Fortinet black logo

SD-WAN Architecture for Enterprise

Home FortiGate / FortiOS 7.0.0 SD-WAN Architecture for Enterprise
7.0.0
7.2.0
7.0.0

Redundancy

Redundancy

In this design, the SD-WAN gateway may offer intra-site redundancy by joining two or more devices into a high availability (HA) cluster. FortiGate HA offers several solutions for adding redundancy in the case where a failure occurs on the FortiGate, or is detected by the FortiGate through monitored links, routes, and other health checks. These solutions support fast failover to avoid lengthy network outages and disruptions to your traffic.

FortiGate HA options:

*In this document, we will focus on utilizing the FortiGate Cluster Protocol (FGCP) on our SD-WAN gateways to accomplish high availability.

Note

There are more advanced use cases and scenarios where FGSP may be used to horizontally scale across local or geo-redundant location. This is beyond the scope of this document.

Intra-datacenter gateway redundancy

For most use cases, it is generally recommended to utilize active-passive HA for SD-WAN gateways at a datacenter or HQ location. If active-active is desired, it will not change our overall SD-WAN design outlined below. Both HA modes will be designed in the same matter as described in this section.

In active-passive HA mode, there are at least two devices in the cluster, with only one device acting as the primary device. To the rest of the network, including remote branch locations, the active-passive cluster appears to be a single device that shares a floating IP address between the active members. Remote branch locations terminate their overlays to the active device in the cluster.

The active-passive gateway model provides redundancy inside the datacenter, while operating as a single device to outside resources. Branch locations terminate their overlay connections to the active member, while being unaware the gateway is a cluster with multiple members.

Gateway Redundancy

Benefits

Considerations

Active-passive HA cluster
  • Intra-datacenter redundancy
  • Logically seen as a single device on the network
  • Simple setup
  • Does not provide performance improvement on security inspection

Active-active HA cluster
  • Intra-datacenter redundancy
  • Logically seen as a single device on the network
  • Performance improvement on security inspection
  • More complex troubleshooting requirements due to the nature of active-active load balancing

For more information on HA design and consideration, see the latest FortiOS Administration Guide.

In the event of a failover at the datacenter between active-passive members, traffic should switch over to the next healthy member.

To minimize or eliminate traffic interruption during failover, it is recommended to consider the following:

  • Enabling BGP graceful restart on the gateway and branch
  • Enabling route-ttl on the HA settings to ensure the FortiGate cluster maintains the cached routes during failover
  • Fine-tune BGP timers as necessary

For more information on these three components, see this KB article.

Previous
Next

Redundancy

In this design, the SD-WAN gateway may offer intra-site redundancy by joining two or more devices into a high availability (HA) cluster. FortiGate HA offers several solutions for adding redundancy in the case where a failure occurs on the FortiGate, or is detected by the FortiGate through monitored links, routes, and other health checks. These solutions support fast failover to avoid lengthy network outages and disruptions to your traffic.

FortiGate HA options:

*In this document, we will focus on utilizing the FortiGate Cluster Protocol (FGCP) on our SD-WAN gateways to accomplish high availability.

Note

There are more advanced use cases and scenarios where FGSP may be used to horizontally scale across local or geo-redundant location. This is beyond the scope of this document.

Intra-datacenter gateway redundancy

For most use cases, it is generally recommended to utilize active-passive HA for SD-WAN gateways at a datacenter or HQ location. If active-active is desired, it will not change our overall SD-WAN design outlined below. Both HA modes will be designed in the same matter as described in this section.

In active-passive HA mode, there are at least two devices in the cluster, with only one device acting as the primary device. To the rest of the network, including remote branch locations, the active-passive cluster appears to be a single device that shares a floating IP address between the active members. Remote branch locations terminate their overlays to the active device in the cluster.

The active-passive gateway model provides redundancy inside the datacenter, while operating as a single device to outside resources. Branch locations terminate their overlay connections to the active member, while being unaware the gateway is a cluster with multiple members.

Gateway Redundancy

Benefits

Considerations

Active-passive HA cluster
  • Intra-datacenter redundancy
  • Logically seen as a single device on the network
  • Simple setup
  • Does not provide performance improvement on security inspection

Active-active HA cluster
  • Intra-datacenter redundancy
  • Logically seen as a single device on the network
  • Performance improvement on security inspection
  • More complex troubleshooting requirements due to the nature of active-active load balancing

For more information on HA design and consideration, see the latest FortiOS Administration Guide.

In the event of a failover at the datacenter between active-passive members, traffic should switch over to the next healthy member.

To minimize or eliminate traffic interruption during failover, it is recommended to consider the following:

  • Enabling BGP graceful restart on the gateway and branch
  • Enabling route-ttl on the HA settings to ensure the FortiGate cluster maintains the cached routes during failover
  • Fine-tune BGP timers as necessary

For more information on these three components, see this KB article.

Previous
Next