Fortinet black logo

New Features

Home FortiGate / FortiOS 6.4.0 New Features

Liveness detection on NSX-T 6.4.3

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID de1e129a-0283-11ea-8977-00505692583a:884502
Download PDF

Liveness detection on NSX-T 6.4.3

Liveness detection can force the Service Insertion datapath not to use a specific VM until its service manager has updated the VM's configuration. This can be required when a new FortiGate VM is deployed and should not reply to liveness detection queries or forward any traffic until it has received the required configuration from the service manager. The Service Insertion platform will instead use an already configured VM, if one is available.

The service can be registered in NSX-T manager using the python tool with the following parameter in the script:

"service_capability": {
    "nsh_liveness_support_enabled": True
},

When registered, the VM receives pings on its dataplane interface to detect the liveness of the service. If a failure occurs on the VM, NSX-T will take the action specified for the liveness service chain failure policy:

  • Allow - Send traffic to the destination VM when the service VM fails.

  • Block - Do not send traffic to the destination VM when the service VM fails.

See the VMware NSX-T documentation for more information. This feature is supported for NSX-T 2.5 and 3.0.

Previous
Next

Liveness detection on NSX-T 6.4.3

Liveness detection can force the Service Insertion datapath not to use a specific VM until its service manager has updated the VM's configuration. This can be required when a new FortiGate VM is deployed and should not reply to liveness detection queries or forward any traffic until it has received the required configuration from the service manager. The Service Insertion platform will instead use an already configured VM, if one is available.

The service can be registered in NSX-T manager using the python tool with the following parameter in the script:

"service_capability": {
    "nsh_liveness_support_enabled": True
},

When registered, the VM receives pings on its dataplane interface to detect the liveness of the service. If a failure occurs on the VM, NSX-T will take the action specified for the liveness service chain failure policy:

  • Allow - Send traffic to the destination VM when the service VM fails.

  • Block - Do not send traffic to the destination VM when the service VM fails.

See the VMware NSX-T documentation for more information. This feature is supported for NSX-T 2.5 and 3.0.

Previous
Next