Fortinet Document Library

Version:


Table of Contents

New Features

7.0.0
Download PDF
Copy Link

HA failover due to memory utilization

An HA failover can be triggered when memory utilization exceeds the threshold for a specific amount of time.

Memory utilization is checked at the configured sample rate (memory-failover-sample-rate). If the memory usage is above the threshold (memory-failover-threshold) every time that it is sampled for the entire monitor period (memory-failover-monitor-period), then a failover is triggered.

If the FortiGate meets the memory usage conditions to cause failover, the failover does not occur if the last failover on that FortiGate was triggered by high memory usage within the timeout period (memory-failover-flip-timeout). Other HA cluster members can still trigger memory based failovers if they meet the criteria and have not already failed within the timeout period.

After a memory based failover from FortiGate A to FortiGate B, if the memory usage on FortiGate A goes down below the threshold but the memory usage on FortiGate B is still below the threshold, then a failover is not triggered, as the cluster is working normally using FortiGate B as the primary device.

When memory based failover is disabled, a new HA primary selection occurs to determine the primary device.

To configure memory based HA failover:
config system ha
    set memory-based-failover {enable | disable}
    set memory-failover-threshold <integer>
    set memory-failover-monitor-period <integer>
    set memory-failover-sample-rate <integer>
    set memory-failover-flip-timeout <integer>
end

memory-based-failover {enable | disable}

Enable/disable memory based failover (default = disable).

memory-failover-threshold <integer>

The memory usage threshold to trigger a memory based failover, in percentage (0 - 95, 0 = use the conserve mode threshold, default = 0).

memory-failover-monitor-period <integer>

The duration of the high memory usage before a memory based failover is triggered, in seconds (1 - 300, default = 60).

memory-failover-sample-rate <integer>

The rate at which memory usage is sampled in order to measure memory usage, in seconds (1 - 60, default = 1).

memory-failover-flip-timeout <integer>

The time to wait between subsequent memory based failovers, in minutes (6 - 2147483647, default = 6).

Example

In this example, FortiGate A is the primary unit and FortiGate B is the secondary unit. When the memory usage on FortiGate A exceeds 50% for 300 seconds, a failover occurs and FortiGate B becomes the primary device.

If the memory usage drops below 50% on FortiGate A and rises above 50% of FortiGate B, a second failover will occur only after the timeout period of six minutes has elapsed.

If the memory usage on both FortiGate A and B is above 50%, no failover will be triggered.

To configure the memory based failover:
config system ha
    set memory-based-failover enable
    set memory-failover-threshold 50
    set memory-failover-monitor-period 300
    set memory-failover-sample-rate 10
    set memory-failover-flip-timeout 6
end

HA failover due to memory utilization

An HA failover can be triggered when memory utilization exceeds the threshold for a specific amount of time.

Memory utilization is checked at the configured sample rate (memory-failover-sample-rate). If the memory usage is above the threshold (memory-failover-threshold) every time that it is sampled for the entire monitor period (memory-failover-monitor-period), then a failover is triggered.

If the FortiGate meets the memory usage conditions to cause failover, the failover does not occur if the last failover on that FortiGate was triggered by high memory usage within the timeout period (memory-failover-flip-timeout). Other HA cluster members can still trigger memory based failovers if they meet the criteria and have not already failed within the timeout period.

After a memory based failover from FortiGate A to FortiGate B, if the memory usage on FortiGate A goes down below the threshold but the memory usage on FortiGate B is still below the threshold, then a failover is not triggered, as the cluster is working normally using FortiGate B as the primary device.

When memory based failover is disabled, a new HA primary selection occurs to determine the primary device.

To configure memory based HA failover:
config system ha
    set memory-based-failover {enable | disable}
    set memory-failover-threshold <integer>
    set memory-failover-monitor-period <integer>
    set memory-failover-sample-rate <integer>
    set memory-failover-flip-timeout <integer>
end

memory-based-failover {enable | disable}

Enable/disable memory based failover (default = disable).

memory-failover-threshold <integer>

The memory usage threshold to trigger a memory based failover, in percentage (0 - 95, 0 = use the conserve mode threshold, default = 0).

memory-failover-monitor-period <integer>

The duration of the high memory usage before a memory based failover is triggered, in seconds (1 - 300, default = 60).

memory-failover-sample-rate <integer>

The rate at which memory usage is sampled in order to measure memory usage, in seconds (1 - 60, default = 1).

memory-failover-flip-timeout <integer>

The time to wait between subsequent memory based failovers, in minutes (6 - 2147483647, default = 6).

Example

In this example, FortiGate A is the primary unit and FortiGate B is the secondary unit. When the memory usage on FortiGate A exceeds 50% for 300 seconds, a failover occurs and FortiGate B becomes the primary device.

If the memory usage drops below 50% on FortiGate A and rises above 50% of FortiGate B, a second failover will occur only after the timeout period of six minutes has elapsed.

If the memory usage on both FortiGate A and B is above 50%, no failover will be triggered.

To configure the memory based failover:
config system ha
    set memory-based-failover enable
    set memory-failover-threshold 50
    set memory-failover-monitor-period 300
    set memory-failover-sample-rate 10
    set memory-failover-flip-timeout 6
end