FGSP GTP tunnel synchronization
You can use the FortiGate Session Life Support Protocol (FGSP) to synchronize GTP tunnels between two FortiGates licensed for FortiOS Carrier. The FortiGates can be at the same location or distributed to different locations (for example, each FortiGate can be at a different data center). FGSP tunnel synchronization uses the same methods as FGCP GTP tunnel synchronization. All relevant GTP tunnel information is synchronized, including session timers.
Fortinet recommends FGSP GTP tunnel synchronization for an FGSP cluster of two FortiGates.
No special FGSP configuration is required for GTP tunnel synchronization. For information about configuring FGSP, see FGSP.
In addition to GTP tunnel synchronization, in most cases you would want all of the FortiGates in the FGSP configuration to maintain the same configuration. If you want to synchronize configuration changes, consider enabling Standalone configuration synchronization. You can also use FortiManager to manage and synchronize the configurations of the FortiGates.
Using FGSP to synchronize GTP tunnels between FGCP clusters supports asymmetric routing . Enter the following command to enable asymmetric routing:
config system settings
set gtp-asym-fgsp enable
end
The FGSP supports widely separated FGSP peers installed in different physical locations. In a distributed FGSP cluster, session synchronization and HA heartbeat communication between FGSP peers can take place over the internet or over other transmission methods including satellite linkups.
Most Data Center Interconnect (DCI) or MPLS-based solutions that support layer 2 extensions between the remote data centers should also support FGSP heartbeat communication and session synchronization between FortiGates in the distributed locations.
Because of the possible distance, it may take a relatively long time for heartbeat packets to be transmitted between distributed FGSP peers. To account for possible delays, you can increase the FGSP heartbeat interval so that the FGSP peers expect extra time between heartbeat packets. A general rule is to configure the heartbeat time to be longer than the max latency.
You could also increase the number of lost heartbeat packets allowed before a FortiGate assumes an FGSP peer is offline if the network connection is less reliable.
Using the following command to adjust the FGSP heartbeat interval and number of lost packets. You can configure a custom heartbeat interval and lost packet threshold for each FGSP session synchronization instance.
config system cluster-sync
edit <id>
set hb-interval <interval>
set hb-lost-threshold <threshold>
end
hb-interval <interval>
the heartbeat interval in seconds. The range 1 to 10 seconds and the default is 2 seconds.
hb-lost-threshold <threshold>
the number of expected heartbeat packets to loose before assuming the FGSP peer is down. The range is 1 to 10 lost heartbeat packets and the default is 3 lost heartbeat packets.
You can also use different link paths for different session sync instances to optimize GTP tunnel synchronization performance. You could also configure QoS on the session synchronization links to make sure FGSP communication has the highest priority.