Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sean3
New Contributor III

Created on ‎11-08-2024 07:47 PM Edited on ‎11-10-2024 10:03 PM

please clarify some concepts for performance SLA in SD-WAN

greetings all,

we've being suffering from SD-WAN solution for a long time. Could someone please clarify some concepts in performance SLA under SD-WAN?

sean3_0-1731123968886.png

 

1.what is Probe Timeout under Link Status? how it is calculated exactly?

the FortiManager says: Time to wait before a probe packet is considered lost (20 – 3600*1000 msec, default = 500)

Is the time a round-trip time (RTT) as mentioned below, the RTT being addressed in a common network context?

 

If it is RTT, then is the RTT in FortiGate the same RTT as being addressed in a common network context? Let's say:

"The round-trip time is how long it takes for a request sent from a source to a destination, and for the response to get back to the original source. Basically, the latency in each direction, plus the processing time."

 

2. what is latency under SLA target? how it is calculated exactly?

is Latency the same latency as being addressed in common network context? let's say:

"Network latency is how long it takes for something sent from a source host to reach a destination host. There are many components to latency, and the latency can actually be different A to B and B to A."

 

if all the above concepts are confirmed yes, then:

should the probe timeout value be configured at least twice higher than the latency? if it is configured less than that then there is a high chance that the request message (or probe message) will be considered lost and will impact the packet loss metric in SLA target, which will bring failover and cause production problem.

I think the RTT should even higher than just twice as the latency, as the target (server) need to take some time to process the request, then sends back the response.

Previously we were using Ping as the Active probe method, but we found Ping is quite unreliable, so we switched to use Active probing TCP-connect (https SYN+SYN/ACK), in this case, should we set the packet loss threshold at least twice higher than the latency?

 

Thanks

Labels:
113
0 Kudos
1 REPLY 1
Stephen_G
Moderator
Moderator

Created on ‎11-11-2024 04:17 AM

Hi sean3,

 

Your post was erroneously marked as spam by our automated system. I apologize for the inconvenience.

 

If you are in urgent need of help, consider talking with our TAC support team. Otherwise, we will try to get you an answer here.

 

Kind regards,

Stephen

Stephen - Fortinet Community Team
111
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.