Hot!SD-WAN best load balance algorithm?

Author
Kenundrum
Gold Member
  • Total Posts : 162
  • Scores: 23
  • Reward points: 0
  • Joined: 2008/05/15 10:25:50
  • Location: Rhode Island, US
  • Status: offline
2020/11/18 13:41:02 (permalink) 6.2
0

SD-WAN best load balance algorithm?

We've been using SD-WAN to load balance across 4 internet connections on version 6.0.x no problem for a long time. We recently updated to 6.2.x and have seen nothing but problems that seem to be related to sessions hopping from one ISP to another too frequently. We have looked at the logs and the destination interface for the same source/destination IP pair jumps periodically. We have been using weighted volume based balancing until now.
It seems that for the kinds of applications that most of our people use, either source-destination or just source-based balancing may be the best fit to force the connections to stay on the same outbound connection and not break signed-on web application sessions and the like.
So the question for the group is, do others see problems like this with connections jumping around? In the real world, do you see better results by trying to create specific rules for the troublesome destination applications to make the connections more sticky? Or is it easier to just do the source based balancing for everything?
 

CISSP, NSE4
 
#1

4 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 5863
    • Scores: 387
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: SD-WAN best load balance algorithm? 2020/11/18 17:45:55 (permalink)
    0
    Did you play around with the other LB and tray source-destination? I would look at 6.4.x and use it. SDWAN seems to be better and works simpler from my optinion
     
    https://docs.fortinet.com/document/fortigate/6.4.3/administration-guide/216765/implicit-rule
     
    Ken Felix
     
     
     

    PCNSE 
    NSE 
    StrongSwan  
    #2
    BensonLEI
    Bronze Member
    • Total Posts : 54
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/06/01 21:08:14
    • Status: offline
    Re: SD-WAN best load balance algorithm? 2020/11/18 22:10:19 (permalink)
    0
    Hi, guys,
     
    I am also having this curious questions of SD-WAN algorithm ( I am using Forti400E with FortiOS V6.4.2 ):
    1. if this implicit-policy only for default SD-WAN zone ?
    2. if I have more than 1 SD-WAN zone ( e.g. 2 zones ), how the implicit-policy applies for different SD-WAN zones ?
     
    3. I am now using the maximized bandwidth for different zones, how I can assign the load-balance/load-sharing portions among  the SD-WAN members ?
     
     
    Many thanks
     
     
     
     
     
    post edited by BensonLEI - 2020/11/18 22:14:54
    #3
    emnoc
    Expert Member
    • Total Posts : 5863
    • Scores: 387
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: SD-WAN best load balance algorithm? 2020/11/19 01:54:22 (permalink)
    0
    Did you read the information in the link I posted?
     
     
    When no explicit SD-WAN rules are defined, or if none of the rules are matched, then the default implicit rule is used.
     
     
     
    So when you build  rules above the implicit these rules are execute outside of what you have configured in implicit. Another item if your on 6.4.x you can't even clone or edit that rule. It like what the document says is the implicit implied rule.
     
    so all zones are impacted
     
     
    fwhibTH081 # diag sys sdwan zone
    Zone upg-zone-wan2 index=2
    members(1): 8(wan2)
    Zone virtual-wan-link index=1
    members(0):
    Zone vpn index=3
    members(2): 43(vpn1) 44(vpn2)
    Zone vpn index=4
    members(2): 47(vpn3) 48(vpn4)
     
    Remember the SDWAN concept is advance PBR with load-balance and session persistence.
     
    Ken Felix

    PCNSE 
    NSE 
    StrongSwan  
    #4
    BensonLEI
    Bronze Member
    • Total Posts : 54
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/06/01 21:08:14
    • Status: offline
    Re: SD-WAN best load balance algorithm? 2020/11/19 19:50:57 (permalink)
    0
    Hi, EMNOC,
     
    You seems an expert with the Fortinet SD-WAN.  Your kindly advice and recommendation will be great helpful.
     
    Some questions about SD-WAN ( we have Forti400E HA and Forti600E HA pair configurations with FortiOS v6.4.2 in different sites ):
    1. I find these devices have no option "SD-WAN load-balance", only "SD-WAN maximize bandwidth (SLA)", correct ?
    2. "SD-WAN maximize bandwidth (SLA)" has limited choices ( for example, no ip source, destination, session, weight ) ?
    3. Any document and recommendation suggests how this "SD-WAN maximize bandwidth (SLA)" assigns/controls the weight/portion of the SD-WAN link bandwidth ?
     
     
     
     
     
    I find new version of FortiOS v6.4.3, good for upgrade ?
     
     
    Many many thanks in advance.
     
     
     
     
    post edited by BensonLEI - 2020/11/19 20:38:39
    #5
    Jump to:
    © 2020 APG vNext Commercial Version 5.5