Fortinet 400 Active-active HA

76 Fortinet Inc.

Active-active HA High availability

During startup the members of an HA cluster negotiate to select the primary unit. The

primary unit allows other FortiGate units to join the HA cluster as subordinate units

and assigns each subordinate unit a priority.

The primary FortiGate unit sends session messages to the subordinate units through

the FortiGate HA interfaces. All FortiGate units in the cluster maintain all session

information. If the primary FortiGate unit fails, the subordinate units negotiate to select

a new primary unit. All connections are resumed by the new primary unit.

During a fail-over, the new primary unit notifies the adjacent networking devices so

that the entire network can quickly converge to the new data path. The new primary

unit also alerts administrators of the changes to the HA cluster by writing a message

to its event log, sending an SNMP trap (if SNMP is enabled), and sending an alert

email.

If a subordinate FortiGate unit fails, the primary FortiGate unit writes a message to its

event log, and sends an SNMP trap and an alert email. The primary FortiGate unit

also adjusts the priority of each of the remaining units in the HA cluster.

Active-active HA

Active-active (A-A) HA provides load balancing between all of the FortiGate units in an

HA cluster. An active-active HA cluster consists of a primary FortiGate unit and one or

more subordinate FortiGate units all processing traffic. The primary FortiGate unit

uses a load balancing algorithm to distribute sessions to all of the FortiGate units in

the HA cluster.

In active-active HA mode the primary unit uses one of the following scheduling

algorithms to distribute network sessions among the members of the HA cluster.

Table 15: Active-Active HA load balancing scheduling algorithms

Schedule Description

None No load balancing. Used when the cluster interfaces are connected to

load balancing switches.

Hub Used when the cluster interfaces are connected to a hub. Distributes

traffic to units in the cluster based on the Source IP and Destination IP

of the packet.

Least-Connection Distributes traffic to the cluster unit with the fewest concurrent

connections.

Round Robin Distributes traffic to the next available cluster unit.

Weighted Round

Robin

Similar to Round Robin but weighted values are assigned to each of

the units in a cluster based on their capacity. For example, the primary

unit should have a lower weighted value because it handles scheduling

and forwards traffic.

Random Randomly distributes traffic to cluster units.

IP Distributes traffic to units in a cluster based on the Source IP and

Destination IP of the packet.

IP Port Distributes traffic to units in a cluster based on the Source IP, Source

Port, Destination IP, and Destination port of the packet.