Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
espositop2004
New Contributor

Sdwan-failover

Hi all,

for a customer I'm configuring the sdwan,
In order to be sure that everything works fine, I have done failover test, in particular I have simulated a fault between two lines.
When it appears the device recognize the fault and it send traffic to another one but, when I enable the interface or reconnect the cable, the device takes 20-25 seconds to send traffic on both lines, in the meanwhile I receive a lot of packet loss.

I would like to know if there is a configuration-parameter that allow the device to "realize" in the fast way that the connection was recover.

How many time takes the device to "know" that the connection was established ?

Many thanks in adv.

 

 

7 REPLIES 7
aionescu
Staff
Staff

Hi @espositop2004 

 

Under the performance SLA there there is the "set recovery time" paramter which, by default has a value of 5 meaning: the SLA state switches back to alive after 5 consecutive responses from the SLA server.

This option is configurable both from the GUI and CLI:

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/478384/performance-sla-link-monitoring

 

FortiGab

Hello aionescu, 

in case of WAN1 interface failover to WAN2, it is possible to stick connectivity on the WAN2 without switching back to WAN1 when it is come back?

 
Living our FortiLife
espositop2004
New Contributor

Hi Aionescu,

many thanks for your mail.

 

You need to know that this configuration I have already done on my devices with the same parameters. The FG version is 7.0.6

The problem is that when I reconnect the cable I have to wait at least 20 sec that the connection come back "up&running" .

For your opinion to allow the device to stay more active could I try to modify the value about "Failures before inactive" and "Restore link after" to put 3-4 instead of 5 ?

 

Could be a good solution?

 

 

 

sdwan_sla.png

akristof

Hello,

It depends, what kind of link it is, is it pppoe or dhcp? You can check via cli what is the status of the health-check.

Adrian
espositop2004
New Contributor

Hi Adrian,

many thanks for your mail.

 

At the moment everything works fine.

 

Below the status of health check of the two lines.

As you can see I have the value of jitter and latency more high than the other line but, it is not represent a problem because the applications works fine.

Seq: state(alive), packet-loss(0.000%) latency(1.574), jitter(0.749), bandwidth-up(999999), bandwidth-dw(1000000), bandwidth-bi(1999999) sla_map=0x1
Seq: state(alive), packet-loss(0.000%) latency(63.428), jitter(11.240), bandwidth-up(999998), bandwidth-dw(1000000), bandwidth-bi(1999998) sla_map=0x0

 

I have problem only when I try to do failover between the line.

 

Paolo

aionescu

Hi @espositop2004 , it makes no sense to have packet loss. Even if it takes longer than expected for the second link to recover (there is no info about routing protocols used) traffic should be sent over the active link. 

Were you able to collect some traffic logs while the issue is ongoing?

espositop2004

Hi Aionescu,

at the moment I'm not able to do it because all devices are in production so that, I can do it next week when I'll migrate new branch office.

 

many thanks in advanced for your coop.

 

Regard,

Paolo