Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiGate-6000 Handbook

Setting the load balancing method

The FortiGate-6000 load balances or distributes sessions based on the load balancing method set by the following command:

config load-balance setting

set dp-load-distribution-method {to-master | src-ip | dst-ip | src-dst-ip | src-ip-sport | dst-ip-dport | src-dst-ip-sport-dport}

end

Where:

to-master direct all session to the primary FPC. This option is for troubleshooting only and should not be used for normal operation. Directing all sessions to the primary FPC reduces performance.

src-ip distribute sessions across all FPCs according to their source IP address.

dst-ip distribute sessions statically distributed across all FPCs according to their destination IP address.

src-dst-ip distribute sessions across all FPCs according to their source and destination IP addresses.

src-ip-sport distribute sessions across all FPCs according to their source IP address and source port.

dst-ip-dport distribute sessions across all FPCs according to their destination IP address and destination port.

src-dst-ip-sport-dport distribute sessions across all FPCs according to their source and destination IP address, source port, and destination port. This is the default load balance algorithm and represents true session-aware load balancing. Session aware load balancing takes all session information into account when deciding where to send new sessions and where to send additional packets that are part of an already established session.

The src-ip and dst-ip load balancing methods use layer 3 information (IP addresses) to identify and load balance sessions. All of the other load balancing methods (except for to-master) use both layer 3 and layer 4 information (IP addresses and port numbers) to identify a TCP and UDP session. The layer 3 and layer 4 load balancing methods only use layer 3 information for other types of traffic (SCTP, ICMP, and ESP). If you enable GTP load balancing, the FortiGate-6000 uses Tunnel Endpoint Identifiers (TEIDs) to identify GTP sessions.

Setting the load balancing method

The FortiGate-6000 load balances or distributes sessions based on the load balancing method set by the following command:

config load-balance setting

set dp-load-distribution-method {to-master | src-ip | dst-ip | src-dst-ip | src-ip-sport | dst-ip-dport | src-dst-ip-sport-dport}

end

Where:

to-master direct all session to the primary FPC. This option is for troubleshooting only and should not be used for normal operation. Directing all sessions to the primary FPC reduces performance.

src-ip distribute sessions across all FPCs according to their source IP address.

dst-ip distribute sessions statically distributed across all FPCs according to their destination IP address.

src-dst-ip distribute sessions across all FPCs according to their source and destination IP addresses.

src-ip-sport distribute sessions across all FPCs according to their source IP address and source port.

dst-ip-dport distribute sessions across all FPCs according to their destination IP address and destination port.

src-dst-ip-sport-dport distribute sessions across all FPCs according to their source and destination IP address, source port, and destination port. This is the default load balance algorithm and represents true session-aware load balancing. Session aware load balancing takes all session information into account when deciding where to send new sessions and where to send additional packets that are part of an already established session.

The src-ip and dst-ip load balancing methods use layer 3 information (IP addresses) to identify and load balance sessions. All of the other load balancing methods (except for to-master) use both layer 3 and layer 4 information (IP addresses and port numbers) to identify a TCP and UDP session. The layer 3 and layer 4 load balancing methods only use layer 3 information for other types of traffic (SCTP, ICMP, and ESP). If you enable GTP load balancing, the FortiGate-6000 uses Tunnel Endpoint Identifiers (TEIDs) to identify GTP sessions.