Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
abarushka
Staff
Staff

Created on ‎10-24-2019 05:36 AM Edited on ‎06-06-2022 07:57 AM By Anonymous

Article Id 192268

Technical Tip: Configuring Performance SLA with TWAMP probes

Description
This article explains the configuration procedure that shows how to Configure a Performance SLA with TWAMP probes.

Solution
Two-Way Active Measurement Protocol defines a standard for measuring round-trip network performance between any two devices that support the TWAMP protocols.
The TWAMP-Control protocol is used to set up performance measurement sessions only via CLI.

The TWAMP architecture is composed of the following four logical entities that are responsible for starting a monitoring session and exchanging packets:

- The control-client sets up, starts, and stops TWAMP-Test sessions.
- The session-sender instantiates TWAMP-Test packets that are sent to the session-reflector.
- The session-reflector reflects a measurement packet upon receiving a TWAMP-Test packet. The session reflector does not collect packet statistics in TWAMP.
- The TWAMP server is an end system that manages one or more TWAMP sessions and is also capable of configuring per-session ports in the end points. The server listens on the TCP port. The session-reflector and server make up the TWAMP responder in an IP SLAs operation.

Configurations over Firewall

FGT-1 as TWAMP Client:

# config system virtual-wan-link
# config health-check
    edit SLA_TWAMP
        set server 1.1.1.1
        set protocol twamp
        set port 8008
        set security-mode authentication
        set password xxx
        set interval 500
        set packet-size 64
        set members 1 2 3                <----- *seq-num    Member sequence number.
    end

FGT-DC as TWAMP Server:

# config system probe-response
    set mode twamp
    set port 8008
    set security-mode authentication
    set password XXX
end
# config system interface
    edit port5
        set ip 1.1.1.1 255.255.255.0
        set allowaccess (…) probe-response (…)
    next
end

Both units should be in the same time zone:

# config system global
    set timezone <time zone value should be the same on both units>
end

Results:

# diag sys virtual-wan-link health-check <performance-sla-name>
Health Check(SLA_TWAMP_FGTDC):
Seq(4): state(alive), packet-loss(0.000%) latency(87.813), jitter(19.177) sla_map=0x0
Seq(5): state(alive), packet-loss(0.000%) latency(109.494), jitter(11.875) sla_map=0x0
Seq(6): state(alive), packet-loss(0.000%) latency(90.026), jitter(16.318) sla_map=0x0





7936
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.