SD-WAN Load Balancing and Implicit Rule Quiz

Questions and Answers

PDF Questions PDF Answers

Which load balancing algorithm is the default in FortiGate SD-WAN?

Volume

Source-Destination IP

Source IP (correct)

Spillover

What happens when the spillover limit is reached in FortiGate SD-WAN?

Sessions are dropped

Sessions are sent to the next member (correct)

Sessions are sent to the first member

Sessions are load balanced across all members

Which load balancing algorithm is based on the member weight in FortiGate SD-WAN?

Volume (correct)

Spillover

Source IP

Source-Destination IP

What does FortiGate do when a session matches the implicit rule?

Performs a standard FIB lookup

How does FortiGate load balance sessions that match ECMP routes?

Based on the member weight

Which load balancing algorithm sends sessions with the same source and destination IP pair to the same member?

Source-Destination IP

What is the default load balancing algorithm in FortiGate SD-WAN?

Source IP

What happens when none of the user-defined SD-WAN rules are matched?

The implicit rule is used

How does FortiGate load balance sessions across members?

Based on the member weight

What does FortiGate do when the bandwidth of an interface reaches the configured spillover limit?

Sends the session to the next member

Which setting controls the V-Dom ECMP algorithm when SD-WAN is enabled on FortiGate?

load-balance-mode

Which algorithm is supported by load-balance-mode but not by v4-ecmp-mode?

volume algorithm

Where are the weight and spillover thresholds defined when SD-WAN is enabled?

SD-WAN member configuration

Where are the weight and spillover thresholds defined when SD-WAN is disabled?

static route

Which criteria can be used to match traffic in SD-WAN rules?

All of the above

Which databases are used for destination internet service and application detection in SD-WAN rules?

ISDB and application control database

Who maintains the internet service and application control databases?

FortiGuard

How frequently are new versions of the IPS engine released?

Less frequently than definitions and databases

What happens when a new IPS engine version is released?

FortiGate automatically downloads it

What must be clicked to see the internet service and application-related options when creating a new rule using FortiManager?

Internet Service

Which load balancing algorithm instructs FortiGate to track the cumulative number of bytes of each member and distribute sessions based on the weight?

Volume

What is the formula to calculate the percentage of sessions or traffic sent to each member based on their weight?

% sessions or traffic = member weight / sum of all weights

When using the Sessions load balancing algorithm, out of 15 sessions, how many sessions would be sent to member A if it has a weight of 5?

5 sessions

When using the Volume load balancing algorithm, how much of the total amount of traffic would member A handle if it has a weight of 5 and member B has a weight of 10?

33.33%

When using the Volume load balancing algorithm, how much of the total amount of traffic would member B handle if it has a weight of 5 and member A has a weight of 10?

66.67%

When using the Sessions load balancing algorithm, are sessions distributed equally if ECMP routes are dynamic routes?

Yes

When using the Volume load balancing algorithm, are sessions distributed equally if ECMP routes are dynamic routes?

Yes

When using the Spillover load balancing algorithm, what should be adjusted for each member?

Thresholds

When using the Sessions load balancing algorithm, does the weight assigned to members necessarily translate to the same bandwidth or volume observed on members?

No

When using the Spillover and Volume load balancing algorithms, is it fine if the bandwidth exceeds the configured thresholds or if the amount of traffic exceeds the expected volume based on the weight?

Yes

Study Notes

FortiGate SD-WAN Load Balancing Algorithms

• The default load balancing algorithm in FortiGate SD-WAN is ** Sessions **.
• Spillover algorithm is based on the member weight and reaches a limit when the bandwidth of an interface reaches the configured spillover limit.
• Weight-based algorithm distributes sessions based on the weight of each member.
• ECMP (Equal-Cost Multi-Path) routes are used to load balance sessions that match ECMP routes.

Load Balancing Behavior

• When a session matches the implicit rule, FortiGate sends it to the member with the highest weight.
• When none of the user-defined SD-WAN rules are matched, FortiGate falls back to the default load balancing algorithm.
• When the bandwidth of an interface reaches the configured spillover limit, FortiGate sends traffic to the next available member.
• V-Dom ECMP algorithm is controlled by the v4-ecmp-mode setting when SD-WAN is enabled.

Load Balancing Algorithm Characteristics

• Sessions algorithm distributes sessions equally regardless of the weight assigned.
• Volume algorithm distributes traffic based on the weight of each member and calculates the percentage of traffic sent to each member using the formula: (weight of member / sum of all weights) * 100%.
• Spillover algorithm requires adjusting the threshold for each member.
• The weight assigned to members does not necessarily translate to the same bandwidth or volume observed on members.

SD-WAN Rule Matching and Databases

• SD-WAN rules can match traffic based on source and destination IP, port, and protocol.
• Destination internet service and application detection databases are used for SD-WAN rules.
• FortiGuard Labs maintains the internet service and application control databases.
• New IPS engine versions are released regularly and updating to the latest version ensures access to the latest threat intelligence.

FortiManager and SD-WAN

• To see internet service and application-related options when creating a new rule using FortiManager, click the "Internet Service" or "Application" tab.
• Weight and spillover thresholds are defined in the interface settings when SD-WAN is enabled, and in the SD-WAN rule when SD-WAN is disabled.

Description

Test your knowledge on implicit rule and load balancing in SD-WAN. Learn about load balancing algorithms, such as source IP and spillover, and how they distribute sessions across members. Explore the concept of implicit rule and its role in standard FIB.