Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSwitch 7.2.7 Administration Guide
    7.2.7
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.11
    6.4.6
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.5
    6.2.2
    6.2.1
    6.2.0

    Equal cost multi-path (ECMP) routing

    Equal cost multi-path (ECMP) routing

    ECMP is a forwarding mechanism that enables load-sharing of traffic to multiple paths of equal cost. An ECMP set is formed when the routing table contains multiple next-hop address for the same destination with equal cost. Routes of equal cost have the same preference and metric value. If there is an ECMP set for an active route, the switch uses a hash algorithm to choose one of the next-hop addresses. As input to the hash, the switch uses one or more of the following fields in the packet to be routed:

    • Source IP
    • Destination IP
    • Input port

    Configuring ECMP

    The switch automatically uses ECMP to choose between equal-cost routes.

    This configuration value is system-wide. The source IP address is the default value.

    NOTE:

    • There is a maximum of eight alternative paths (that is, ECMP paths).
    • When you configure a static route with a gateway, the gateway must be in the same IP subnet as the device. Also, the destination subnet cannot match any of device IP subnets in the switch.
    • When you configure a static route without a gateway, the destination subnet must be in the same IP subnet as the device.
    Using the CLI:

    config system settings

    set ip-ecmp-mode [ source-ip-based ] [ dst-ip-based ] [ port-based ]

    end

    Example ECMP configuration

    The following is an example CLI configuration for ECMP forwarding.

    In this configuration, ports 2 and 6 are routed ports. Interfaces I-RED and I-GREEN are routed VLAN interfaces. The remaining ports in the switch are normal layer-2 ports.

    1. Configure native VLANs for ports 2, 6, and 9. Also configure the “internal” interface to allow native VLANs for ports 2, 6, and 9:

      config switch interface

      edit port2

      set native-vlan 10

      edit port6

      set native-vlan 20

      edit port9

      set native-vlan 30

      edit internal

      set allowed-vlans 10,20,30

      end

    2. Configure the system interfaces:

      config system interface

      edit "internal"

      set type physical

      next

      edit "i-blue"

      set ip 1.1.1.1 255.255.255.0

      set allowaccess ping https http ssh snmp telnet

      set vlanid 10

      set interface internal

      next

      edit "i-red"

      set ip 172.16.11.1 255.255.255.0

      set allowaccess ping ssh telnet

      set vlanid 20

      set interface internal

      next

      edit "i-green"

      set ip 172.168.13.1 255.255.255.0

      set allowaccess ping https http ssh snmp telnet

      set vlanid 30

      set interface internal

      next

      end

    3. Configure static routes. This code configures multiple next-hop gateways for the same network:

      config router static

      edit 1

      set device "mgmt"

      set gateway 10.105.0.1

      set status enable

      next

      edit 2

      set device “i-red"

      set dst 8.8.8.0/24

      set gateway 172.16.11.2

      set status enable

      next

      edit 3

      set device "i-green"

      set dst 8.8.8.0/24

      set gateway 172.168.13.2

      set status enable

      next

    Viewing ECMP configuration

    Display the status of the ECMP configuration using following command:

    show system interface [ <system interface name> ]

    Previous
    Next

    Equal cost multi-path (ECMP) routing

    Equal cost multi-path (ECMP) routing

    ECMP is a forwarding mechanism that enables load-sharing of traffic to multiple paths of equal cost. An ECMP set is formed when the routing table contains multiple next-hop address for the same destination with equal cost. Routes of equal cost have the same preference and metric value. If there is an ECMP set for an active route, the switch uses a hash algorithm to choose one of the next-hop addresses. As input to the hash, the switch uses one or more of the following fields in the packet to be routed:

    • Source IP
    • Destination IP
    • Input port

    Configuring ECMP

    The switch automatically uses ECMP to choose between equal-cost routes.

    This configuration value is system-wide. The source IP address is the default value.

    NOTE:

    • There is a maximum of eight alternative paths (that is, ECMP paths).
    • When you configure a static route with a gateway, the gateway must be in the same IP subnet as the device. Also, the destination subnet cannot match any of device IP subnets in the switch.
    • When you configure a static route without a gateway, the destination subnet must be in the same IP subnet as the device.
    Using the CLI:

    config system settings

    set ip-ecmp-mode [ source-ip-based ] [ dst-ip-based ] [ port-based ]

    end

    Example ECMP configuration

    The following is an example CLI configuration for ECMP forwarding.

    In this configuration, ports 2 and 6 are routed ports. Interfaces I-RED and I-GREEN are routed VLAN interfaces. The remaining ports in the switch are normal layer-2 ports.

    1. Configure native VLANs for ports 2, 6, and 9. Also configure the “internal” interface to allow native VLANs for ports 2, 6, and 9:

      config switch interface

      edit port2

      set native-vlan 10

      edit port6

      set native-vlan 20

      edit port9

      set native-vlan 30

      edit internal

      set allowed-vlans 10,20,30

      end

    2. Configure the system interfaces:

      config system interface

      edit "internal"

      set type physical

      next

      edit "i-blue"

      set ip 1.1.1.1 255.255.255.0

      set allowaccess ping https http ssh snmp telnet

      set vlanid 10

      set interface internal

      next

      edit "i-red"

      set ip 172.16.11.1 255.255.255.0

      set allowaccess ping ssh telnet

      set vlanid 20

      set interface internal

      next

      edit "i-green"

      set ip 172.168.13.1 255.255.255.0

      set allowaccess ping https http ssh snmp telnet

      set vlanid 30

      set interface internal

      next

      end

    3. Configure static routes. This code configures multiple next-hop gateways for the same network:

      config router static

      edit 1

      set device "mgmt"

      set gateway 10.105.0.1

      set status enable

      next

      edit 2

      set device “i-red"

      set dst 8.8.8.0/24

      set gateway 172.16.11.2

      set status enable

      next

      edit 3

      set device "i-green"

      set dst 8.8.8.0/24

      set gateway 172.168.13.2

      set status enable

      next

    Viewing ECMP configuration

    Display the status of the ECMP configuration using following command:

    show system interface [ <system interface name> ]

    Previous
    Next