-22 16:49:38.178805 port10 out 172.32.211.1 -> 8.8.8.8: icmp: echo request <- First session.
2024-09-22 16:49:38.249072 port10 in 8.8.8.8 -> 172.32.211.1: icmp: echo reply
2024-09-22 16:49:38.249147 port1 out 8.8.8.8 -> 10.11.10.1: icmp: echo reply
2024-09-22 16:49:39.252757 port1 in 10.11.10.1 -> 8.8.8.8: icmp: echo request
2024-09-22 16:49:39.252837 port10 out 172.32.111.1 -> 8.8.8.8: icmp: echo request
2024-09-22 16:49:39.323147 port10 in 8.8.8.8 -> 172.32.111.1: icmp: echo reply
2024-09-22 16:49:39.323218 port1 out 8.8.8.8 -> 10.11.10.1: icmp: echo reply
2024-09-22 16:49:41.654537 port1 in 10.11.10.1 -> 8.8.4.4: icmp: echo request
2024-09-22 16:49:41.654583 port9 out 172.32.211.1 -> 8.8.4.4: icmp: echo request <- Second session.
2024-09-22 16:49:41.718651 port9 in 8.8.4.4 -> 172.32.211.1: icmp: echo reply
2024-09-22 16:49:41.718720 port1 out 8.8.4.4 -> 10.11.10.1: icmp: echo reply
2024-09-22 16:49:42.722206 port1 in 10.11.10.1 -> 8.8.4.4: icmp: echo request
2024-09-22 16:49:42.722250 port9 out 172.32.111.1 -> 8.8.4.4: icmp: echo request
2024-09-22 16:49:42.786187 port9 in 8.8.4.4 -> 172.32.111.1: icmp: echo reply
2024-09-22 16:49:42.786274 port1 out 8.8.4.4 -> 10.11.10.1: icmp: echo reply

Inbandwidth configuration:

config system sdwan

config service

edit 100

set mode load-balance <----- On v7.4.0 or older.

set load-balance enable <----- On v7.4.1 or newer.

set hash-mode inbandwidth

set priority-members 1 2

end

config system interface

edit port9

set estimated-downstream-bandwidth 100000<----- 100 Mbps.

set estimated-downstream-bandwidth 100000

Inbandwidth SD-WAN debug:

FGT-1 # diagnose sys sdwan service 100

Service(100): Address Mode(IPV4) flags=0x24200 use-shortcut-sla use-shortcut

Tie break: cfg
Shortcut priority: 2

Gen(1), TOS(0x0/0x0), Protocol(0): src(1->65535):dst(1->65535), Mode(sla hash-mode=inbandwidth)
Service role: standalone
Members(2):

1: Seq_num(2 port10 Underlay), alive, sla(0x1), gid(2), num of pass(1), inbandwidth: 99920Kbps, selected
2: Seq_num(1 port9 Underlay), alive, sla(0x1), gid(2), num of pass(1), inbandwidth: 85820Kbps, selected

Src address(1):

0.0.0.0-255.255.255.255

Dst address(1):

0.0.0.0-255.255.255.255

Inbandwidth packet capture:

2024-09-22 17:15:45.489050 port1 in 10.11.10.1 -> 8.8.8.8: icmp: echo request
2024-09-22 17:15:45.489222 port10 out 172.32.211.1 -> 8.8.8.8: icmp: echo request <- First session.
2024-09-22 17:15:45.559506 port10 in 8.8.8.8 -> 172.32.211.1: icmp: echo reply
2024-09-22 17:15:45.559650 port1 out 8.8.8.8 -> 10.11.10.1: icmp: echo reply
2024-09-22 17:15:46.562957 port1 in 10.11.10.1 -> 8.8.8.8: icmp: echo request
2024-09-22 17:15:46.563133 port10 out 172.32.211.1 -> 8.8.8.8: icmp: echo request
2024-09-22 17:15:46.633736 port10 in 8.8.8.8 -> 172.32.211.1: icmp: echo reply
2024-09-22 17:15:46.633936 port1 out 8.8.8.8 -> 10.11.10.1: icmp: echo reply
2024-09-22 17:15:48.871972 port1 in 10.11.10.1 -> 8.8.4.4: icmp: echo request
2024-09-22 17:15:48.872139 port10 out 172.32.211.1 -> 8.8.4.4: icmp: echo request <- Second session.
2024-09-22 17:15:48.936506 port10 in 8.8.4.4 -> 172.32.211.1: icmp: echo reply
2024-09-22 17:15:48.936549 port1 out 8.8.4.4 -> 10.11.10.1: icmp: echo reply
2024-09-22 17:15:49.939543 port1 in 10.11.10.1 -> 8.8.4.4: icmp: echo request
2024-09-22 17:15:49.939759 port10 out 172.32.211.1 -> 8.8.4.4: icmp: echo request
2024-09-22 17:15:50.003849 port10 in 8.8.4.4 -> 172.32.211.1: icmp: echo reply
2024-09-22 17:15:50.003875 port1 out 8.8.4.4 -> 10.11.10.1: icmp: echo reply