FIM-7921F fast path architecture
The FIM-7921F includes an integrated switch fabric (ISF) that connects the front panel interfaces and the chassis fabric backplane to the NP7 processors. The NP7 processors receive sessions from the FIM front panel data interfaces and the FPM front panel data interfaces over the fabric backplane. The NP7 processors use SLBC to distribute sessions to FPMs over the fabric backplane.
The FIM-7921F includes the following backplane communication channels:
- Ten 400Gbps fabric backplane channel to distribute traffic to the FPMs.
- Ten 50Gbps base backplane channel for base backplane communication with the FPMs.
- One 1Tbps fabric backplane channel for fabric backplane communication with the other FIM.
- One 50Gbps base backplane channel for base backplane communication with the other FIM.
The FIM-7921F features the following front panel interfaces:
- Two 10/100/1000BASE-T RJ45 (MGMT1 and MGMT2) base channel management interfaces.
- Eighteen 100/40 GigE QSFP28 (1 to 18) fabric channel data interfaces. Each of these interfaces can be split into four 25/10 GigE interfaces.
- Two 400/100/40 GigE QSFP-DD (19 and 20) fabric channel data interfaces. Each of these interfaces can be split into four 100/25/10GigE interfaces.
- Two 100/40 GigE QSFP28 (M1 and M2) base channel management interfaces. Each of these interfaces can be split into four 25/10 GigE interfaces.
- Two 25/10 GigE SFP28 (M1 and M2 ) base channel management interfaces.
FIM-7921F hardware architecture
FIM-7921F NP7 processors
Since FIM NP7 processors are used for SLBC load balancing:
-
They are not used for host protection engine (HPE) DoS protection. HPE is applied by the NP7 processors in the FPMs. For information about HPE, see NP7 Host Protection Engine (HPE).
-
You can't configure NP7 groups for FIM NP7 processors. NP7 groups can be configured for the NP7 processors in FPMs.
-
The output of the
diagnose npu np7 port-list
command shows that FIM NP7 processors are connected to all FIM-7921F interfaces and shows the maximum and default speeds of the interfaces. Sample output from the FIM CLI:
diagnose npu np7 port-list Front Panel Port: Name Max_speed(Mbps) Dflt_speed(Mbps) NP_group Switch_id SW_port_id SW_port_name -------- --------------- --------------- --------------- --------- ---------- ------------ 1-P1 100000 100000 n/a 0 7 ce27 1-P1-2 25000 25000 n/a 0 8 1-P1-3 25000 25000 n/a 0 9 1-P1-4 25000 25000 n/a 0 10 1-P2 100000 100000 n/a 0 15 ce31 . . .
Changing the FIM-7921F 1 to 8, M1, and M2 interfaces
By default, the FIM-7921F 1 to 8 (P1 to P8) , M1, and M2 interfaces are configured as 100GigE QSFP28 interfaces. You can make the following changes to these interfaces:
-
Change the interface speed to 40G using the
config system interface
command. -
Split one or more of the 3 to 8 (P3 to P8) , M1, and M2 interfaces into four 25GigE interfaces.
-
Change the interface speed of one or more of the split interfaces to 10Gig.
You should configure split interfaces on both FortiGate 7000Fs before forming an FGCP HA cluster. If you decide to change the split interface configuration after forming a cluster, you need to remove the secondary FortiGate 7000F from the cluster and change the split interface configuration on both FortiGate 7000Fs separately. After the FortiGate 7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions. |
You can use the following command to split the P3 interface of the FIM-7921F in slot 1 and the P8 and M1 interfaces of the FIM-7921F in slot 2:
config system global
set split-port 1-P3 2-P8 2-M1
end
The FortiGate 7000F reboots and when it starts up:
-
Interface 1-P3 has been replaced by four 25GigE CR2 interfaces named 1-P3/1 to 1-P3/4.
-
Interface 2-P8 has been replaced by four 25GigE CR2 interfaces named 2-P8/1 to 2-P8/4.
-
Interface 2-M1 has been replaced by four 25GigE CR2 interfaces named 2-M1/1 to 2-M1/4.
You can use the config system interface
command to change the speeds of each of the split interfaces. You can change the speed of some or all of the individual split interfaces depending on whether the transceiver installed in the interface slot supports different speeds for the split interfaces.
For example, to change the speed of the 2-P8/3 interface to 10Gig:
config system interface
edit 2-P8/3
set speed 10000full
end
Changing the FIM-7921F 19 and 20 interfaces
By default, the FIM-7921F 19 and 20 (P19 and P20) interfaces are configured as 400GigE QSFP-DD interfaces. You can make the following changes to one or both of interfaces:
-
Change the interface speed to 400G, 100G, or 40G using the
config system interface
command. -
Split the interface into four 100GigE CR2 interfaces.
-
Split the interface into four 25GigE CR or 10GigE SR interfaces.
All of these operations, except changing the interface speed using the config system interface
command, require a system restart. Fortinet recommends that you perform these operations during a maintenance window and plan the changes to avoid traffic disruption.
You should configure split interfaces on both FortiGate 7000Fs before forming an FGCP HA cluster. If you decide to change the split interface configuration after forming a cluster, you need to remove the secondary FortiGate 7000F from the cluster and change the split interface configuration on both FortiGate 7000Fs separately. After the FortiGate 7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions. |
Splitting the P19 or P20 interfaces into four 100GigE CR2 interfaces
You can use the following command to split the P19 or P20 interfaces into four 100GigE CR2 interfaces. To split P19 of the FIM-7921F in slot 1 (1-P19) and P20 of the FIM-7921F in slot 2 (2-P20) enter the following command:
config system global
set split-port 1-P19 2-P20
end
The FortiGate 7000F reboots and when it starts up:
-
Interface 1-P19 has been replaced by four 100GigE CR2 interfaces named 1-P19/1 to 1-P19/4.
-
Interface 2-P20 has been replaced by four 100GigE CR2 interfaces named 2-P20/1 to 2-P20/4.
Splitting the P19 or P20 interfaces into four 25GigE CR or 10GigE SR interfaces
You can use the following command to split the P19 or P20 interfaces into four 25GigE CR interfaces. The following command converts the interface into a 100GigE QSFP28 interface then splits this interface into four 25 GigE CR interfaces. To change P19 of the FIM-7921F in slot 1 (1-P19) and P20 of the FIM-7921F in slot 2 (2-P20) enter the following command:
config system global
set qsfpdd-100g-port 1-P19 2-P20
set split-port 1-P19 2-P20
end
The FortiGate 7000F reboots and when it starts up:
-
Interface 1-P19 has been replaced by four 25GigE CR interfaces named 1-P19/1 to 1-P19/4.
-
Interface 2-P20 has been replaced by four 25GigE CR interfaces named 2-P20/1 to 2-P20/4.
If you want some or all of these interfaces to operate as 10GigE SR interfaces you can use the config system interface
command to change the interface speed. You can change the speed of some or all of the individual split interfaces depending on whether the transceiver installed in the interface slot supports different speeds for the split interfaces.