In this example, dynamic path selection should be set up for all data traffic in a scenario with two VPN tunnels over two different Internet connections from the branch office to the headquarters. The IP address for testing the line quality with ICMP test packets is the private IP address of the central-site gateway, 10.8.0.3. The goal is that only the best line or VPN tunnel should be selected according to the latency.
Dynamic path selection is activated at the branch office only. We are assuming that both of the Internet connections are available and that the two VPN tunnels VPN_A and VPN_B are already configured as a load balancer with the name VPN_LB:
- Add a new table row under .
The first step is to create a new measurement profile. The IPv4 destination is the private IP address of the central gateway, 10.8.0.3. Measurement packets used to evaluate the paths are sent over the VPN tunnels (SD-WAN overlays) every 5 seconds.
- Add a new table row under .
The next step is to create a new policy with an SLA metric "Latency" set with a threshold of 50 ms. If the corresponding VPN tunnel has a latency of less than 50 ms, the path is given a score of 100 (points). A connection that does not meet this criterion receives a score of 0, i.e. it is rated as worse. The path with the highest score is the preferred path and is therefore used for the data traffic. If both paths have an identical score of 100, load balancing is performed with both of the VPN tunnels.
- Add a new table row under .
In the following, the newly created policy is linked to the VPN load balancer cluster VPN_LB. The priority fields can be left blank.
- Add a new table row under .
Create a new firewall rule that accepts all traffic and that has the value "LB-RICHTLINIE" as the load balancer policy.
