Fortinet white logo
Fortinet white logo

Session-Aware Load Balancing Cluster Guide

5.2.10

Tuning UDP load balancing (UDP local ingress and UDP remote/local session setup)

Tuning UDP load balancing (UDP local ingress and UDP remote/local session setup)

Similar to TCP packets, UDP packets also pass through the FortiController twice: first on ingress when the packet is received from the network by the FortiController front panel interface and a second time on egress after the packet leaves a worker and before it exits from a FortiController front panel interface to the network.

Just like TCP sessions, by default new UDP sessions are added to the DP processor session table on egress. You can also enable UDP local ingress to add sessions to the DP processor on ingress using the following command:

config load-balance session-setup

set udp-ingress enable

end

or from the FortiController GUI by going to Load Balance > Session > Setup > UDP Local Ingress.

On egress, UDP packets are not handled the say way as TCP packets. UDP Packets are transmitted directly from the FortiController fabric backplane interface to the FortiController front panel interface, bypassing the DP processor. The workers update the DP processor UDP session table by sending worker-to-FortiController remote setup session helper packets.

You can change this on egress behavior by adjusting the UDP remote/local session setup. The default setting is remote. If you change the setting to local, both incoming and outgoing UDP sessions are forwarded by the DP processor; effectively doubling the number of UDP sessions that the DP processor handles. Doubling the session load on the DP processor can create a performance bottleneck.

You can switch UDP remote/local session setup to local if you experience errors with UDP traffic. In practice; however, remote mode provides better performance without causing errors.

You can change UDP remote/local session setup with the following command:

config load-balance session-setup

set udp-session local

end

or from the FortiController GUI by going to Load Balance > Session > Setup > UDP Session Setup.

For details about the life of a UDP packet, see Life of a UDP packet.

Tuning UDP load balancing (UDP local ingress and UDP remote/local session setup)

Tuning UDP load balancing (UDP local ingress and UDP remote/local session setup)

Similar to TCP packets, UDP packets also pass through the FortiController twice: first on ingress when the packet is received from the network by the FortiController front panel interface and a second time on egress after the packet leaves a worker and before it exits from a FortiController front panel interface to the network.

Just like TCP sessions, by default new UDP sessions are added to the DP processor session table on egress. You can also enable UDP local ingress to add sessions to the DP processor on ingress using the following command:

config load-balance session-setup

set udp-ingress enable

end

or from the FortiController GUI by going to Load Balance > Session > Setup > UDP Local Ingress.

On egress, UDP packets are not handled the say way as TCP packets. UDP Packets are transmitted directly from the FortiController fabric backplane interface to the FortiController front panel interface, bypassing the DP processor. The workers update the DP processor UDP session table by sending worker-to-FortiController remote setup session helper packets.

You can change this on egress behavior by adjusting the UDP remote/local session setup. The default setting is remote. If you change the setting to local, both incoming and outgoing UDP sessions are forwarded by the DP processor; effectively doubling the number of UDP sessions that the DP processor handles. Doubling the session load on the DP processor can create a performance bottleneck.

You can switch UDP remote/local session setup to local if you experience errors with UDP traffic. In practice; however, remote mode provides better performance without causing errors.

You can change UDP remote/local session setup with the following command:

config load-balance session-setup

set udp-session local

end

or from the FortiController GUI by going to Load Balance > Session > Setup > UDP Session Setup.

For details about the life of a UDP packet, see Life of a UDP packet.