Hey everyone.
I had a quick question about the following:
Setup
Management - FMG 200G
HUB - FG 201F HA pair
Spokes - FG 40F HA pairs
SDWAN overlay config is set to use ADVPN and spoke to spoke connectivity has been confirmed.
Our customer is asking for reports related to performance SLAs between spokes. I understand that performance SLAs generally point to the hub as configured by the FMG SDWAN overlay template. I've read up on how the spokes build the shortcuts between themselves, but I haven't been able to find anything related to building a performance SLA between spokes.
Is SDWAN with ADVPN able to do this or is this something that's easier seen in a custom report? I've tried a few shots in the dark with configuring performance SLAs between spokes, but I've had no success so far. I feel like having a standing SLA between spokes might mess with things and create a huge processing overhead for every device involved.
I appreciate any insight or help and thanks in advance.
-Joe
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Joe,
Yes, SD-WAN with ADVPN primarily uses performance SLAs pointing to the hub, not between spokes directly. Performance SLAs between spokes is not typically supported in this setup. ADVPN relies on the hub for dynamic shortcut creation between spokes, and direct spoke-to-spoke SLAs are not supported
Hello Joe,
Yes, SD-WAN with ADVPN primarily uses performance SLAs pointing to the hub, not between spokes directly. Performance SLAs between spokes is not typically supported in this setup. ADVPN relies on the hub for dynamic shortcut creation between spokes, and direct spoke-to-spoke SLAs are not supported
Hello kumarh,
I appreciate the response. Would a viable solution be to decentralize and step away from ADVPN by building direct point to point tunnels between the remotes and tie performance SLAs to those tunnels for path determination?
We have an environment that has about 15 remote sites using an MPLS/DIA redundant design that is centrally monitored from our colocation. There are times when the MPLS path between two remotes has an occasional issue that is not seen between the remotes and our colocation, so a centralized means of path selection isn't always ideal for us.
Thank you.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1546 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.