Fortinet black logo

FortiGate-7000E Handbook

Load balancing and flow rules

Load balancing and flow rules

This chapter provides an overview of how FortiGate-7000 Session-Aware Load Balancing (SLBC) works and then breaks down the details and explains why you might want to change some load balancing settings.

FortiGate-7000 SLBC works as follows.

  1. The FortiGate-7000 directs all traffic that does not match a load balancing flow rule to the DP2 processors.

    If a session matches a flow rule, the session skips the DP2 processors and is directed according to the action setting of the flow rule. Default flow rules send traffic that can't be load balanced to the primary (master) FPM. See Default configuration for traffic that cannot be load balanced.

  2. The DP2 processors load balance TCP, UDP, SCTP, and IPv4 ICMP sessions among the FPMs according to the load balancing method set by the dp-load-distribution-method option of the config load-balance setting command.

    The DP2 processors load balance ICMP sessions among FPMs according to the load balancing method set by the dp-icmp-distribution-method option of the config load-balance setting command. See ICMP load balancing.

    The DP2 processors load balance GTP-U sessions if GTP load balancing is enabled. If GTP load balancing is disabled, the DP2 processors send GTP sessions to the primary FPC. For more information about GTP load balancing, see Enabling GTP load balancing.

    To support ECMP you can change how the DP2 processors manage session tables, see ECMP support.

  3. The DP2 processors send other sessions that cannot be load balanced to the primary (or master) FPM.

Load balancing and flow rules

This chapter provides an overview of how FortiGate-7000 Session-Aware Load Balancing (SLBC) works and then breaks down the details and explains why you might want to change some load balancing settings.

FortiGate-7000 SLBC works as follows.

  1. The FortiGate-7000 directs all traffic that does not match a load balancing flow rule to the DP2 processors.

    If a session matches a flow rule, the session skips the DP2 processors and is directed according to the action setting of the flow rule. Default flow rules send traffic that can't be load balanced to the primary (master) FPM. See Default configuration for traffic that cannot be load balanced.

  2. The DP2 processors load balance TCP, UDP, SCTP, and IPv4 ICMP sessions among the FPMs according to the load balancing method set by the dp-load-distribution-method option of the config load-balance setting command.

    The DP2 processors load balance ICMP sessions among FPMs according to the load balancing method set by the dp-icmp-distribution-method option of the config load-balance setting command. See ICMP load balancing.

    The DP2 processors load balance GTP-U sessions if GTP load balancing is enabled. If GTP load balancing is disabled, the DP2 processors send GTP sessions to the primary FPC. For more information about GTP load balancing, see Enabling GTP load balancing.

    To support ECMP you can change how the DP2 processors manage session tables, see ECMP support.

  3. The DP2 processors send other sessions that cannot be load balanced to the primary (or master) FPM.