Fortinet black logo

Admin Guide (Standalone)

Home FortiExtender 7.0.2 Admin Guide (Standalone)

Aggregate interface support with load-balancing

7.0.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.0
7.0.3
7.0.2
7.0.1
Copy Link
Copy Doc ID 015f89e6-2d48-11ec-9c99-00505692583a:999973
Download PDF

Aggregate interface support with load-balancing

Interfaces of the same type can be aggregated into a virtual aggregate interface as its members. A member of an aggregate interface can be monitored by HMON. A member is considered as healthy if its link is up and marked as ALIVE by HMON. Only a healthy member could be considered as a candidate for sending and receiving packets.

Interfaces are aggregated in either of the following ways:

  • Active backup—Only one member of the aggregate interface is active to send and receive packets at a time. One member should be designated as the primary and the others as secondary. If the primary member is healthy, it should be chosen as the active member. Otherwise, another healthy member must be chosen instead. Once the primary member becomes healthy again, it will take over the traffic.
  • Load balance—All healthy members are active for sending and receiving packets. Packets are sent over active members based on the round-robin algorithm at the same time. Packets originated from the same source follow the same path.

Once an interface becomes a member of an aggregate interface, it must not be used for firewall and PBR. The aggregate interface must be used instead.

To create an aggregate interface in the GUI:
  1. Go to Networking>Aggregate Interface.
  2. Click Create Aggregate Interface.
  3. Configure the ID, Mode, and Mapping timeout if mode is set to load balance.
  4. Click Create Member.
  5. Configure the Name, Interface, Weight/Role, HealthCheck, HealthCheckFailCount, and HealthCheckRecoveryCount of each member.
To create an aggregate interface in the CLI:

A table is added to /config/system to represent interface aggregations. Each table entry indicates an aggregate interface to be created and one or more interfaces can be aggregated under this aggregate interface.

The following configuration shows two aggregate interfaces in active backup and load-balance mode:

config system aggregate-interface
    edit agg1
        set mode loadbalance
        set mapping-timeout 60
        config members
            edit 1
                set interface vx2
                set health-check-event vxlan
                set health-check-fail-cnt 5
                set health-check-recovery-cnt 5
            next
            edit 2
                set interface vx3
                set health-check-event
                set health-check-fail-cnt 5
                set health-check-recovery-cnt 5
            next
        end
    next
    edit agg2
        set mode activebackup
        config members
            edit 1
                set interface wan
                set role primary
                set health-check-event
                set health-check-fail-cnt 5
                set health-check-recovery-cnt 5
            next
            edit 2
                set interface port4
                set role secondary
                set health-check-event
                set health-check-fail-cnt 5
                set health-check-recovery-cnt 5
            next
        end
    next
end

Following configuration will be automatically generated:

config system interface
    edit agg1
        set type aggregate
        set status down
    next
    edit agg2
        set type aggregate
        set status down
    next
end

You can update the IP, allowaccess, and other configurations based on the aggregate interface. And this interface can also be used in configuring the DHCP server, firewall policies, routes, and some other modules.

To get the aggregate interface status:
 # get system aggregate-interface status
agg2:
        2(port4): linkdown UNKNOWN aggregated
        1(wan): linkup UNKNOWN aggregated active
agg1:
        2(vx3): linkup UNKNOWN aggregated active
        1(vx2): linkup ALIVE aggregated active
Previous
Next

Aggregate interface support with load-balancing

Interfaces of the same type can be aggregated into a virtual aggregate interface as its members. A member of an aggregate interface can be monitored by HMON. A member is considered as healthy if its link is up and marked as ALIVE by HMON. Only a healthy member could be considered as a candidate for sending and receiving packets.

Interfaces are aggregated in either of the following ways:

  • Active backup—Only one member of the aggregate interface is active to send and receive packets at a time. One member should be designated as the primary and the others as secondary. If the primary member is healthy, it should be chosen as the active member. Otherwise, another healthy member must be chosen instead. Once the primary member becomes healthy again, it will take over the traffic.
  • Load balance—All healthy members are active for sending and receiving packets. Packets are sent over active members based on the round-robin algorithm at the same time. Packets originated from the same source follow the same path.

Once an interface becomes a member of an aggregate interface, it must not be used for firewall and PBR. The aggregate interface must be used instead.

To create an aggregate interface in the GUI:
  1. Go to Networking>Aggregate Interface.
  2. Click Create Aggregate Interface.
  3. Configure the ID, Mode, and Mapping timeout if mode is set to load balance.
  4. Click Create Member.
  5. Configure the Name, Interface, Weight/Role, HealthCheck, HealthCheckFailCount, and HealthCheckRecoveryCount of each member.
To create an aggregate interface in the CLI:

A table is added to /config/system to represent interface aggregations. Each table entry indicates an aggregate interface to be created and one or more interfaces can be aggregated under this aggregate interface.

The following configuration shows two aggregate interfaces in active backup and load-balance mode:

config system aggregate-interface
    edit agg1
        set mode loadbalance
        set mapping-timeout 60
        config members
            edit 1
                set interface vx2
                set health-check-event vxlan
                set health-check-fail-cnt 5
                set health-check-recovery-cnt 5
            next
            edit 2
                set interface vx3
                set health-check-event
                set health-check-fail-cnt 5
                set health-check-recovery-cnt 5
            next
        end
    next
    edit agg2
        set mode activebackup
        config members
            edit 1
                set interface wan
                set role primary
                set health-check-event
                set health-check-fail-cnt 5
                set health-check-recovery-cnt 5
            next
            edit 2
                set interface port4
                set role secondary
                set health-check-event
                set health-check-fail-cnt 5
                set health-check-recovery-cnt 5
            next
        end
    next
end

Following configuration will be automatically generated:

config system interface
    edit agg1
        set type aggregate
        set status down
    next
    edit agg2
        set type aggregate
        set status down
    next
end

You can update the IP, allowaccess, and other configurations based on the aggregate interface. And this interface can also be used in configuring the DHCP server, firewall policies, routes, and some other modules.

To get the aggregate interface status:
 # get system aggregate-interface status
agg2:
        2(port4): linkdown UNKNOWN aggregated
        1(wan): linkup UNKNOWN aggregated active
agg1:
        2(vx3): linkup UNKNOWN aggregated active
        1(vx2): linkup ALIVE aggregated active
Previous
Next