Link load balancing basics
The link load balancing (LLB) features are designed to manage traffic over multiple internet service provider (ISP) or wide area network (WAN) links. This enables you to subscribe to or provision multiple links, resulting in reduced risk of outages, additional bandwidth for peak events, and potential cost savings if your ISP uses billing tiers based on bandwidth rate or peak/off-peak hours.
In most cases, you configure link load balancing for outgoing traffic. Outbound traffic might be user or server traffic that is routed from your local network through your ISP transit links, leased lines, or other WAN links to destinations on the Internet or WAN. You configure link policies that select the gateway for outbound traffic.
When the FortiADC system receives outbound traffic that matches a source/destination/service tuple that you configure, it forwards it to an outbound gateway link according to system logic and policy rules that you specify.
The LLB feature supports load balancing among link groups or among virtual tunnel groups.
Using link groups
The link group option is useful for ISP links. It enables you to configure multiple ISP links that are possible routes for the traffic. The LLB picks the best route based on health checks, LLB algorithms, bandwidth rate thresholds, and other factors you specify, including a schedule.
LLB link groups shows an example topology when FortiADC is deployed to support link groups.
Using virtual tunnels
A virtual tunnel is a good choice when you want to load balance traffic from applications that embed the source address in the packet payload, like VPN and VoIP traffic. Such traffic can be difficult to load balance using traditional LLB methods. Virtual tunnels enable reliable, site-to-site connectivity using Generic Routing Encapsulation (GRE). The local FortiADC appliance encapsulates traffic so that it can be routed according to your link policy rules. The link policy rules use LLB techniques to identify the best available route among a group of links. If one of the links breaks down, the traffic can be rerouted through another link in the tunnel group. When traffic egresses the remote FortiADC appliance, it is decapsulated and the original source and destination IP addresses are restored.
WAN connectivity over single leased lines shows an example of a deployment that does not use LLB. It uses dedicated leased lines for its WAN links, which are reliable, but expensive.
LLB virtual tunnels shows the same network deployed with FortiADC appliances. The LLB link policy load balances traffic among more affordable ADSL links.
Depending on your business, you might use the link group option, the virtual tunnel option, or both.
The FortiADC system evaluates traffic to determine the routing rules to apply. With regard to link load balancing, the system evaluates rules in the following order and applies the first match:
|