Load balancing and flow rules
This chapter provides an overview of how FortiGate-7000E Session-Aware Load Balancing (SLBC) works and then breaks down the details and explains why you might want to change some load balancing settings.
FortiGate-7000E SLBC works as follows.
-
The FortiGate-7000E directs all traffic that does not match a load balancing flow rule to the DP2 processors.
If a session matches a flow rule, the session skips the DP2 processors and is directed according to the action setting of the flow rule. Default flow rules send traffic that can't be load balanced to the primary FPM. See Default configuration for traffic that cannot be load balanced.
-
The DP2 processors load balance TCP, UDP, SCTP, and IPv4 ICMP sessions among the FPMs according to the load balancing method set by the
dp-load-distribution-method
option of theconfig load-balance setting
command.The DP2 processors load balance ICMP sessions among FPMs according to the load balancing method set by the
dp-icmp-distribution-method
option of theconfig load-balance setting
command. See ICMP load balancing.The DP2 processors load balance GTP-U sessions if GTP load balancing is enabled. If GTP load balancing is disabled, the DP2 processors send GTP sessions to the primary FPM. For more information about GTP load balancing, see Enabling GTP load balancing.
The DP2 processors load balance PFCP-controlled GTP-U sessions if PFCP load balancing is enabled. If PFCP load balancing is disabled, the DP2 processors send PFCP-controlled GTP-U sessions to the primary FPM. For more information about PFCP load balancing, see PFCP load balancing.
To support ECMP you can change how the DP2 processors manage session tables, see ECMP support.
- The DP2 processors send other sessions that cannot be load balanced to the primary FPM.