FortiGate 3960E fast path architecture
The FortiGate 3960E features sixteen front panel 10GigE SFP+ interfaces (1 to 16) and six 100GigE QSFP+ interfaces (17 to 22) connected to sixteen NP6 processors through an Integrated Switch Fabric (ISF).
The FortiGate 3960E includes sixteen NP6 processors (NP6_0 to NP6_15). All front panel data interfaces and all of the NP6 processors connect to the integrated switch fabric (ISF). All data traffic passes from the data interfaces through the ISF to the NP6 processors.
The FortiGate 3960E ISF consists of two ISF switches connected by four 100GigE inter-ISF links. Interfaces 1 to 16 are connected to one ISF switch and interfaces 17 to 22 are connected to the other ISF switch. Because of the inter-ISF links, all supported traffic passing between any two data interfaces can be offloaded by the NP6 processors. No special mapping is required for fast path offloading. Data traffic processed by the CPU takes a dedicated data path through the ISF and an NP6 processor to the CPU.
When creating LAG interfaces, all of the interfaces in the LAG must be connected to the same ISF switch. Fast path offloading is not supported for LAGs that include interfaces connected to different ISF switches. To support offloading, a FortiGate 3960E LAG can only include interfaces 1 to 16 or interfaces 17 to 22. |
The MGMT interfaces are not connected to the NP6 processors. Management traffic passes to the CPU over a dedicated management path that is separate from the data path. You can also dedicate separate CPU resources for management traffic to further isolate management processing from data processing (see Dedicated management CPU). The separation of management traffic from data traffic keeps management traffic from affecting the stability and performance of data traffic processing.
You can use the following command to display the FortiGate 3960E NP6 configuration. The command output shows all NP6s connected to each interface (port) with cross-chip offloading supported for each port. You can also use the diagnose npu np6 port-list
command to display this information.
diagnose npu np6 port-list Chip XAUI Ports Max Cross-chip Speed offloading ------ ---- ------- ------ ---------- NP#0-7 0-3 port1 10000M Yes NP#0-7 0-3 port2 10000M Yes NP#0-7 0-3 port3 10000M Yes NP#0-7 0-3 port4 10000M Yes NP#0-7 0-3 port5 10000M Yes NP#0-7 0-3 port6 10000M Yes NP#0-7 0-3 port7 10000M Yes NP#0-7 0-3 port8 10000M Yes NP#0-7 0-3 port9 10000M Yes NP#0-7 0-3 port10 10000M Yes NP#0-7 0-3 port11 10000M Yes NP#0-7 0-3 port12 10000M Yes NP#0-7 0-3 port13 10000M Yes NP#0-7 0-3 port14 10000M Yes NP#0-7 0-3 port15 10000M Yes NP#0-7 0-3 port16 10000M Yes NP#0-7 0-3 port17 100000M Yes NP#0-7 0-3 port18 100000M Yes NP#8-15 0-3 port19 100000M Yes NP#8-15 0-3 port20 100000M Yes NP#8-15 0-3 port21 100000M Yes NP#8-15 0-3 port22 100000M Yes -------------------- ---- ------ ------- ----------
For information about optimizing FortiGate 3960E IPsec VPN performance, see Optimizing FortiGate 3960E and 3980E IPsec VPN performance.
For information about supporting large traffic streams, see FortiGate 3960E and 3980E support for high throughput traffic streams.