Category Archives: Administration Guides

FortiWAN – Setting the system time & date

Setting the system time & date

[Date/Time] lets you configure time, date, and time zone. [Date] follows the year/month/day date format, and [Time] uses 24-hour time system in the hour:minute:second format. [Time Zone] is represented by continent and city, [America] and [New York], for example. FortiWAN uses NTP time server for accurate time synchronization, simply by clicking the [Synchronize Time] button. And other time servers are also included in the drop-down list which can be added or deleted at your preference.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

FortiWAN – Diagnostic Tools

Leave a reply

Diagnostic Tools

Click the tabs [IPv4] and [IPv6] on the upper side to choice diagnostic tools for IPv4 and IPv6.

IPv4

IPv4 ARP

Enforcement [ARP Enforcement] forces FortiWAN’s attached PCs and other devices to update ARP table. Click [Enforce] and system will send out ARP packets force ARP updates throughout the attached devices. Generally the function is used only when certain devices in DMZ cannot access the Internet after FortiWAN has been installed initially.

IP Conflict Test

[IP Conflict Test] checks if any PC’s IP address runs into conflict with that in WAN or DMZ settings in [Network Settings].

Click [Test] to start testing. And IP conflict message may be one of:

Test completed, no IP conflict has been found.
There is an IP conflict with a PC in DMZ, a public IP which has been assigned to WAN in [Network Settings] is now used in DMZ, for example. And the MAC address of this IP is also listed in the message.
There is an IP conflict with a PC in WAN; a public IP has been assigned to DMZ in [Network Settings] is now used in WAN, for example. And the MAC address of this IP is also listed in the message.

Clean IPv4 Session Table (Only Non-TCP Sessions)

The function is used to clean up non-TCP session tables in FortiWAN. In FortiWAN, protocols are managed with a session timer. Old sessions may be continuously retried by users that they keep unexpired. These old sessions, are always being valid and active instead of new ones. Hence, new sessions will not get into use unless session tables are cleaned up.

IPv4 Ping & Trace Route

Ping

[Ping] is used to detect network status. Enter an IP address or host name of target device. Select a port (WAN, LAN, or DMZ). If WAN port is selected, specify the WAN link number index. Details of ICMP error message and ping are outside the scope of this manual. Please refer to other documents for more information.

Note: If you ping a domain name, ensure DNS server have been specified in [System]->[Network Settings]->[DNS Server] (See “Set DNS server for FortiWAN”).

Trace

[Trace] is used to trace the route path of a packet from a specific port to destination host. Enter an IP address or host name of target device in [Target]. Select a link port (WAN, LAN, or DMZ). If WAN port is selected, specify the WAN link number index. [Host] can be an IP address or domain name of the target device.

Note: If you trace route with a domain name, ensure DNS server has been specified in [System]->[Network Settings]->[DNS Server] (See “Set DNS server for FortiWAN”).

Arping

[Arping] is used to detect the MAC address of a PC. Enter an IP address or host name of target device. Select a port (WAN, LAN, or DMZ). If WAN port has been selected, specify the WAN link number index. Details of ARP and error message are out of the scope of this manual; please refer to other documents for more information.

Note: If you arping with a domain name, ensure DNS server has been specified in [System]->[Network Settings]-> [DNS Server] (See “Set DNS server for FortiWAN”).

IPv4 ARP Table Show & Clear

[IPv4 ARP Table Show & Clear] is used to display or clear the ARP information of certain port. Select a [port] and click [Show], to display the ARP information of this port. Or select a [port], click [Clear] to clean up the ARP information of this port, and confirm the message to clear. After this, a message shows that ARP table has been cleared successfully.

Nslookup Tool

[Nslookup Tool] is used to inquire domain name of hosts. Enter a host in Target Domain. Select a host type from optical [Type] list: Any, A, AAAA, CNAME, DNAME, HINFO, MX, NS, PTR, SOA, SRV, TXT; and select a server from optical [Server] list: Internal DNS, Multihoming, etc. Click [Nslookup] to start the inquiring session, and the domain name of target host will show in the field. Click [Stop] to halt the session.

IPv6

IPv6 Neighbor Discovery Enforcement

When IPv6 Neighbor Discovery is enforced, FortiWAN will send out a “neighbor discovery” packet to neighbor servers or network devices within the same network to request for a reply of IPv6 and MAC address of devices found.

Clean IPv6 Session Table (Only Non-TCP Sessions)

IPv6 Ping & Trace Route

Ping

Note: If you ping a domain name, ensure DNS server have been specified in [System]->[Network Settings]->[DNS Server] (See “Set DNS server for FortiWAN”).

Trace

Note: If you trace route with a domain name, ensure DNS server has been specified in [System]->[Network Settings]->[DNS Server] (See “Set DNS server for FortiWAN”).

Arping

Note: If you arping with a domain name, ensure DNS server has been specified in [System]->[Network Settings]-> [DNS Server] (See “Set DNS server for FortiWAN”).

IPv6 Neighbor Table Show & Clear

[IPv6 Neighbor Table Show & Clear] is used to display or clear the IPv6 and MAC address of neighbor servers or devices. Select a [port] and click [Show], to display the neighbor information of this port. Or select a [port], click [Clear] to clean up the neighbor information of this port, and confirm the message to clear. After this, a message shows that neighbor table has been cleared successfully.

Nslookup Tool

Tcpdump

Interface	:	Tcpdump can capture FortiWAN data packets and download captured packets to local host for analysis and debug. Firstly, select an interface from [Interface] to capture packets. In its dropdown list, tunnel will display if Tunnel Routing has been configured. Option [Any] enables all interfaces to capture packets.
Timeout	:	Set [Timeout] value. Once time is over, capture will stop. Lastly, click [Start] to start capturing and download intercepted packets to local host. It should be noted that FortiWAN does not store the Tcpdump packets. Click [Stop] to stop capturing.

FortiWAN – Busyhour Settings

Leave a reply

Busyhour Settings

[Busyhour Settings] plays a crucial role in managing bandwidth. .Generally opening hours Mon-Fri: 09h00 to 18h00 is configured to be busy hours, for this period sees the advent of bandwidth-intensive applications in both intranet and extranet.

Default Type	:	Time segment unspecified in [Rules] below fall into this Default type either as idle or busy hours.
Rules	:	Defines time segment. The time segments are matched in sequence on a first-match basis. If none of the rules match, the default type is used. If time segment in [Default Type] is defined as idle hours, then unspecified time segment in this [Rules] is taken as idle hours as well.
E	:	Check the field box to add time segments in this list to [Rules].
Day of Week	:	Select a day of the week.
From	:	Start time.
To	:	End time.
Type	:	Defines the time segment, either busy or idle hours.

For the case that time period 09:00-18:00 from Monday to Saturday belongs to busy hour and only Sunday belongs to idle hour, set an idle rule for 00:00-00:00 on Sunday beyond a busy rule for Any day 09:00-18:00. The rule would be first matched from the top down.

As is shown in the figure, Sunday and hours beyond Mon-Sat: 09h00-18h00 are set to be idle hours. Remaining hours of the week belong to busy hours.

FortiWAN – Service Grouping

Leave a reply

Service Grouping

[Service Grouping] lets you create and manage service groups exclusively and efficiently. You can group an ICMP, a TCP/UDP Port, and a group of TCP/UDP Ports, particular applications and server ports. These predefined service groups are available and easy to use in the drop-down list of the fields of [Source] and [Destination] on such [Service] submenus as [Firewall], [NAT], [Virtual Server], [Auto Routing], [Inbound BM], [Outbound BM].

Group Name	:	Assign a name to a service group e.g. MSN File Transfer. The name will appear in the drop-down list of [Source] and [Destination] in [Service] submenus mentioned previously.
Enable	:	Check the field to enable a service group. Once the service group has been enabled, it will show in the drop-down list of [Source] and [Destination] in [Service] submenus mentioned previously.
Show/Hide IPv4/IPv6 Detail IPv4/IPv6 Rule Settings Table:	:	Click the button to show or hide the table details. After Hide Detail has been clicked, the table only shows the name of the service group and whether it has been enabled.
E	:	Check the field to add the list of services to the current service group.
Service	:	Enter a single or a set of ICMP / ICMPv6 or TCP / UDP ports. Single port follows the the format: port (xxx). A set of ports follow the format: xxx-yyy e.g. 6891-6900.
Action	:	Two options, to belong and not to belong, to determines whether service port defined in [Service] belongs to the service group. For exceptions in a set of service ports that belongs to the service group, the action of not to belong makes the configuration easier than separating the set of service ports into several groups.

Here is an example to elaborate on how to configure [Service Grouping]. Create a service group “MSN File Transfer”, which uses TCP 6891-6900. Then enter TCP@6891-6900 in the [Service] field.

FortiWAN – IP Grouping

Leave a reply

IP Grouping

[IP Grouping] lets you create and manage IP groups exclusively and efficiently. These predefined IP groups are available and easy to use in the drop-down list of the fields of [Source] and [Destination] on such [Service] submenus as [Firewall], [NAT], [Persistent Routing], [Auto Routing], [Inbound BM], [Outbound BM], [Connection Limit], and [Cache Redirect]. This section walks you through the steps to create an IP group.

IP Grouping Table:

Group Name	:	Assign a name to an IP group. The name will show in the drop-down list of [Source] and [Destination] in [Service] submenus mentioned previously.
Enable	:	Check the field to enable an IP group. Once the IP group has been enabled, it will show in the drop-down list of [Source] and [Destination] in [Service] submenus mentioned previously.
Show/Hide IPv4/IPv6 Detail	:	Click the button to show or hide the IPv4/IPv6 table details. After Hide Detail has been clicked, the table only shows the name of the IP group and whether it has been enabled.

After you have clicked [Show IPv4/IPv6 Detail], [IPv4/IPv6 Rules Settings] table displays. You can click [Hide IPv4/IPv6 Details] to close the table.

IPv4/IPv6 Rule Settings Table:

E : Check the field to add the list of IP addresses to the current IP group.

IP Address : Enter a single IPv4/IPv6 address, IPv4/IPv6 range, IPv4/IPv6 subnet or FQDN.

Service Grouping

Action : Two options, to belong and not to belong, to determines whether an IP address defined in [IP Address] belongs to the IP group. For exceptions in an IP range or subnet that belongs to the IP group, the action of not to belong makes the configuration easier than separating an IP range or subnet into several groups.

FortiWAN – Backup Line Settings

Leave a reply

Backup Line Settings

In the deployment of multiple links, a link might serve as backup line which is inactive unless it matches the enabling criteria. The choice of backup lines mostly depends on cost, especially in areas where charges are based on data traffic. Backup lines in standby do not cost a cent, thus only basic fees are charged. Contrary to backup lines, main lines are lines commonly in use. The concept is to be used below.

FortiWAN provides log mechanism to the Backup Line service, see “Log”.

Threshold Parameters

Backup Line Enable Time : The interval to enable backup lines after main lines have broken down.

Backup Line Disable Time : The interval to disable backup line after main lines have returned to normal.

Backup Line Rules table

Field Purpose / Description

Main Line : Select main lines, which can be multiple links.

IP Grouping

Backup Line : Select backup lines.

Algorithm : 5 options to activate backup lines:

All fail: when all lines defined in [Main line] are down l One fails: when one of the lines defined in [Main line] is down l Inbound bandwidth usage reached: when the inbound bandwidth consumption of all lines defined in [Main Line] reaches the defined level
Outbound bandwidth usage reached: when the outbound bandwidth consumption of all lines defined in [Main Line] reaches the defined level
Total traffic reached: when the total bandwidth consumption of all lines defined in [Main Line] reaches the defined level

Parameter : When the latter 3 options are chosen in [Algorithm], you can define here the bandwidth usage of the main lines over which backup lines are to be enabled.

FortiWAN – Port Speed/Duplex Settings

Leave a reply

Port Speed/Duplex Settings

[Port Speed/Duplex Settings] enables to configure port speed and duplex transfer mode. Generally it is set to auto-detect by default which works properly in most cases. Manual speed/duplex mode configuration is still necessary in event that some old devices are either not supporting auto-detect, or incompatible with FortiWAN.

Port Name	:	The list of all physical ports on FortiWAN.
Status	:	The physical connection status of the port. It shows whether the port has been connected to other detectable network devices e.g. a hub.
Speed	:	The current speed of the port. It can be a value either manually set or auto-detected.
Duplex	:	The current duplex of the port. It can be a value either manually set or auto-detected.
Settings	:	You can opt for desirable settings, which can be manually set or auto-detected.
MAC Address	:	The MAC address of the port.
HA	:	Click to enable HA (switch between master and slave units) based on the status of network ports. While HA is enabled in FortiWAN, the port status of both master and slave FortiWAN units will be compared to determine which unit should be selected as master. Once the number of functioning network ports on the master unit becomes lower than that on the slave unit, the slave unit will then be switched as master instead. (Only the status of selected network ports will be compared.) Note: This field is not available if VRRP has been enabled in [Networking Setting > LAN Private Subnet] setting page.

FortiWAN – Optimum Route Detection

Leave a reply

Optimum Route Detection

FortiWAN’s Optimum Route is a particular load balancing algorithm which determines the best WAN link for Auto

Routing and Multihoming by involving real Internet conditions in calculation, while the other algorithms, such as By Round-Robin, By Connection and By Upstream/Downstream/Total Traffic, only focus on the loading between the FortiWAN device and ISP’s gateways. Optimum Route is used mainly to avoid the inefficient transmission due to bad peering between ISPs. Peering between two ISPs is an interconnection of administratively separated Internet networks (belonging to the two ISPs individually) for the purpose of exchanging traffic between the users in each network. It allows the two ISP to directly hand off the traffic between each other’s customers, which might be the most efficient way to communicate between two networks if it is settlement-free. However, two situations might cause the transmission between two ISP networks inefficient; l If there is no agreement by the two ISP networks to peer, the transit service, which is a method to carry that traffic across one or more third-party networks (a few exchange points), will be required.

An ISP restricts the bandwidth for peering with another ISP on the purpose of competition in business. The peering point thus becomes a bottleneck and might make the transmission extremely slow between each other’s customers.

Although the other balancing algorithms determine a good WAN link among multiple WAN links (multiple ISP networks) for inbound and outbound traffic, they are not aware of the real situations between those ISPs. For example, two WAN links of a FortiWAN device are connected to ISP-A and ISP-B networks and the peering between each other is bad. Those non-optimum-route balancing algorithms might determine ISP-B WAN link for Auto Routing to transfer the traffic which is destined to a server located in ISP-A network (see Auto Routing). If the bad peering between ISP-A and ISP-B is the only exchange point, which is the bottleneck, for delivering the traffic, the transmission will become slow. Conversely, those balancing algorithms may also determine the IP of ISP-B WAN link for Multihoming (see Multihoming) to answer DNS queries coming from ISP-A network. Then the users in ISP-A network suffer the bad peering when accessing services on FortiWAN through ISP-B network.

Algorithm Optimum Route is just the opposite of those algorithms. It determines the optimum WAN link by going deep into the real Internet conditions in two modes: static IP table and dynamic detect.

Static IP table: A static IP table is a set of the IP addresses of an ISP network. Optimum Route evaluates the destination IP of out-going sessions against the IP tables for Auto Routing, and evaluates the source IP of DNS queries against the IP tables for Multihoming. If the evaluated IP matches the IP table of an ISP, which implies the ISP network that the evaluated IP belongs to is recognized, this ISP WAN link will be the optimum routing. Conceptually, it directly asks traffic being delivered directly through a WAN link connected to the ISP network that traffic source or destination belong to, so that traffic will not suffer a peering. This can be also implemented by specifying the source or destination filter with IP groups (See “IP Grouping”) in Multihoming or Auto Routing rules.
Dynamic detect: It dynamically evaluates WAN links according to the detected round-trip time (RTT) and the bandwidth loading. Bad peering brings bad RTT value.

The following configurations define how Optimum Route detect to determine an optimum WAN link. To use the

Optimum Route algorithm in Auto Routing and Multihoming, it requires specifying the algorithm “By Optimum Route” for a Auto Routing policy and A/AAAA Record policy, and applying the policy to corresponding filter rules and A/AAAA records. Without this, Optimum Route would never work even if the detection is configured. FortiWAN provides DNS Proxy to cooperate with Optimum Route to resolve an advanced issue caused by bad peering (See “DNS Proxy”).

Optimum Route Policy

Static IP Table	Uses static IP table only.
Dynamic Detect	Uses dynamic detection only.
Static, Dynamic	Uses static detection first, then switches over to dynamic detection if static detection fails. [Static, Dynamic] is the default detection method.
Dynamic, Static	Uses dynamic detection first, then switches over to static detection if dynamic detection fails.

Static IP-ISP Table

Enables to match the IP address entries in the table to work out the optimum route. Administrators can add, delete or inquire the desirable IP entry in the table.

The static IP-ISP tables are the reference for Optimum Route to recognize the ISP network that the source or destination IP of traffic belongs to and so that point the traffic to corresponding WAN link, which is the optimum routing. A static IP-ISP table contains the IP subnets of an ISP network. You have to maintain these IP subnets in a text file for creating an IP-ISP table. Each line of the text file indicates a IP subnet in format Network IP/Prefix, for example:

3.0.0.0/8

211.1.0.0/16

Note that it is strongly suggested that an IP file contains the IP subnets of only ISP, or Optimum Route might not run as expected. Please prepare the IP files for the IP-ISP tables. Another component of static IP-ISP table is the

WAN parameter, which indicates the FortiWAN’s WAN links connecting to the ISP’s network. Once traffic

matches the IP subnets of an IP-ISP table, Optimum Route determines a WAN link from the candidates. It is not such strictly limited that an ISP’s IP subnets can only be recorded in one IP-ISP record (just make sure an IP-ISP table contains only one ISP). The IP subnets of an ISP can be separated into multiple IP-ISP tables, just remember Optimum Route evaluates traffic against the tables top down by first match, and it picks up one of the corresponding WAN links if a table is matched.

Table Name	Name for the IP-ISP Table, such as an ISP’s name.
Setting	Set the IP subnets of an ISP to the table.
	Upload Upload the IP file of a ISP to save the ISP’s IP subnets to the static IPISP table. Click “Browse” to locate the IP file and click “Upload” to upload the file. You are required to upload an IP file (click “Upload”) first, then apply (click “Apply”) the settings of the IP-ISP table. Note that an IP table file is necessary to create a static IP-ISP table. After saving the IP subnets to the table, you might continue maintaining (add or remove) the IP subnets of the ISP. You can make it by editing the subnets in the following field Rule Setting or manually editing the IP file and re-upload it to the table. IP file re-uploading overwrites the original IP subnets of the table.
	Rule Setting	After uploading the IP file to the table, you can manually edit it by adding/removing subnets to/from the IP table if necessary. Without uploading an IP file to the table first, it is ineffective to add/remove IP subnets to/from the table.
		Subnet Address	Specify a subnet address to add/remove to/from the table. The acceptable format is [network address/netmask] or [network address/prefix], such as 202.99.0.0/255.255.255.0 or 202.99.0.0/24. A single IP or an unusual subnet mask like “/255.255.255.255” or “/32” is unacceptable.
		Action	Select the action for the specified subnet. Add to: Add the specified subnet to the static IPISP table. Remove from: Remove the specified subnet from the static IP-ISP table.
Parameter	Select the WAN links that are connected to the ISP network that this IP-ISP table indicates. Check the field of WAN link to select it. Multiple selection is allowed if more than one WAN link is connected to the same ISP network. Be ensure that the selected WAN links are exactly connected to the ISP network that the table indicates, or the Optimum Route might not run as excepted.
IP Query	Inquire if a single IP address is in the static IP table.

When the source or destination IP of a packet matches an static IP-ISP table, Optimum Route determines a WAN link from the intersections of the WAN parameters here and the corresponding WAN parameters of a Auto Routing policy or Multihoming A/AAAA record policy, according to the traffic loading on the WAN ports. For example:

Auto Routing policy: Label=By_OR, Algorithm=By Optimum Route, Parameter=1,2,3 (checked)

The matched IP-ISP table: Table Name=ISP_A, Parameter=2,3,4 (checked)

Traffic matches a Auto Routing filter rule is processed by Auto Routing according to the corresponding policy “By_ OR”. Optimum Rout is set to detect network by static IP-ISP table. Packet destination IP of the traffic matches the ISP’s network of IP-ISP table “ISP_A”, which WAN links 2, 3 and 4 are connected to the ISP network. Optimum Route determines a WAN link for Auto Routing from WAN link 2 and WAN link3, which are the intersections of WAN links 1, 2, 3 (WAN parameters set in the AR policy) and WAN links 2, 3, 4 (WAN parameters set in the IP-ISP table). If traffic loading on WAN port 2 is currently heavier than WAN port 3, WAN link 3 will be the optimum link that Optimum Route decides for Auto Routing. The traffic will then be transferred through WAN link 3 by Auto Routing. For Multihoming with algorithm By Optimum Rout, the process is similar.

Here are the situations cause Optimum Route by IP-ISP table detection returning nothing to Auto Routing and Multihoming:

Optimum Route returns nothing when the evaluated packet source and destination IP does not match any of the IPISP tables. This might because of incomplete collection of IP subnets of ISP networks. You can make the IP-ISP tables more complete by continuing IP subnets collecting and adding them to the tables. The more complete the IP subnets are, the better effect Optimum Route brings.
Even if traffic matches an IP-ISP table, Optimum Route returns nothing when there is no intersection of Optimum Route’s WAN parameters and Auto Routing (or Multihoming) policy’s WAN parameters. Please make sure at least one intersected WAN link between the policies.

The traffic will be processes by Auto Routing according to the specified fail-over policy (see Auto Routing), if Optimum Route returns nothing to Auto Routing for the traffic. Multihoming will answer the IP address defined to the first WAN link in the A/AAAA record policy (see Multihoming), if Optimum Route returns nothing to Multihoming for the query.

Dynamic Detect

Optimum Route’s dynamic detection detects the round-trip time (RTT) of traffic targets and involves it to a dynamic calculation to determine the optimum WAN link for Auto Routing and Multihoming. Optimum Route spreads detection packets to a target through all the enabled WAN links to collect the transmission latency between the FortiWAN device and the target via each WAN link (ISP). In Optimum Route, this RTT will also represent the latency for data transmission through each WAN link between the FortiWAN device and the class C that the detection target belongs to. Fort example, if Optimum Route detects 20 ms, 30 ms and 40 ms RTTs between FortiWAN and a target 211.21.1.100 through WAN link 1, 2 and 3, a reference table as follow will be maintained and cached for a wile:

Subnet=211.21.1.0/24, WAN1=20ms, WAN2=30ms, WAN3=40ms

During the cache period, Optimum Route uses the values directly to calculate the optimum WAN link for any subsequent traffic that the target belongs to subnet 211.21.1.0/24. As for the target we are talking about, Optimum Route takes the destination IPs of out-going session packets as the targets if they matches the relevant Auto Routing policies, and takes the source IPs of DNS queries as the targets if they matches the relevant Multihoming A/AAAA record policies.

To determine an optimum WAN link, Optimum Route evaluates on availability of the candidates by calculating the weight of each WAN link. The calculation of weight involves the detected RTT and current traffic loading, which are combined in specified ratio. It seems making sense that the less the RTT is the optimum the WAN link is, but practically it is not necessarily that data transmission to a target through a WAN link with less RTT but serious traffic congestion on the WAN port is better than through a WAN link with higher RTT but the WAN port is in full-availability.

To enable dynamic detection for Optimum Route, it requires to have the following settings configured. It contains three parts:

l The protocol and procedure used for detecting RTT. l The time period for caching detected RTT. l The ratio of RTT and traffic loading for availability evaluation.

Detection Protocol	ICMP and TCP are the protocols used to detect the RTT (Default: ICMP). ICMP (ping) or TCP (TCP connect request) packets are sent to a target through each of the enabled WAN links. So that system gets RTTs from the responses. Here are the options for the detection protocol: ICMP: Using ICMP for detections. TCP: Using TCP for detections ICMP, TCP: Using ICMP for detections first. System will try TCP detection if the ICMP detections are declared failed. TCP, ICMP: Using TCP for detections first. System will try ICMP detection if the TCP detections are declared failed.
Detection Period, in Seconds	The time interval between retries if there is no response received for current detection. (Default: 3 seconds).
Number of Retries	The times that system will retry if detections continue receiving no responses (Default: 3 retries). Retry will stop as long as a response is received, or system will declare the RTT detection is failed if all the retries receive no responses.
Cache Aging Period, in Minutes	The time period to cache the detected results (Default: 2880mins, ie. 2days). After the cache is cleaned, system will re-trigger detections for the same request.
Weight of Round Trip Time : Weight of Load	A parameter used to calculate the optimum route. It shows how much round trip time (RTT) and link load account for in calculating the optimum route. Note: The smaller the field value is, the less it accounts for in optimum route calculation.