Fortinet 5.0 Patch 6 Link aggregation

Fortinet 120 FortiWeb 5.0 Patch 6 Administration Guide

Link aggregation

You can configure a network interface that is the bundle of several physical links via either the

web UI or the CLI.

Link aggregation (also called NIC teaming/bonding or link bundling) forms a network interface

that queues and transmits over multiple wires (also called a port channel), instead of only a

single wire (as FortiWeb would normally do with a single network interface per physical port).

This multiplies the bandwidth that is available to the network interface, and therefore is useful if

FortiWeb will be inline with your network backbone.

Link aggregation on FortiWeb complies with IEEE 802.3ad and distributes Ethernet frames

using a modified round-robin behavior. If a port in the aggregate fails, traffic is redistributed

automatically to the remaining ports with the only noticeable effect being a reduced bandwidth.

When broadcast or multicast traffic is received on a port in the aggregate, reverse traffic will

return on the same port.

When link aggregation uses a round-robin that considers only Layer 2, Ethernet frames that

comprise an HTTP request can sometimes arrive out of order. Because network protocols at

higher layers often do not gracefully handle this (especially TCP, which may decrease network

performance by requesting retransmission when the expected segment does not arrive),

FortiWeb’s frame distribution algorithm is configurable.

For example, if you notice that performance with link aggregation is not as high as you expect,

you could try configuring FortiWeb to queue related frames consistently to the same port by

considering the IP session (Layer 3) and TCP connection (Layer 4), not simply the MAC address

(Layer 2).

You must also configure the router, switch, or other link aggregation control protocol

(LACP)-compatible device at the other end of FortiWeb’s network cables to match, with

identical:

• link speed

• duplex/simplex setting

• ports that can be aggregated

This will allow the two devices to use the cables between those ports to form a trunk, not an

accidental Layer 2 (link) network loop. FortiWeb will use LACP to:

• detect suitable links between itself and the other device, and form a single logical link

• detect individual port failure so that the aggregate can redistribute queuing to avoid a failed

port

To configure a link aggregate interface

1. Go to System > Network > Interface.

To access this part of the web UI, your administrator's account access profile must have

Read and Write permission to items in the Network Configuration category. For details, see

“Permissions” on page 47.

2. Mark the check box next to the 2 or more physical network interfaces associated with the

physical network ports that you want to aggregate into a single logical interface.

Link aggregation is currently supported only when FortiWeb is deployed in reverse proxy mode.

It cannot be applied to VLAN subinterfaces, nor to ports that are used for the HA heartbeat. It is

not supported in FortiWeb-VM.