Fortinet black logo

FortiGate-6000 Handbook

Home FortiGate-6000 6.2.3 FortiGate-6000 Handbook

FortiOS Carrier GTP load balancing

6.2.3
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.4.10
Copy Link
Copy Doc ID 197168d6-5a37-11ea-9384-00505692583a:620717
Download PDF

FortiOS Carrier GTP load balancing

If you are operating a FortiGate-6000 system that is licensed for FortiOS Carrier (also called FortiCarrier), you can use the information in this section to optimize GTP performance. The commands and settings in this chapter only apply if your FortiGate-6000 has a FortiOS Carrier license.

Optimizing NPU GTP performance

You can use the following command to optimize GTP performance:

config system npu

set gtp-enhance-mode enable

end

There are independent Receive and Transmit queues for GTP-U processes. These queues and their associated resources are initialized when gtp-enhance-mode is enabled. After entering this command you should restart your FortiGate-6000 to initialize the changes.

If you restore a configuration file, and if that restored configuration file has a different gtp-enhance-mode setting you should restart your FortiGate-6000 to initialize the changes.

You can also use the following command to select the CPUs that can perform GTP-U packet inspection.

config system npu

set gtp-enhance-cpu-range {0 | 1 | 2}

end

Where:

0 all CPUs will process GTP-U packets

1 only primary CPUs will process GTP-U packets.

2 only secondary CPUs will process GTP-U packets.

Enabling GTP load balancing

You can use the following load balancing command to enable or disable GTP load balancing.

config load-balance setting

config gtp-load-balance {disable | enable}

end

The following flow rule is also available to direct GTP-C traffic to the primary FPC.

config load-balance flow-rule

edit 17

set ether-type ipv4

set protocol udp

set dst-l4port 2123-2123

set comment "gtp-c to master blade"

next

end

By default, both of these configurations are disabled and GTP-C and GTP-U traffic is not load balanced. The DP processor sends all GTP-C and GTP-U traffic to the primary FPC.

To load balance GTP-U traffic to multiple FPCs, you can set gtp-load-balance to enable. This also enables the GTP-C flow rule. GTP-U traffic is then load balanced across all FPCs while GTP-C traffic is still handled by the primary FPC. This is the recommended configuration for load balancing GTP traffic.

GTP-U load balancing may not distribute sessions evenly among all of the FPCs. Its common in many 4G networks to have just a few SGWs. Similar configurations with very few servers may also be used in other GTP implementations. If the FortiGate-6000 receives GTP traffic from a very few servers, the GTP traffic will have very few source and destination IP addresses and TCP/IP ports. Since SLBC load balancing is based on source and destination IP addresses and TCP ports, its possible that sessions will not be distributed evenly among the FPCs. In fact, most GTP-U traffic could be processed by a limited number of FPCs.

Enabling GTP-U load balancing still distributes sessions and improves performance, but performance gains from enabling GTP-U load balancing may not be as high as anticipated.

Previous
Next

FortiOS Carrier GTP load balancing

If you are operating a FortiGate-6000 system that is licensed for FortiOS Carrier (also called FortiCarrier), you can use the information in this section to optimize GTP performance. The commands and settings in this chapter only apply if your FortiGate-6000 has a FortiOS Carrier license.

Optimizing NPU GTP performance

You can use the following command to optimize GTP performance:

config system npu

set gtp-enhance-mode enable

end

There are independent Receive and Transmit queues for GTP-U processes. These queues and their associated resources are initialized when gtp-enhance-mode is enabled. After entering this command you should restart your FortiGate-6000 to initialize the changes.

If you restore a configuration file, and if that restored configuration file has a different gtp-enhance-mode setting you should restart your FortiGate-6000 to initialize the changes.

You can also use the following command to select the CPUs that can perform GTP-U packet inspection.

config system npu

set gtp-enhance-cpu-range {0 | 1 | 2}

end

Where:

0 all CPUs will process GTP-U packets

1 only primary CPUs will process GTP-U packets.

2 only secondary CPUs will process GTP-U packets.

Enabling GTP load balancing

You can use the following load balancing command to enable or disable GTP load balancing.

config load-balance setting

config gtp-load-balance {disable | enable}

end

The following flow rule is also available to direct GTP-C traffic to the primary FPC.

config load-balance flow-rule

edit 17

set ether-type ipv4

set protocol udp

set dst-l4port 2123-2123

set comment "gtp-c to master blade"

next

end

By default, both of these configurations are disabled and GTP-C and GTP-U traffic is not load balanced. The DP processor sends all GTP-C and GTP-U traffic to the primary FPC.

To load balance GTP-U traffic to multiple FPCs, you can set gtp-load-balance to enable. This also enables the GTP-C flow rule. GTP-U traffic is then load balanced across all FPCs while GTP-C traffic is still handled by the primary FPC. This is the recommended configuration for load balancing GTP traffic.

GTP-U load balancing may not distribute sessions evenly among all of the FPCs. Its common in many 4G networks to have just a few SGWs. Similar configurations with very few servers may also be used in other GTP implementations. If the FortiGate-6000 receives GTP traffic from a very few servers, the GTP traffic will have very few source and destination IP addresses and TCP/IP ports. Since SLBC load balancing is based on source and destination IP addresses and TCP ports, its possible that sessions will not be distributed evenly among the FPCs. In fact, most GTP-U traffic could be processed by a limited number of FPCs.

Enabling GTP-U load balancing still distributes sessions and improves performance, but performance gains from enabling GTP-U load balancing may not be as high as anticipated.

Previous
Next