Hi guys,
We have a requirement to have a very minimum traffic loss failover in our environment for an broadcast audio system.
We have two Hub sites running ADVPN and multiple spoke sites running ADVPN + iBGP.
We have chosen lowest cost SLA as the criteria so that the best link is chosen based on latency.
These are the settings for the health check and service rules on the spoke side.
config health-check
edit "HUB1_HC"
set server "172.30.255.253"
set update-cascade-interface disable
set update-static-route disable
set sla-fail-log-period 10
set sla-pass-log-period 10
set members 6 4 5 10
config sla
edit 1
set link-cost-factor latency packet-loss
set latency-threshold 500
set packetloss-threshold 10
next
end
config service
edit 3
set name "DC_RULE"
set mode sla
set dst "DC_Network"
set src "all"
config sla
edit "HUB1_HC"
set id 1
next
end
set priority-members 4 5 6 10
next
end
The latency between the spoke and Hub is between 50ms and 100ms.
Default iBGP settings are used.
For testing, we ping an IP in the server network at the Hub from a laptop behind a spoke.
There is a loss of connectivity for around 3-5 seconds when we bring down HUB1-VPN1 and force the traffic to go through HUB1-VPN1-2.
I understand that ping is not the best tool here to test because the real application uses UDP as its an audio broadcast system. At the moment, we don't have a way to test this in a better way.
Could someone please let me know if the settings we have are good to go or can we make the failover even quicker by reducing the timers?
I think the time it takes for the fail over is not even dependent on these timers as currently we just bring down WAN-1 by unplugging the interface which I think just flushes all routes through WAN-1.
In this case, is it normal to still have around 2-3 ping drops before WAN-2 takes over?
Appreciate any guidance on this. thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The backup VPN tunnel is on a FEX. The SDWAN feature is working as intended but we are looking for ways to improve failover times to have literally less than 0.5 second down time.
Hello ,
Please refer to the document to verify holdtime-timer on BGP configuration
Hi,
the document talks about optimizing bgp timers for HA failover scenarios.
In my case, we are trying to optimize the failover times between VPN-1 and VPN-2.
Bear in mind even if you reduce all SD-WAN monitoring values to bring the fail over time to few seconds, since the public IP will change then the sessions will need to reset.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.