Setting the load balancing method
The FortiGate-6000 load balances or distributes sessions based on the load balancing method set by the following command:
config load-balance setting
set dp-load-distribution-method {to-master | src-ip | dst-ip | src-dst-ip | src-ip-sport | dst-ip-dport | src-dst-ip-sport-dport}
end
Where:
to-master
direct all session to the primary FPC. This option is for troubleshooting only and should not be used for normal operation. Directing all sessions to the primary FPC reduces performance.
src-ip
distribute sessions across all FPCs according to their source IP address.
dst-ip
distribute sessions statically distributed across all FPCs according to their destination IP address.
src-dst-ip
distribute sessions across all FPCs according to their source and destination IP addresses.
src-ip-sport
distribute sessions across all FPCs according to their source IP address and source port.
dst-ip-dport
distribute sessions across all FPCs according to their destination IP address and destination port.
src-dst-ip-sport-dport
distribute sessions across all FPCs according to their source and destination IP address, source port, and destination port. This is the default load balance algorithm and represents true session-aware load balancing. Session aware load balancing takes all session information into account when deciding where to send new sessions and where to send additional packets that are part of an already established session.
The src-ip
and dst-ip
load balancing methods use layer 3 information (IP addresses) to identify and load balance sessions. All of the other load balancing methods (except for to-master
) use both layer 3 and layer 4 information (IP addresses and port numbers) to identify a TCP and UDP session. The layer 3 and layer 4 load balancing methods only use layer 3 information for other types of traffic (SCTP, ICMP, and ESP). If you enable GTP load balancing, the FortiGate-6000 uses Tunnel Endpoint Identifiers (TEIDs) to identify GTP sessions.