Fortinet white logo
Fortinet white logo

Hardware Acceleration

FortiGate 600F and 601F fast path architecture

FortiGate 600F and 601F fast path architecture

The FortiGate 600F and 601F each include one NP7 processor. Front panel data interfaces 1 to 24 and X1 to X4 and one of the NP7 processor interfaces connect to the integrated switch fabric (ISF). All data traffic passes from these data interfaces through the ISF to the NP7 processor. Data traffic processed by the CPU takes a dedicated data path through the ISF and the NP7 processor to the CPU.

Front panel data interfaces X5 to X8 are connected directly to the other NP7 processor interface instead of the ISF. Since the ISF introduces latency, interfaces X5 to X8 are ultra low latency (ULL) interfaces, and traffic entering and exiting the FortiGate through these interfaces experiences lower latency than if it were passing through interfaces that are connected to the ISF. To achieve low latency, traffic must enter and exit the FortiGate through the X5 to X8 interfaces. You can't change the speed of the FortiGate 600F and 601F ULL interfaces .

All supported traffic passing between any two data interfaces can be offloaded by the NP7 processor. This includes traffic passing between an interface connected to the ISF and a ULL interface. If traffic enters or exits through an interface connected to the ISF, it is subject to the latency resulting from passing through the ISF.

Note

The FortiGate 600F and 601F do not support configuring NPU port mapping, because only one of the NP7 interfaces is connected to the ISF.

The FortiGate 600F and 601F feature the following front panel interfaces:

  • Two 10/100/1000BASE-T RJ45 (HA and MGMT, not connected to the NP7 processor).
  • Sixteen 10/100/1000BASE-T RJ45 (1 to 16).
  • Eight 1 GigE SFP (17 to 24).
  • Four 10/1 GigE SFP+ (X1 to X4) (X1 and X2 are FortiLink interfaces).
  • Four 25/10 GigE SFP28/SFP+ (X5 to X8) ultra low latency (ULL), all ULL interfaces operate at the same speed. ULL interfaces bypass the integrated switch fabric (ISF).

The MGMT interface is not connected to the NP7 processor. Management traffic passes to the CPU over a dedicated management path that is separate from the data path.

The HA interface is also not connected to the NP7 processor. To help provide better HA stability and resiliency, HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing.

The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.

You can use the following command to display the FortiGate 600F or 601F NP7 configuration.

diagnose npu np7 port-list
Front Panel Port:
Name     Max_speed(Mbps) Dflt_speed(Mbps) NP_group        Switch_id SW_port_id SW_port_name 
-------- --------------- ---------------  --------------- --------- ---------- ------------ 
port1    1000            1000             n/a             0         29                      
port2    1000            1000             n/a             0         28                      
port3    1000            1000             n/a             0         31                      
port4    1000            1000             n/a             0         30                      
port5    1000            1000             n/a             0         25                      
port6    1000            1000             n/a             0         24                      
port7    1000            1000             n/a             0         27                      
port8    1000            1000             n/a             0         26                      
port9    1000            1000             n/a             0         21                      
port10   1000            1000             n/a             0         20                      
port11   1000            1000             n/a             0         23                      
port12   1000            1000             n/a             0         22                      
port13   1000            1000             n/a             0         17                      
port14   1000            1000             n/a             0         16                      
port15   1000            1000             n/a             0         19                      
port16   1000            1000             n/a             0         18                      
port17   1000            1000             n/a             0         15                      
port18   1000            1000             n/a             0         14                      
port19   1000            1000             n/a             0         13                      
port20   1000            1000             n/a             0         12                      
port21   1000            1000             n/a             0         9                       
port22   1000            1000             n/a             0         8                       
port23   1000            1000             n/a             0         11                      
port24   1000            1000             n/a             0         10                      
x1       10000           10000            n/a             0         6                       
x2       10000           10000            n/a             0         7                       
x3       10000           10000            n/a             0         4                       
x4       10000           10000            n/a             0         5                       
x5       10000           10000            n/a             n/a       n/a        n/a          
x6       10000           10000            n/a             n/a       n/a        n/a          
x7       10000           10000            n/a             n/a       n/a        n/a          
x8       10000           10000            n/a             n/a       n/a        n/a          
-------- --------------- ---------------  --------------- --------- ---------- ------------ 

NP Port:
Name   Switch_id SW_port_id SW_port_name 
------ --------- ---------- ------------ 
np0_0  0         0                       
------ --------- ---------- ------------ 
* Max_speed: Maximum speed, Dflt_speed: Default speed
* SW_port_id: Switch port ID, SW_port_name: Switch port name

The command output also shows the maximum speeds of each interface. Also, that command output shows that the x5 to x8 interfaces are not connected to the internal switch fabric.

The NP7 processor has a bandwidth capacity of 200 Gigabits. You can see from the command output that if all interfaces were operating at their maximum bandwidth the NP7 processor would not be able to offload all the traffic.

Changing the speed of the X5 to X8 ULL interfaces

By default, the FortiGate-600F and 601F front panel ULL data interfaces X5 to X8 operate as 10G SFP+ interfaces. You can use the following command to configure them to operate as 25G SFP28 interfaces:

config system npu

set ull-port-mode 25G

end

Entering this command restarts the FortiGate, so the speed of the ULL interfaces should be changed during a maintenance window. This command changes the speeds of all of the ULL interfaces. All of the ULL interfaces operate at the same speed.

Note

A configuration change that causes a FortiGate to restart can disrupt the operation of an FGCP cluster. If possible, you should make this configuration change to the individual FortiGates before setting up the cluster. If the cluster is already operating, you should temporarily remove the secondary FortiGate(s) from the cluster, change the configuration of the individual FortiGates and then re-form the cluster. You can remove FortiGate(s) from a cluster using the Remove Device from HA cluster button on the System > HA GUI page. For more information, see Disconnecting a FortiGate.

You can use the following command to change the ULL interfaces back to the default setting as 10G SFP+ interfaces:

config system npu

set ull-port-mode 10G

end

Entering this command also restarts the FortiGate.

FortiGate 600F and 601F fast path architecture

FortiGate 600F and 601F fast path architecture

The FortiGate 600F and 601F each include one NP7 processor. Front panel data interfaces 1 to 24 and X1 to X4 and one of the NP7 processor interfaces connect to the integrated switch fabric (ISF). All data traffic passes from these data interfaces through the ISF to the NP7 processor. Data traffic processed by the CPU takes a dedicated data path through the ISF and the NP7 processor to the CPU.

Front panel data interfaces X5 to X8 are connected directly to the other NP7 processor interface instead of the ISF. Since the ISF introduces latency, interfaces X5 to X8 are ultra low latency (ULL) interfaces, and traffic entering and exiting the FortiGate through these interfaces experiences lower latency than if it were passing through interfaces that are connected to the ISF. To achieve low latency, traffic must enter and exit the FortiGate through the X5 to X8 interfaces. You can't change the speed of the FortiGate 600F and 601F ULL interfaces .

All supported traffic passing between any two data interfaces can be offloaded by the NP7 processor. This includes traffic passing between an interface connected to the ISF and a ULL interface. If traffic enters or exits through an interface connected to the ISF, it is subject to the latency resulting from passing through the ISF.

Note

The FortiGate 600F and 601F do not support configuring NPU port mapping, because only one of the NP7 interfaces is connected to the ISF.

The FortiGate 600F and 601F feature the following front panel interfaces:

  • Two 10/100/1000BASE-T RJ45 (HA and MGMT, not connected to the NP7 processor).
  • Sixteen 10/100/1000BASE-T RJ45 (1 to 16).
  • Eight 1 GigE SFP (17 to 24).
  • Four 10/1 GigE SFP+ (X1 to X4) (X1 and X2 are FortiLink interfaces).
  • Four 25/10 GigE SFP28/SFP+ (X5 to X8) ultra low latency (ULL), all ULL interfaces operate at the same speed. ULL interfaces bypass the integrated switch fabric (ISF).

The MGMT interface is not connected to the NP7 processor. Management traffic passes to the CPU over a dedicated management path that is separate from the data path.

The HA interface is also not connected to the NP7 processor. To help provide better HA stability and resiliency, HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing.

The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.

You can use the following command to display the FortiGate 600F or 601F NP7 configuration.

diagnose npu np7 port-list
Front Panel Port:
Name     Max_speed(Mbps) Dflt_speed(Mbps) NP_group        Switch_id SW_port_id SW_port_name 
-------- --------------- ---------------  --------------- --------- ---------- ------------ 
port1    1000            1000             n/a             0         29                      
port2    1000            1000             n/a             0         28                      
port3    1000            1000             n/a             0         31                      
port4    1000            1000             n/a             0         30                      
port5    1000            1000             n/a             0         25                      
port6    1000            1000             n/a             0         24                      
port7    1000            1000             n/a             0         27                      
port8    1000            1000             n/a             0         26                      
port9    1000            1000             n/a             0         21                      
port10   1000            1000             n/a             0         20                      
port11   1000            1000             n/a             0         23                      
port12   1000            1000             n/a             0         22                      
port13   1000            1000             n/a             0         17                      
port14   1000            1000             n/a             0         16                      
port15   1000            1000             n/a             0         19                      
port16   1000            1000             n/a             0         18                      
port17   1000            1000             n/a             0         15                      
port18   1000            1000             n/a             0         14                      
port19   1000            1000             n/a             0         13                      
port20   1000            1000             n/a             0         12                      
port21   1000            1000             n/a             0         9                       
port22   1000            1000             n/a             0         8                       
port23   1000            1000             n/a             0         11                      
port24   1000            1000             n/a             0         10                      
x1       10000           10000            n/a             0         6                       
x2       10000           10000            n/a             0         7                       
x3       10000           10000            n/a             0         4                       
x4       10000           10000            n/a             0         5                       
x5       10000           10000            n/a             n/a       n/a        n/a          
x6       10000           10000            n/a             n/a       n/a        n/a          
x7       10000           10000            n/a             n/a       n/a        n/a          
x8       10000           10000            n/a             n/a       n/a        n/a          
-------- --------------- ---------------  --------------- --------- ---------- ------------ 

NP Port:
Name   Switch_id SW_port_id SW_port_name 
------ --------- ---------- ------------ 
np0_0  0         0                       
------ --------- ---------- ------------ 
* Max_speed: Maximum speed, Dflt_speed: Default speed
* SW_port_id: Switch port ID, SW_port_name: Switch port name

The command output also shows the maximum speeds of each interface. Also, that command output shows that the x5 to x8 interfaces are not connected to the internal switch fabric.

The NP7 processor has a bandwidth capacity of 200 Gigabits. You can see from the command output that if all interfaces were operating at their maximum bandwidth the NP7 processor would not be able to offload all the traffic.

Changing the speed of the X5 to X8 ULL interfaces

By default, the FortiGate-600F and 601F front panel ULL data interfaces X5 to X8 operate as 10G SFP+ interfaces. You can use the following command to configure them to operate as 25G SFP28 interfaces:

config system npu

set ull-port-mode 25G

end

Entering this command restarts the FortiGate, so the speed of the ULL interfaces should be changed during a maintenance window. This command changes the speeds of all of the ULL interfaces. All of the ULL interfaces operate at the same speed.

Note

A configuration change that causes a FortiGate to restart can disrupt the operation of an FGCP cluster. If possible, you should make this configuration change to the individual FortiGates before setting up the cluster. If the cluster is already operating, you should temporarily remove the secondary FortiGate(s) from the cluster, change the configuration of the individual FortiGates and then re-form the cluster. You can remove FortiGate(s) from a cluster using the Remove Device from HA cluster button on the System > HA GUI page. For more information, see Disconnecting a FortiGate.

You can use the following command to change the ULL interfaces back to the default setting as 10G SFP+ interfaces:

config system npu

set ull-port-mode 10G

end

Entering this command also restarts the FortiGate.