|
As per the spillover load balancing algorithm, the highest priority member is used until bandwidth exceeds ingress and egress thresholds. Additional traffic is then sent through the next SD-WAN member.
The priority is often managed by manually configuring a priority value in SD-WAN member configuration.
config system sdwan
config members
edit 1
set interface "tunnel-A"
set zone "VPN"
set spillover-threshold 90000
set ingress-spillover-threshold 90000
set priority 10
next
edit 3
set interface "tunnel-B"
set zone "VPN"
set priority 20
next
However, SD-WAN will not consider member priorities when dynamic routing (BGP) is in use.
For the following routing entry pushed by BGP, interface tunnel-B is considered despite the priority set on the SD-WAN member interfaces (where tunnel-A is prioritized). FortiOS routes the traffic to 10.1.0.0/20 via tunnel-B (which is listed above tunnel-A in the route table) and it will never spillover.
Routing information:
* i10.1.0.0/20 172.16.23.2 0 100 0 0 65002 65001 65000 ? <1/->
*>i 172.16.22.1 192 100 0 0 65000 ? <1/1>
*>i 172.16.24.1 192 100 0 0 65000 ? <1/2>
Routing entry for 10.1.0.0/20
* 172.16.22.1 (recursive via tunnel-B tunnel 1.1.1.1)
* 172.16.24.1 (recursive via tunnel-A tunnel 2.2.2.2)
Further information on why BGP selects tunnel-B over tunnel-A can be seen in Technical Tip: Usage of BGP multipath and description of the BGP NLRI table.
SD-WAN implicit rule with spillover as load-balance method works only with static routes.
Configure a static route to override BGP routes. When a static route is configured, priority value assigned to each SD-WAN member will be considered.
config router static
edit 0
set dst 10.1.0.0 255.255.240.0
set distance 1
set sdwan-zone "VPN"
next
|
