Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sw2090
Honored Contributor

Strange behaviour of SD-WAN Loadbalancer

I have the following constellation which behaves quite strange

 

FGT100D

 

has 4 WANS. Port wan1,wan2,ha1,ha2. Those are members of sd-wan in following order:

 

wan1 cost 0

wan2 cost 0

ha1 cost 10

ha2 cost 10

 

the implicit sd-wan rule for loadbalancing is set to do spillover as lb algorithm.

thresholds are set like this:

 

wan1  egress 45000 kbit/s  ingress 10000 kbit/s (is 50/12mbit vdsl)

wan2  is set like wan1

ha1 egress 10000 kbit/s ingress 1000 kbit/s (is 16/2.5mbit vds)

ha2 is set like ha1

 

there is no other sd-wan rules.

there is sd-wan health check for all four wan that reports all sla green.

 

All policies that allow traffic to the internet use sd-wan as destination and have dnat enabled.

 

I manually turned of the asic overloading option on these polices on cli as recommended for spillover.

 

Accoarding to Fortinet KB and Cookbook this should balance like this:

 

primary traffic goes to wan1 

if wan1 is over threshold it goes to wan2

if wan2 is over threshold it goes to ha1

if ha1 is over threshold it goes to ha2

 

Traffic view on dashboard of the 100E shows me that currently none of the four has traffic over threshold at all.

Thus clients get routed to the internet using ha1 oder ha2 even though wan1 and wan2 with much more bandwith are available to the loadbalancer.

 

does anyone have some hint for me why it bhaves like that?

 

cheers

Sebastian


-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

0 REPLIES 0