2. Improving WAN link redundancy with Link Monitors

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys welcome back my name is Evan Adams in the foreign instructor and I am doing this video series just as a impromptu lab for when I take my NSE form I am taking it actually guys in in like five hours so I'm just throwing everything in the kitchen sink in here just to see if I can do what's required to be a Tennessee for certified for net four to gain awesome guy anyway says he can tell him a little bit loopy I've been studying I've been playing around I'm also a single dad of three kids blah blah blah anyways so in the last video and I didn't even think I was gonna upload those or or any of these but I always decide what the heck who cares right but we created a zone of to win interfaces alright and these are ten two hundred links and in our make-believe world that is that is our public IP addresses that we're gonna be using and I could not get the bloody thing to fail over all right I had to actually down the interface here and it gave me a little inspiration for something so this guy right here is gonna be my sidekick for these videos because they are not planned and if anyone's ever heard of a rubber duck debugging where you talk to a rubber duck to get inspiration yeah this is my 40 duck yeah hi 40 duck blank whatever all right he's gonna be that guy that you work with and you guys all know what I'm talking about that guy that's always like well why don't you do a better well sure all right so mr. duck here was not very impressed that I couldn't get the redundant links to fail over without downing the interface and it made me think and by the way I also put them here just because so much white space over here anyways uh and it made me think to myself well you know what that happens sometimes sometimes we don't have enough outage for it to be down but clearly there's something wrong with a link beyond our gateway beyond the the first hop right here within the autonomous system so I thought to myself and the duck was like man you suck you know why don't we go ahead and do a health link so if these links ever do Decker gates to the point where we can't pass traffic right even if the interface stays up it will still stay up so let's go ahead and do that so in this impromptu video I'm gonna set up a couple of health links and then we're gonna try that redundancy failover all over again so before I start I can't even remember where I picked off the last night so just like I said I've been running around so I'm gonna log into my FortiGate so I'm gonna start using Chrome to just because it seems to play a little bit nicer than Firefox these days I don't know why so I'll let that load up real quickly I'll just pin this to the taskbar all right and let's go to our forty gate all right here we go I'm gonna login I'm gonna make sure that that port one is up and running okay and honestly guys any video in this playlist is just for me so if you think my other ones sucked before this one is because I'm just gotta rollin with it so here we go alright so let's go to our network let's go to our interfaces and let's just make sure everything's up cuz I know that we're testing the load balancing I'm pretty sure they are up because I think in my last video we're distributing traffic between the two using the different algorithms so let's expand our zone here what okay they're both up but clearly you know I tried to disconnect this link and in my virtual world that doesn't create a down State now in the real world if we had a physical down connection right between the FortiGate and whatever edge terminating cable modem you know fiber connection whatever it would have a down state okay so but a lot of times that's not the case and it won't pull the routes unless there is a down state so my forty dock here was just like crank you suck yes I do suck and we're gonna do better so let's go ahead and hop into the CLI now normally I'd use like a tare term or something or secure CRT I'm just gonna go directly into the console port here alright and I cannot remember how to do this off top my head so but it's gonna be something like config system link health monitor alright and if we do a show here you can see we don't have any link monitors now what a link monitor is going to do and by the way guys if you are using SD Wham there is a more sophisticated way of doing this they call them SL A's alright I'll probably get there later okay but right now we're doing it the old way they ripped all of this out of the GUI I think starting with 5 4 and that's because of the way and load balancing which eventually turns to the SD Wham older versions of the 40 OS actually had a lot of the stuff baked right into the GUI but it's been replaced but this is still the old way of how to do it so I'm gonna call it something so I'm gonna edit I'm just gonna say when one all right and if we do a get here you can see all the different parameters now there's not much that we have to do what I'm gonna do is that I'm gonna set the source interface so set source interface to port 1 so this is going to be the link monitor for port 1 alright set server is going to be I'm just gonna use Google's DNS alright I know it's not within the autonomous system of my little cloud bedroom right it's not on my internet service provider it's beyond a couple of hops away that's what I'm trying to get at ok and then it does also support a whole bunch of other ones too by the way so if we do a set protocol here you can see the difference the different ones that are there I'm gonna keep it with peeing though alright and let me do it gets again here we go and then set gateway IP just so make sure that it leaves way in 1 alright there we go OOP and we don't have to worry about the source P address so I think that's actually it so but for every second it's gonna go out and ping if it loses five pings it's gonna take the routes out of the routing table and that's exactly what that does right there okay and once it comes back after five pings it will go ahead and bring itself back up so let's go ahead and do it next and what next will do is raise you one level from the CLI so you don't have to go all the way back in it's kind of like a table approach if you guys have ever used Michael Linux or do you notice it's kind of like that anyways let's do the next one set oops sorry edit ran - all right so this one's going to be for weigh-in - I always do a get here just to see my template so I'm gonna set my source interface now as port - I'm gonna set my server as I'm gonna go to the same place so it's fair and square all right set my gateway to 10.2 hundred two two five four and that should be enough now unfortunately there's nothing in the GUI that shows you that this thing's bloody working I always drove me nuts alright and but then mr. duck goes oh really are you sure yeah I'm sure nope there's a forty hack all right sure let's do it so guys this does work with six and below but I can confirm without a shadow of a doubt that in six - they took away the ability to do this so but if you set up link monitors and you're running in 4000 s 600 or below you can go to monitor here and you can actually go to SD man monitor and you can see your link Health's that you set up okay so as you can see our monitors are up and running and they're doing just fine going out to Google's DNS and check this out guys ready for the magic yeah watch this jitter latency and packet loss it's so not only can you see the active load balancing let me actually show you guys that let me go to get internet noise or make Internet noise sorry all right let's make some noise okay so this will generate some traffic for us and you can actually see it distributing the traffic based off of our source destination algorithm that we did but look at this look at that isn't it cool guys like you can actually keep an eye out on your jitter latency and packet loss directly from the GUI just using these health link monitors okay so and what's nice about that you know people start calling and saying the Internet Slough well what does that mean you know you won't have to be chasing you know Paul this is something in my internal system you can just come right here and be like oh no it's my internet service provider so anyways but the whole point was rubber ducky being a jerk here saying when you know your link went down and you didn't even failover well okay sure mr. doc let's try it are you guys ready so I think that's port - no that's port one let's kill it boom Oh dead now remember that in the last video all right that did not bring down that connection but now it should fail the five pings and remove itself automatically from the routing table yeah look at that what yeah let's go into our router monitor yeah do you guys see any static route any static route not at all did we lose connection to the Internet not one bit yeah is that cool or what okay pretty cool huh then when the link comes back alive because remember the interface never went down what once comes back to life all right it's gonna wait the five it's gonna wait the five pings and then once this comes back up yeah exactly yeah yeah look at that is that cool guys so we actually got failover based off of a criteria beyond our first little hop here so and the benefit of seeing the seeing the packet lost jitter and latency on our Wang connections I think has a lot of value so but if you guys do do the SD Wang alright it will do these and way more so coming up and I'll eventually do that eventually if I have time so rank alright guys so this ducting becomes annoying I'll probably stop doing them but mr. forty duck here thank you for being a jerk and hopefully someone will find value and I'll think of something else to do in the next video all right thanks a lot

Info

Channel: Devin Adams

Views: 1,264

Rating: undefined out of 5

Keywords: FortiDuck, FortiGate, WAN, Link Monitor, Fail-over, NSE4, Fortinet

Id: ACL11vSfOIg

Channel Id: undefined

Length: 11min 55sec (715 seconds)

Published: Wed Aug 28 2019