Fortinet black logo

SD-WAN Architecture for Enterprise

Intra-datacenter failover

7.0.0
Copy Link
Copy Doc ID 7030e0d2-4287-11ec-bdf2-fa163e15d75b:705617
Download PDF

Intra-datacenter failover

SD-WAN gateways at each datacenter operate as independent HA clusters to offer intra-site redundancy from failures and issues at their location.

FortiGate HA offers several solutions for adding redundancy in the case where a failure occurs on the FortiGate, or is detected by the FortiGate through monitored links, routes, and other health checks. These solutions support fast failover to avoid lengthy network outages and disruptions to your traffic.

FortiGate HA options:

*In this document, we will focus on utilizing the FortiGate Cluster Protocol (FGCP) on our SD-WAN gateways to accomplish high availability.

Note

There are more advanced use cases and scenarios where FGSP may be used to sync sessions between FortiGate clusters at different datacenter locations. This is beyond the scope of this document.

Utilizing FGCP for intra-datacenter HA

For most use cases, it is generally recommended to utilize active-passive HA for SD-WAN gateways at a datacenter or HQ location. If active-active is desired, it will not change our overall SD-WAN design outlined below. Both HA modes will be designed in the same matter as described in this section.

In active-passive HA mode, there are at least two devices in the cluster, with only one device acting as the primary device. To the rest of the network, including remote branch locations, the active-passive cluster appears to be a single device that shares a floating IP address between the active members. Remote branch locations terminate their overlays to the active device in the cluster.

The active-passive gateway model provides redundancy inside the datacenter, while operating as a single device to outside resources. Branch locations terminate their overlay connections to the active member, while being unaware the gateway is a cluster with multiple members.

Gateway Redundancy

Benefits

Considerations

Active-passive HA cluster

  • Intra-datacenter redundancy
  • Logically seen as a single device on the network
  • Simple setup
  • Does not provide performance improvement on security inspection

Active-active HA cluster

  • Intra-datacenter redundancy
  • Logically seen as a single device on the network
  • Performance improvement on security inspection
  • More complex troubleshooting requirements due to the nature of active-active load balancing

For more information on HA design and consideration, refer to the latest FortiOS Admin Guide.

To minimize or eliminate traffic interruption during failover, it is recommended to consider the following:

  • Enabling BGP graceful restart on the gateway and branch
  • Enabling route-ttl on the HA settings to ensure the FortiGate cluster maintains the cached routes during failover
  • Fine-tune BGP timers as necessary

For more information on these three components, see this KB article.

Intra-datacenter failover

SD-WAN gateways at each datacenter operate as independent HA clusters to offer intra-site redundancy from failures and issues at their location.

FortiGate HA offers several solutions for adding redundancy in the case where a failure occurs on the FortiGate, or is detected by the FortiGate through monitored links, routes, and other health checks. These solutions support fast failover to avoid lengthy network outages and disruptions to your traffic.

FortiGate HA options:

*In this document, we will focus on utilizing the FortiGate Cluster Protocol (FGCP) on our SD-WAN gateways to accomplish high availability.

Note

There are more advanced use cases and scenarios where FGSP may be used to sync sessions between FortiGate clusters at different datacenter locations. This is beyond the scope of this document.

Utilizing FGCP for intra-datacenter HA

For most use cases, it is generally recommended to utilize active-passive HA for SD-WAN gateways at a datacenter or HQ location. If active-active is desired, it will not change our overall SD-WAN design outlined below. Both HA modes will be designed in the same matter as described in this section.

In active-passive HA mode, there are at least two devices in the cluster, with only one device acting as the primary device. To the rest of the network, including remote branch locations, the active-passive cluster appears to be a single device that shares a floating IP address between the active members. Remote branch locations terminate their overlays to the active device in the cluster.

The active-passive gateway model provides redundancy inside the datacenter, while operating as a single device to outside resources. Branch locations terminate their overlay connections to the active member, while being unaware the gateway is a cluster with multiple members.

Gateway Redundancy

Benefits

Considerations

Active-passive HA cluster

  • Intra-datacenter redundancy
  • Logically seen as a single device on the network
  • Simple setup
  • Does not provide performance improvement on security inspection

Active-active HA cluster

  • Intra-datacenter redundancy
  • Logically seen as a single device on the network
  • Performance improvement on security inspection
  • More complex troubleshooting requirements due to the nature of active-active load balancing

For more information on HA design and consideration, refer to the latest FortiOS Admin Guide.

To minimize or eliminate traffic interruption during failover, it is recommended to consider the following:

  • Enabling BGP graceful restart on the gateway and branch
  • Enabling route-ttl on the HA settings to ensure the FortiGate cluster maintains the cached routes during failover
  • Fine-tune BGP timers as necessary

For more information on these three components, see this KB article.