Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BensonLEI
Contributor

SDWAN rule "Maximize Bandwidth mode" for multi-link selection

Hi, guys,

 

I am using Ftg400E HA with FortiOS v7.0.3.

Three internet lines are configured in the Ftg400E and formed into "SDWAN for internet access"; the SDWAN  rule is using "maximize bandwidth mode", so three lines are sharing the internet traffic loading.

 

Recently, "internet line B and line C" are found unstable, while internet A is working well; hence I intend to configure internet line A and B still running in maximize bandwidth mode (load-balance mode), while line C is configured as hot-standby line. 

 

 

 

I tried this way, but failed ( still three lines running in round-robin mode) :

1.  SDWAN rule is still using "Maximize bandwidth mode"

2. but limited 2 lines for load-balanced 

3. configured line C with higher cost value

 

 

Configuration:

====================

Forti400e_01 # show sys sdwan
config system sdwan
set status enable
set load-balance-mode source-dest-ip-based
config zone
edit "virtual-wan-link"
next
edit "SASE"
next
edit "Access_to_Internet"
next
....
end
config members
edit 1
set interface "port2"
set zone "Access_to_Internet"
set gateway 203.15.105.97
next
edit 2
set interface "port3"
set zone "Access_to_Internet"
set gateway 112.84.27.1
next
edit 3
set interface "port4"
set zone "Access_to_Internet"
set gateway 104.118.6.225
set cost 10
next

 

 

 

Status checking:

====================================
Forti400e_01 # diag sys sdwan member
Member(1): interface: port2, flags=0x0 , gateway: 203.15.105.97, priority: 0 1024, weight: 0
Member(2): interface: port3, flags=0x0 , gateway: 112.84.27.1, priority: 0 1024, weight: 0
Member(3): interface: port4, flags=0x0 , gateway: 104.118.6.225, priority: 0 1024, weight: 0
.......

 

 

 

Forti400e_01 # get sys sdwan
status : enable
load-balance-mode : source-dest-ip-based
speedtest-bypass-routing: disable
duplication-max-num : 2
.......

 

 


Forti400e_01 # diag sys sdwan service

........

Service(1): Address Mode(IPV4) flags=0x200 use-shortcut-sla
Gen(1), TOS(0x0/0x0), Protocol(0: 1->65535), Mode(load-balance hash-mode=round-robin)
Members(3):
1: Seq_num(1 port2), alive, sla(0x1), gid(2), num of pass(1), selected
2: Seq_num(2 port3), alive, sla(0x1), gid(2), num of pass(1), selected
3: Seq_num(3 port4), alive, sla(0x1), gid(2), num of pass(1), selected
Src address(1):
0.0.0.0-255.255.255.255

Dst address(1):
0.0.0.0-255.255.255.255



 


Forti400e_01 # diag firewall proute list
list route policy info(vf=root):
.........

id=2134900737(0x7f400001) vwl_service=1(Access_to_Internet) vwl_mbr_seq=1 2 3 dscp_tag=0xff 0xff flags=0x10 load-balance hash-mode=round-robin tos=0x00 tos_mask=0x00 protocol=0 sport=0-65535 iif=0 dport=1-65535 path(3) oif=10(port2) num_pass=1 oif=11(port3) num_pass=1 oif=12(port4) num_pass=1
source(1): 0.0.0.0-255.255.255.255
destination(1): 0.0.0.0-255.255.255.255
hit_count=22790680 last_used=2022-08-30 00:10:01

 

===================================================

 

Any suggestion/recommendation ?

 

Many thanks

BensonLEI

4 REPLIES 4
nnair
Staff
Staff

Dear Customer,

You can follow this link for the Maximum bandwidth:

https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/708464/maximize-bandwidth-sl...
You can also set the interface preference as link A

 

BensonLEI

Hi, nnair,

If interface preferences only set as "link A", does it mean only "Link A" participates the SDWAN rule ( maximize balance mode ), thx ? or any more information for this item "interface preference"m thx ?

akristof
Staff
Staff

Hello,

If you will use all 3 links in SDWAN maximize-bandwidth rule, it will still be loadbalanced between all 3 links. You will need to create 2 rules:

- first rule you current maximize-bandwidth rule but remove link C

- second rule probably manual, with link C as only link in rule.

And you will need to enable SLA on health-checks to know when links are considered bad and not to use in first rule. If both LinkA and LinkB will be bad, then link C will be used.

Adrian
BensonLEI

We need a rule for link C is hot-standby

 

 

Top Kudoed Authors