Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AtiT
Valued Contributor

SDWAN default route usage

Hello,

I would like to ask a simple question. When I am going throught over SDWAN configuration examples sometimes I can see that a defalt route to SDWAN interface is created and sometimes not.

 

This one:

config router static edit 1 set distance 1 set sdwan enable next end

 

This will crewate default routes to all SDWAN interface members like:

 

Routing table for VRF=0 S* 0.0.0.0/0 [1/0] via 10.10.113.1, port1 [1/0] via 10.10.123.1, port2 [1/0] via 10.95.0.1, OL_I_11-1 [1/0] via 10.95.2.2, OL_I_12-1 [1/0] via 10.95.4.1, OL_I_11-2 [1/0] via 10.95.6.1, OL_I_12-2 B 10.10.111.0/24 [200/64700] via 10.95.0.1, OL_I_11-1, 3d19h48m [200/64700] via 10.95.2.1, OL_I_12-1, 3d19h48m B 10.10.112.0/24 [200/64700] via 10.95.6.2, OL_I_12-2, 3d19h48m

......

 

Do we really need it? Or what is the best practice where/when/why to use it?

Thanks.

AtiT

AtiT
3 REPLIES 3
Toshi_Esumi
Esteemed Contributor III

First, regardless SD-WAN or not, SD-WAN needs default routes to all interface if internet traffic needs to go out to the interfaces. Probably, the example you might saw without explicitly configuring the SD-WAN static route was the internet circuit(s) are DHCP or PPPoE so the default route is inserted into the routing table when the interface comes up.

AtiT
Valued Contributor

Hi,

the interface can be a DHCP interface it does not really matter. When you configure SDWAN interface meme you will not configure the gateway as it will be obtained from the DHCP server. There is no reason to leave this interface out. So you can still use the SDWAN default route.

 

The question is still in the air. Why do not use the SDWAN route?

 

test1 # show system interface internal1 config system interface edit "internal1" set vdom "root" set mode dhcp set distance 10 set allowaccess ping https ssh set type physical set alias "WAN1" set snmp-index 6 next end

 

test1 # diagnose sys sdwan member Member(1): interface: internal1, gateway: 172.25.27.1, priority: 0, weight: 0 Member(2): interface: OL_FR1M11_0, gateway: 10.95.11.3, priority: 0, weight: 0.

 

test1 # show router static config router static edit 1 set distance 1 set sdwan enable next end

 

test1 # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default

 

Routing table for VRF=0 S* 0.0.0.0/0 [1/0] via 172.25.27.1, internal1 [1/0] via 10.95.11.3, OL_FR1M11_0 B 10.10.111.0/24 [200/0] via 10.95.11.3, OL_FR1M11_0, 00:12:43 C 10.95.11.0/24 is directly connected, OL_FR1M11_0 B 10.95.11.3/32 [200/0] via 10.95.11.3, OL_FR1M11_0, 00:12:43 C 10.95.11.222/32 is directly connected, OL_FR1M11_0 B 10.95.200.3/32 [200/0] via 10.95.11.3, OL_FR1M11_0, 00:12:43 B 10.95.200.5/32 [200/0] via 10.95.11.5, OL_FR1M11_0, 00:12:43 B 10.95.200.8/32 [200/0] via 10.95.11.8, OL_FR1M11_0, 00:12:43 B 10.95.200.111/32 [200/0] via 10.95.11.111, OL_FR1M11_0, 00:12:43 C 10.95.200.222/32 is directly connected, loopback.root B 172.25.1.0/24 [200/0] via 10.95.11.3, OL_FR1M11_0, 00:12:43 C 172.25.27.0/24 is directly connected, internal1

test1 #

 

AtiT

AtiT
Toshi_Esumi
Esteemed Contributor III

Are you saying your second example should include more than two next hops in the default route because you have more than two members, which are not showing in diag sys sdwan member somehow? What version is this, 6.0, 6.2 or 6.4?

Labels
Top Kudoed Authors