Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sean3
New Contributor III

Created on ‎11-23-2024 06:45 PM

what is the result if an SD-WAN member interface is Down

greetings all,

 

I know that SLA targets in performance SLA are a set of constraints that are used in SD-WAN rules to control the paths that traffic takes. 

and The Link Status section of the performance SLA configuration consists of three settings that determine the frequency that the link is evaluated, and the requirements to be considered valid or invalid.

 

what if I set:

Packet Loss in SLA targets to 12%, and

Failures before inactive in Link Status: 5.

And I use= Lowest Cost (SLA) in SD-WAN rule

 

Scenario: there are 5 consecutive Packet Loss at a specific time point, but the Packet Loss rate is still lower than 12% (calculated based on the latest 100 probe). Will any a link re-selection occur? If yes, will existing traffic session be interrupted and re-established via the newly selected link? If yes, will the communication of the session be down for a short time?

 

Thanks,

Sean

326
0 Kudos
4 REPLIES 4
Stephen_G
Moderator
Moderator

Created on ‎11-26-2024 05:34 AM

Hello,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Stephen - Fortinet Community Team
260
0 Kudos
wmichael
Staff
Staff

Created on ‎11-26-2024 02:55 PM

Lowest cost SLA strategy, the FortiGate will choose the link with the lowest cost that is meeting the performance SLA.

 

The packet loss (5 consecutive lost) will determine if the link is active or inactive.  If you have "update static route" configured, this will remove the static route of that SDWAN member, forcing all the traffic out one of the other SDWAN members.  This may or may not interrupt traffic depending on the kind of traffic going out.  The session should be able to be re-established over the new member interface being used quickly.

 

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/580649/link-health-monitor

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/342836/lowest-cost-sla-strat...

240
sean3
New Contributor III
In response to wmichael

Created on ‎11-28-2024 04:58 PM

thanks wmichael,

 

due to some specific reason, we do not enable "Update Static Route" when link becomes inactive upon 5 consecutive probing failure. Will the link be down if 5 consecutive probing failure but the Packet Loss in SLA targets is still less than 12%? Here I provide a fact which occurred recently.

401673687.png

I got the above log from FortiAnalyzer, the session 401673687 is fail overed from port 17 to OL_INET_SKO_112. During this period, we did have performance SLA failure which caused the link re-selection. The same event also.

391754672.png

but we also have some other event different:

Screenshot 2024-11-24 100020.png

197
0 Kudos
sjoshi
Staff
Staff

Created on ‎11-29-2024 12:58 AM

please refer how the sla function in fortigate sdwan

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/342836/lowest-cost-sla-strat...

Let us know if this helps.
Salon Raj Joshi
175
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.