|
Hash mode is configured under the SD-WAN rule or policy where load balancing is used. When multiple interfaces are selected as priority members, the FortiGate uses the configured hash algorithm to decide which link each session should use.
CLI:
config system sdwan
config service
edit <rule_id>
set load-balance enable
set load-balance-mode <hash-mode>
next
end
end
To select the load balance hash mode have to enable it under the rule. Once enabled, the mode can be selected, where the default mode is round-robin. Below, all the hash mode load balance algorithms are described.
- The round-robin distributes traffic evenly across all selected interfaces in a sequential, circular manner. Each new session uses the next interface in the list. Ideal for balanced, high-volume environments where sessions are short-lived, such as web browsing or microservices communication.
If three WAN links (WAN1, WAN2, WAN3) are configured, the first session goes through WAN1, the second through WAN2, the third through WAN3, and the fourth returns to WAN1.
- The source-ip-based routes all sessions from the same source IP address to the same interface. Useful for maintaining session persistence per client.
All traffic from a branch office with IP 192.168.x.x will always use a specific WAN until the session reset, ensuring stable connectivity for specific services that require sticky sessions from a specific source, like VPN or VoIP sessions.
- The source-dest-ip-based routes all sessions between a unique source and destination IP pair to the same interface. Suitable for environments where multiple clients connect to multiple destinations and session persistence per pair is required.
For example, traffic from 192.168.10.50 to 8.8.8.8 always uses WAN1, while the same source IP connecting to 1.1.1.1 may use WAN2. The session will be persistent with this load-balancing algorithm.
- The inbandwidth sends traffic to the interface with the most available inbound bandwidth. Mostly used when inbound traffic (downloads, uploads from cloud servers, etc.) is the primary concern.
If WAN1 is congested with high inbound usage, new sessions are sent through WAN2, which has more free inbound bandwidth.
- The outbandwidth sends traffic to the interface with the most available outbound bandwidth. Mostly used for upload-intensive environments such as file sharing or backup systems.
Large file transfers from local servers to the cloud will be directed to the link with the highest available outbound capacity.
- The bibandwidth chooses the interface with the best combined available bandwidth (both inbound and outbound). Offers a balanced approach when both upstream and downstream capacity are equally important.
When both WAN links have varying traffic loads, FortiGate dynamically selects the link with the best total available bandwidth for optimal performance.
The Load Balance hash mode in FortiGate plays a role in optimizing traffic flow across multiple WAN interfaces. Choosing the right mode ensures efficient use of bandwidth, consistent user experience, and stable network performance.
Related article:
Technical Tip: The difference between the load-balancing algorithms in SD-WAN rules
|
