Intra-datacenter failover
SD-WAN gateways at each datacenter operate as independent HA clusters to offer intra-site redundancy from failures and issues at their location.
FortiGate HA offers several solutions for adding redundancy in the case where a failure occurs on the FortiGate, or is detected by the FortiGate through monitored links, routes, and other health checks. These solutions support fast failover to avoid lengthy network outages and disruptions to your traffic.
FortiGate HA options:
- FortiGate Cluster Protocol (FGCP)*
- Active/passive
- Active/active
- FortiGate Session Life Support Protocol (FGSP)
- Session and configuration synchronization across standalone FortiGate or HA clusters
*In this document, we will focus on utilizing the FortiGate Cluster Protocol (FGCP) on our SD-WAN gateways to accomplish high availability.
There are more advanced use cases and scenarios where FGSP may be used to sync sessions between FortiGate clusters at different datacenter locations. This is beyond the scope of this document. |
Utilizing FGCP for intra-datacenter HA
For most use cases, it is generally recommended to utilize active-passive HA for SD-WAN gateways at a datacenter or HQ location. If active-active is desired, it will not change our overall SD-WAN design outlined below. Both HA modes will be designed in the same matter as described in this section.
In active-passive HA mode, there are at least two devices in the cluster, with only one device acting as the primary device. To the rest of the network, including remote branch locations, the active-passive cluster appears to be a single device that shares a floating IP address between the active members. Remote branch locations terminate their overlays to the active device in the cluster.
The active-passive gateway model provides redundancy inside the datacenter, while operating as a single device to outside resources. Branch locations terminate their overlay connections to the active member, while being unaware the gateway is a cluster with multiple members.
Gateway Redundancy |
Benefits |
Considerations |
---|---|---|
Active-passive HA cluster |
|
|
Active-active HA cluster |
|
|
For more information on HA design and consideration, refer to the latest FortiOS Admin Guide.
To minimize or eliminate traffic interruption during failover, it is recommended to consider the following:
- Enabling BGP graceful restart on the gateway and branch
- Enabling
route-ttl
on the HA settings to ensure the FortiGate cluster maintains the cached routes during failover - Fine-tune BGP timers as necessary
For more information on these three components, see this KB article.