FortiGate 3980E fast path architecture

The FortiGate 3980E features sixteen front panel 10GigE SFP+ interfaces (1 to 16) and ten 100GigE QSFP28 interfaces (17 to 26) connected to twenty-eight NP6 processors through an Integrated Switch Fabric (ISF).

The FortiGate 3980E includes twenty-eight NP6 processors (NP6_0 to NP6_27). All front panel data interfaces and all of the NP6 processors connect to the integrated switch fabric (ISF). All data traffic passes from the data interfaces through the ISF to the NP6 processors.

The FortiGate 3980E ISF consists of two ISF switches connected by four 100GigE inter-ISF links. Interfaces 1 to 16 are connected to one ISF switch and interfaces 17 to 26 are connected to the other ISF switch. Because of the inter-ISF links, all supported traffic passing between any two data interfaces can be offloaded by the NP6 processors. No special mapping is required for fast path offloading. Data traffic processed by the CPU takes a dedicated data path through the ISF and an NP6 processor to the CPU.

When creating LAG interfaces, all of the interfaces in the LAG must be connected to the same ISF switch. Fast path offloading is not supported for LAGs that include interfaces connected to different ISF switches. To support offloading, a FortiGate 3980E LAG can only include interfaces 1 to 16 or interfaces 17 to 26.

The MGMT interfaces are not connected to the NP6 processors. Management traffic passes to the CPU over a dedicated management path that is separate from the data path. You can also dedicate separate CPU resources for management traffic to further isolate management processing from data processing (see Dedicated management CPU). The separation of management traffic from data traffic keeps management traffic from affecting the stability and performance of data traffic processing.

You can use the following get command to display the FortiGate 3980E NP6 configuration. The command output shows all NP6s connected to each interface (port) with cross-chip offloading supported for each port. You can also use the diagnose npu np6 port-list command to display this information.

diagnose npu np6 port-list 
Chip   XAUI Ports   Max     Cross-chip 
                    Speed   offloading 
------ ---- ------- ------  ---------- 
NP#0-7              0-3  port1   10000M  Yes        
NP#0-7              0-3  port2   10000M  Yes        
NP#0-7              0-3  port3   10000M  Yes        
NP#0-7              0-3  port4   10000M  Yes        
NP#0-7              0-3  port5   10000M  Yes        
NP#0-7              0-3  port6   10000M  Yes        
NP#0-7              0-3  port7   10000M  Yes        
NP#0-7              0-3  port8   10000M  Yes        
NP#0-7              0-3  port9   10000M  Yes        
NP#0-7              0-3  port10  10000M  Yes        
NP#0-7              0-3  port11  10000M  Yes        
NP#0-7              0-3  port12  10000M  Yes        
NP#0-7              0-3  port13  10000M  Yes        
NP#0-7              0-3  port14  10000M  Yes        
NP#0-7              0-3  port15  10000M  Yes        
NP#0-7              0-3  port16  10000M  Yes        
NP#0-7              0-3  port17  100000M Yes        
NP#0-7              0-3  port18  100000M Yes        
NP#8-27             0-3  port19  100000M Yes        
NP#8-27             0-3  port20  100000M Yes        
NP#8-27             0-3  port21  100000M Yes        
NP#8-27             0-3  port22  100000M Yes        
NP#8-27             0-3  port23  100000M Yes        
NP#8-27             0-3  port24  100000M Yes        
NP#8-27             0-3  port25  100000M Yes        
NP#8-27             0-3  port26  100000M Yes

For information about optimizing FortiGate 3980E IPsec VPN performance, see Optimizing FortiGate 3960E and 3980E IPsec VPN performance.

For information about supporting large traffic streams, see FortiGate 3960E and 3980E support for high throughput traffic streams