FortiGate 3300E and 3301E fast path architecture
The FortiGate 3300E and 3301E each include four NP6 processors. All front panel data interfaces and all of the NP6 processors connect to the integrated switch fabric (ISF). All data traffic passes from the data interfaces through the ISF to the NP6 processors. Because of the ISF, all supported traffic passing between any two data interfaces can be offloaded by the NP6 processors. Data traffic processed by the CPU takes a dedicated data path through the ISF and an NP6 processor to the CPU.
The FortiGate 3300E and 3301E models feature the following front panel interfaces:
- Two 10/100/1000BASE-T Copper (MGMT1 and MGMT2).
- Twelve 10/100/1000BASE-T Copper (1 to 12).
- Four 1/10 GigE BASE-T Copper (13 to 16).
- Fourteen 1/10/25 GigE SFP+/SFP28 (17 to 30), interface groups: 17 - 20, 21 - 24, 25 - 28, 29-HA1, and 30 - HA2. Every time you change the speed of one of these interfaces from 25Gbps to 10Gbps or 1Gbps or from 10Gbps or 1Gbps to 25Gbps the speeds of the other interfaces in the group also change to that speed. When you enter the
endcommand, the CLI confirms the range of interfaces affected by the change. - Two 1/10/25 GigE SFP+/SFP28 (HA1 and HA2, not connected to the NP6 processors).
- Four 40 GigE QSFP+ (31 to 34).
The MGMT interfaces are not connected to the NP6 processors. Management traffic passes to the CPU over a dedicated management path that is separate from the data path. You can also dedicate separate CPU resources for management traffic to further isolate management processing from data processing (see Improving GUI and CLI responsiveness (dedicated management CPU)).
The HA interfaces are also not connected to the NP6 processors. To help provide better HA stability and resiliency, the HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing.
The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.
You can use the following command to display the FortiGate 3300E or 3301E NP6 configuration. The command output shows four NP6s named NP6_0, NP6_1, NP6_2, and NP6_3 and the interfaces (ports) connected to each NP6. This interface to NP6 mapping is also shown in the diagram above.
The command output also shows the XAUI configuration for each NP6 processor. Each NP6 processor has a 40-Gigabit bandwidth capacity. Traffic passes to each NP6 processor over four 10-Gigabit XAUI links. The XAUI links are numbered 0 to 3.
You can also use the diagnose npu np6 port-list command to display this information.
get hardware npu np6 port-list
Chip XAUI Ports Max Cross-chip
Speed offloading
------ ---- ------- ----- ----------
np6_0 0 port1 1G Yes
0 port14 10G Yes
1 port2 1G Yes
1 port15 10G Yes
2 port3 1G Yes
2 port16 10G Yes
3 port13 10G Yes
0-3 port17 25G Yes
0-3 port31 40G Yes
------ ---- ------- ----- ----------
np6_1 0 port4 1G Yes
1 port5 1G Yes
2 port6 1G Yes
3
0-3 port18 25G Yes
0-3 port19 25G Yes
0-3 port20 25G Yes
0-3 port24 25G Yes
0-3 port23 25G Yes
0-3 port32 40G Yes
------ ---- ------- ----- ----------
np6_2 0 port7 1G Yes
1 port8 1G Yes
2 port9 1G Yes
3
0-3 port22 25G Yes
0-3 port21 25G Yes
0-3 port26 25G Yes
0-3 port25 25G Yes
0-3 port28 25G Yes
0-3 port33 40G Yes
------ ---- ------- ----- ----------
np6_3 0 port10 1G Yes
1 port11 1G Yes
2 port12 1G Yes
2 port29 10G Yes
3 port30 10G Yes
0-3 port27 25G Yes
0-3 port34 40G Yes
------ ---- ------- ----- ----------
Distributing traffic evenly among the NP6 processors can optimize performance. For details, see Optimizing NP6 performance by distributing traffic to XAUI links.
You can also add LAGs to improve performance. For details, see Increasing NP6 offloading capacity using link aggregation groups (LAGs).