Description | This article describes the meaning of the SLA target field displayed via CLI. | ||||||||||||||||||||||||||||||||||||
Scope | FortiGate v7.4. | ||||||||||||||||||||||||||||||||||||
Solution |
The sla_map field is displayed when the Lowest cost (SLA) strategy is selected in the SDWAN rule. To see the field, run the command 'diagnose sys sdwan service4 <id sdwan rule>' as shown below:
diagnose sys sdwan service4 1 Service(1): Address Mode(IPV4) flags=0x4200 use-shortcut-sla use-shortcut Dst address(1):
The command shows sla(0x1) for all members (Port1 and Port2). This means that all members meet the SLA target named Ping:
When one member doesn't meet the SLA target, the field shows sla(0x0), which means the interface will not be used:
diagnose sys sdwan service4 1 Service(1): Address Mode(IPV4) flags=0x4200 use-shortcut-sla use-shortcut Dst address(1):
In some cases, two SLA targets might be added to the same SD-WAN rule:
The following fields might be seen: sla(0x3) -> Match both targets sla(0x1) -> Match target 1 (Ping) - As per adding order. sla(0x2) -> Match target 2 (Ping2) - As per adding order. sla(0x0) -> No target match
Below is the output where Port1 and Port2 meet both SLA targets:
diagnose sys sdwan service4 1 Service(1): Address Mode(IPV4) flags=0x4200 use-shortcut-sla use-shortcut Dst address(1):
In the following example, Port1 meets the SLA of the target number 2 (that is Ping2 in this case) only: while Port2 meets both SLA targets:
diagnose sys sdwan service4 1 Service(1): Address Mode(IPV4) flags=0x4200 use-shortcut-sla use-shortcut Dst address(1):
If more SLA targets are added to the SD-WAN rule, the SLA map field will use different values to represent the status. The following output shows the output when 3 SLA targets are set and all of them are met by Port1 and Port2:
diagnose sys sdwan service4 1 Service(1): Address Mode(IPV4) flags=0x4200 use-shortcut-sla use-shortcut Dst address(1):
The sla_map field uses a bitmask representation to reference the SLA targets and their status. The first configured SLA target is assigned bit 0, the second configured SLA target is assigned bit 1, and so on. If the member meets the SLA target, the bit of the SLA target is set to 1, otherwise to 0. The following table shows the sla_map values for three SLA targets:
For example, an sla_map of 0x6 means that SLA targets 3 and 2 are met, but not SLA target 1 (6 = 4 + 2 + 0). |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.