FortiGate-7000 GTP load balancing
On a FortiGate-7000 system you can use the following command to enable or disable GTP load balancing.
config load-balance setting
set gtp-load-balance {disable | enable}
end
The following flow rule is also available to direct GTP-C traffic to the primary FPM.
config load-balance flow-rule
edit 17
set status disable
set ether-type ipv4
set src-addr-ipv4 0.0.0.0 0.0.0.0
set dst-addr-ipv4 0.0.0.0 0.0.0.0
set protocol udp
set src-l4port 0-0
set dst-l4port 2123-2123
set action forward
set forward-slot master
set priority 5
set comment "gtp-c to primary blade"
next
end
By default, both of these configurations are disabled and GTP-C and GTP-U traffic is not load balanced. The FortiGate-7000E DP processor or FortiGate-7000F NP7 processor sends all GTP-C and GTP-U traffic to the primary FPM.
To load balance GTP-U traffic to multiple FPMs, you can set gtp-load-balance
to enable
. This also enables the GTP-C flow rule. GTP-U traffic is then load balanced across all FPMs while GTP-C traffic is still handled by the primary FPM. This is the recommended configuration for load balancing GTP traffic.
GTP-U load balancing may not distribute sessions evenly among all of the FPMs. Its common in many 4G networks to have just a few SGWs. Similar configurations with very few serves may also be used in other GTP implementations. If the FortiGate-7000 receives GTP traffic from a very few servers, the GTP traffic will have very few source and destination IP addresses and TCP/IP ports. Since the FortiGate-7000 perform SLBC load balancing based on source and destination IP addresses and TCP ports, its possible that sessions will not be distributed evenly among the FPMs. In fact, most GTP-U traffic could be processed by a limited number of FPMs.
Enabling GTP load balancing still distributes sessions and improves performance, but performance gains from enabling GTP load balancing may not be as high as anticipated.