Fortinet white logo
Fortinet white logo

FortiGate-6000 Administration Guide

Enabling GTP load balancing

Enabling GTP load balancing

You can use the following load balancing command to enable or disable FortiGate 6000F GTP-U load balancing.

config load-balance setting

config gtp-load-balance {disable | enable}

end

The following flow rule is also available to direct GTP-C traffic to the primary FPC.

config load-balance flow-rule

edit 17

set status disable

set ether-type ipv4

set src-addr-ipv4 0.0.0.0 0.0.0.0

set dst-addr-ipv4 0.0.0.0 0.0.0.0

set protocol udp

set src-l4port 0-0

set dst-l4port 2123-2123

set action forward

set forward-slot master

set priority 5

set comment "gtp-c to primary blade"

next

end

The recommended configuration for optimal GTP-C tunnel setup and GTP-U throughput performance is to enable gtp-load-balance and disable the GTP-C flow rule. In this configuration, both GTP-C and GTP-U traffic is load balanced among all of the FPCs:

config load-balance setting

config gtp-load-balance enable

end

config load-balance flow-rule

edit 17

set status disable

set ether-type ipv4

set src-addr-ipv4 0.0.0.0 0.0.0.0

set dst-addr-ipv4 0.0.0.0 0.0.0.0

set protocol udp

set src-l4port 0-0

set dst-l4port 2123-2123

set action forward

set forward-slot master

set priority 5

set comment "gtp-c to primary blade"

next

end

If you want GTP-C traffic to only be processed by the primary FPC, you can edit the GTP-C flow rule and set status to enable. When enabled, this flow rule sends all GTP-C traffic to the primary FPC. Enabling this flow rule can reduce GTP performance, since all GTP-C tunnel setup sessions will be done by the primary FPC and not distributed among all of the FPCs.

config load-balance flow-rule

edit 17

set status enable

set ether-type ipv4

set src-addr-ipv4 0.0.0.0 0.0.0.0

set dst-addr-ipv4 0.0.0.0 0.0.0.0

set protocol udp

set src-l4port 0-0

set dst-l4port 2123-2123

set action forward

set forward-slot master

set priority 5

set comment "gtp-c to primary blade"

next

end

GTP-U load balancing may not distribute sessions evenly among all of the FPCs. Its common in many 4G networks to have just a few SGWs. Similar configurations with very few servers may also be used in other GTP implementations. If the FortiGate 6000F receives GTP traffic from a very few servers, the GTP traffic will have very few source and destination IP addresses and TCP/IP ports. Since SLBC load balancing is based on source and destination IP addresses and TCP ports, its possible that sessions will not be distributed evenly among the FPCs. In fact, most GTP-U traffic could be processed by a limited number of FPCs.

Enabling GTP-U load balancing still distributes sessions and improves performance, but performance gains from enabling GTP-U load balancing may not be as high as anticipated.

Enabling GTP load balancing

Enabling GTP load balancing

You can use the following load balancing command to enable or disable FortiGate 6000F GTP-U load balancing.

config load-balance setting

config gtp-load-balance {disable | enable}

end

The following flow rule is also available to direct GTP-C traffic to the primary FPC.

config load-balance flow-rule

edit 17

set status disable

set ether-type ipv4

set src-addr-ipv4 0.0.0.0 0.0.0.0

set dst-addr-ipv4 0.0.0.0 0.0.0.0

set protocol udp

set src-l4port 0-0

set dst-l4port 2123-2123

set action forward

set forward-slot master

set priority 5

set comment "gtp-c to primary blade"

next

end

The recommended configuration for optimal GTP-C tunnel setup and GTP-U throughput performance is to enable gtp-load-balance and disable the GTP-C flow rule. In this configuration, both GTP-C and GTP-U traffic is load balanced among all of the FPCs:

config load-balance setting

config gtp-load-balance enable

end

config load-balance flow-rule

edit 17

set status disable

set ether-type ipv4

set src-addr-ipv4 0.0.0.0 0.0.0.0

set dst-addr-ipv4 0.0.0.0 0.0.0.0

set protocol udp

set src-l4port 0-0

set dst-l4port 2123-2123

set action forward

set forward-slot master

set priority 5

set comment "gtp-c to primary blade"

next

end

If you want GTP-C traffic to only be processed by the primary FPC, you can edit the GTP-C flow rule and set status to enable. When enabled, this flow rule sends all GTP-C traffic to the primary FPC. Enabling this flow rule can reduce GTP performance, since all GTP-C tunnel setup sessions will be done by the primary FPC and not distributed among all of the FPCs.

config load-balance flow-rule

edit 17

set status enable

set ether-type ipv4

set src-addr-ipv4 0.0.0.0 0.0.0.0

set dst-addr-ipv4 0.0.0.0 0.0.0.0

set protocol udp

set src-l4port 0-0

set dst-l4port 2123-2123

set action forward

set forward-slot master

set priority 5

set comment "gtp-c to primary blade"

next

end

GTP-U load balancing may not distribute sessions evenly among all of the FPCs. Its common in many 4G networks to have just a few SGWs. Similar configurations with very few servers may also be used in other GTP implementations. If the FortiGate 6000F receives GTP traffic from a very few servers, the GTP traffic will have very few source and destination IP addresses and TCP/IP ports. Since SLBC load balancing is based on source and destination IP addresses and TCP ports, its possible that sessions will not be distributed evenly among the FPCs. In fact, most GTP-U traffic could be processed by a limited number of FPCs.

Enabling GTP-U load balancing still distributes sessions and improves performance, but performance gains from enabling GTP-U load balancing may not be as high as anticipated.