FGSP source IP and interface selection
A specific source IP or interface can be selected for FGSP heartbeat/sync traffic over L3, preventing packet loss caused by ECMP path divergence.
config system standalone-cluster
config cluster-peer
edit <sync-id>
set source-ip <class_ip>
set interface <interface>
next
end
end
|
Command |
Description |
|---|---|
|
source-ip <class_ip> |
Source IP address to use for peer connections. |
|
interface <interface> |
Outgoing interface for peer connections. |
When configure the interface, always specify the outgoing (egress) interface, and not the source interface.
Example
In this example, FGSP is configured between FGT_A and FGT_B. Peering is over Layer3 network through two ECMP routes.
FGSP peers could be setup between two loopback interfaces, port2, or both.
To use the source IP for FGSP heartbeat/sync traffic:
-
Configure FGT_A:
config system standalone-cluster set standalone-group-id 20 set group-member-id 3 config cluster-peer edit 1 set peervd "v2" set peerip 2.2.2.2 set syncvd "root" set source-ip 1.1.1.1 next end end -
Configure FGT_B:
config system standalone-cluster set standalone-group-id 20 set group-member-id 4 config cluster-peer edit 1 set peervd "v2" set peerip 1.1.1.1 set syncvd "root" set source-ip 2.2.2.2 next end end
To use the interface for FGSP heartbeat/sync traffic:
In this example, synchronization traffic originates on loopback1 but must exit the device through npu-vlink1 to reach its peer, so the interface must be set to npu-vlink1. Always select the port that serves as the traffic's exit point to ensure successful delivery.
-
Configure FGT_A:
config system standalone-cluster set standalone-group-id 20 set group-member-id 3 config cluster-peer edit 1 set peervd "v2" set peerip 2.2.2.2 set syncvd "root" set interface npu-vlink1 next end end -
Configure FGT_B:
config system standalone-cluster set standalone-group-id 20 set group-member-id 4 config cluster-peer edit 1 set peervd "v2" set peerip 1.1.1.1 set syncvd "root" set interface npu-vlink1 next end end