Fortinet black logo

FortiGate-7000F Handbook

Changing how long routes stay in a cluster unit routing table

Copy Link
Copy Doc ID fd130345-bc33-11ec-9fd1-fa163e15d75b:187264
Download PDF

Changing how long routes stay in a cluster unit routing table

You can use the HA route time to live (route-ttl) option to control how long routes remain active in the new primary FortiGate-7000F after an FGCP HA failover. The default route-ttl is 600 seconds. The range is 5 to 3600 seconds (one hour). You can use the following command to change the route-ttl time.

config system ha

set route-ttl <time>

end

To maintain communication sessions through a new primary FortiGate-7000F, routes remain active in the routing table for the route-ttl time while the new primary FortiGate-7000F acquires new routes. Normally keeping route-ttl to the default value of 600 seconds (10 minutes) is acceptable because acquiring new routes and populating the routing tables of multiple FIMs and FPMs can take a few minutes.

If the primary FortiGate-7000F needs to acquire a very large number of routes, or if for other reasons there is a delay in acquiring all routes, the primary FortiGate-7000F may not be able to maintain all communication sessions after a failover.

You can increase the route-ttl time if you find that communication sessions are lost after a failover. Increasing the route-ttl time allows the primary unit to use synchronized routes that are already in the routing table for a longer period of time while waiting to acquire new routes.

For more information, see Synchronizing kernel routing tables.

Changing how long routes stay in a cluster unit routing table

You can use the HA route time to live (route-ttl) option to control how long routes remain active in the new primary FortiGate-7000F after an FGCP HA failover. The default route-ttl is 600 seconds. The range is 5 to 3600 seconds (one hour). You can use the following command to change the route-ttl time.

config system ha

set route-ttl <time>

end

To maintain communication sessions through a new primary FortiGate-7000F, routes remain active in the routing table for the route-ttl time while the new primary FortiGate-7000F acquires new routes. Normally keeping route-ttl to the default value of 600 seconds (10 minutes) is acceptable because acquiring new routes and populating the routing tables of multiple FIMs and FPMs can take a few minutes.

If the primary FortiGate-7000F needs to acquire a very large number of routes, or if for other reasons there is a delay in acquiring all routes, the primary FortiGate-7000F may not be able to maintain all communication sessions after a failover.

You can increase the route-ttl time if you find that communication sessions are lost after a failover. Increasing the route-ttl time allows the primary unit to use synchronized routes that are already in the routing table for a longer period of time while waiting to acquire new routes.

For more information, see Synchronizing kernel routing tables.