Hardware Acceleration

Home FortiGate / FortiOS 7.2.9 Hardware Acceleration

7.2.9

FortiGate 400F and 401F fast path architecture

The FortiGate 400F and 401F each include one NP7 processor. Front panel data interfaces 1 to 24 and X1 to X4 and one of the NP7 processor interfaces connect to the integrated switch fabric (ISF). All data traffic passes from these data interfaces through the ISF to the NP7 processor. Data traffic processed by the CPU takes a dedicated data path through the ISF and the NP7 processor to the CPU.

Front panel data interfaces X5 to X8 are connected directly to the other NP7 processor interface instead of the ISF. Since the ISF introduces latency, interfaces X5 to X8 are ultra low latency (ULL) interfaces, and NP7 traffic entering and exiting the FortiGate through these interfaces experiences lower latency than if it were passing through interfaces that are connected to the ISF. To achieve low latency, traffic must enter and exit the FortiGate through the X5 to X8 interfaces. You can't change the speed of the FortiGate 400F and 401F ULL interfaces .

All supported traffic passing between any two data interfaces can be offloaded by the NP7 processor. This includes traffic passing between an interface connected to the ISF and a ULL interface. If traffic enters or exits through an interface connected to the ISF, it is subject to the latency resulting from passing through the ISF.

The FortiGate 400F and 401F do not support configuring NPU port mapping, because only one of the NP7 interfaces is connected to the ISF.

The FortiGate 400F and 401F models feature the following front panel interfaces:

Two 10/100/1000BASE-T RJ45 (HA and MGMT, not connected to the NP7 processor).
Sixteen 10/100/1000BASE-T RJ45 (1 to 16).
Eight 1 GigE SFP (17 to 24).
Four 10 GigE SFP+ (X1 to X4) (X1 and X2 are FortiLink interfaces).
Four 10 GigE SFP+ (X5 to X8) ultra low latency (ULL). ULL interfaces bypass the integrated switch fabric (ISF).
Eight 1 GigE SFP (17 to 24).

The MGMT interface is not connected to the NP7 processor. Management traffic passes to the CPU over a dedicated management path that is separate from the data path.

The HA interface is also not connected to the NP7 processor. To help provide better HA stability and resiliency, HA traffic uses a dedicated physical control path that provides HA control traffic separation from data traffic processing.

The separation of management and HA traffic from data traffic keeps management and HA traffic from affecting the stability and performance of data traffic processing.

You can use the following command to display the FortiGate 400F or 401F NP7 configuration. The command output shows a single NP7 named NP#0 is connected to all data interfaces. This interface to NP7 mapping is also shown in the diagram above.

diagnose npu np7 port-list 
Front Panel Port:
Name     Max_speed(Mbps) Dflt_speed(Mbps) NP_group        Switch_id SW_port_id SW_port_name 
-------- --------------- ---------------  --------------- --------- ---------- ------------ 
port1    1000            1000             n/a             0         25                      
port2    1000            1000             n/a             0         24                      
port3    1000            1000             n/a             0         27                      
port4    1000            1000             n/a             0         26                      
port5    1000            1000             n/a             0         29                      
port6    1000            1000             n/a             0         28                      
port7    1000            1000             n/a             0         31                      
port8    1000            1000             n/a             0         30                      
port9    1000            1000             n/a             0         17                      
port10   1000            1000             n/a             0         16                      
port11   1000            1000             n/a             0         19                      
port12   1000            1000             n/a             0         18                      
port13   1000            1000             n/a             0         21                      
port14   1000            1000             n/a             0         20                      
port15   1000            1000             n/a             0         23                      
port16   1000            1000             n/a             0         22                      
port17   1000            1000             n/a             0         7                       
port18   1000            1000             n/a             0         12                      
port19   1000            1000             n/a             0         6                       
port20   1000            1000             n/a             0         13                      
port21   1000            1000             n/a             0         5                       
port22   1000            1000             n/a             0         14                      
port23   1000            1000             n/a             0         4                       
port24   1000            1000             n/a             0         15                      
x1       10000           10000            n/a             0         10                      
x2       10000           10000            n/a             0         9                       
x3       10000           10000            n/a             0         11                      
x4       10000           10000            n/a             0         8                       
x5       10000           10000            n/a             n/a       n/a        n/a          
x6       10000           10000            n/a             n/a       n/a        n/a          
x7       10000           10000            n/a             n/a       n/a        n/a          
x8       10000           10000            n/a             n/a       n/a        n/a          
-------- --------------- ---------------  --------------- --------- ---------- ------------ 

NP Port:
Name   Switch_id SW_port_id SW_port_name 
------ --------- ---------- ------------ 
np0_0  0         0                       
------ --------- ---------- ------------ 
* Max_speed: Maximum speed, Dflt_speed: Default speed
* SW_port_id: Switch port ID, SW_port_name: Switch port name

The command output also shows the maximum speeds of each interface. Also, that command output shows that the x5 to x8 interfaces are not connected to the internal switch fabric.

The NP7 processor has a bandwidth capacity of 200 Gigabits. You can see from the command output that if all interfaces were operating at their maximum bandwidth the NP7 processor would not be able to offload all the traffic.