Link aggregation
You can configure a network interface that is the bundle of several physical links via either the web UI or the CLI.
Link aggregation (also called NIC teaming/bonding or link bundling) forms a network interface that queues and transmits over multiple wires (also called a port channel), instead of only a single wire (as FortiWeb would normally do with a single network interface per physical port). This multiplies the bandwidth that is available to the network interface, and therefore is useful if FortiWeb will be inline with your network backbone.
Link aggregation on FortiWeb complies with
IEEE 802.3ad and distributes Ethernet frames using a modified round-robin behavior. If a port in the aggregate fails, traffic is redistributed automatically to the remaining ports with the only noticeable effect being a reduced bandwidth. When broadcast or multicast traffic is received on a port in the aggregate, reverse traffic will return on the same port.
When link aggregation uses a round-robin that considers only Layer 2, Ethernet frames that comprise an HTTP request can sometimes arrive out of order. Because network protocols at higher layers often do not gracefully handle this (especially TCP, which may decrease network performance by requesting retransmission when the expected segment does not arrive), FortiWeb’s frame distribution algorithm is configurable.
For example, if you notice that performance with link aggregation is not as high as you expect, you could try configuring FortiWeb to queue related frames consistently to the same port by considering the IP session (Layer 3) and TCP connection (Layer 4), not simply the MAC address (Layer 2).
You must also configure the router, switch, or other link aggregation control protocol (LACP)-compatible device at the other end of FortiWeb’s network cables to match, with identical:
• link speed
• duplex/simplex setting
• ports that can be aggregated
This will allow the two devices to use the cables between those ports to form a trunk, not an accidental Layer 2 (link) network loop. FortiWeb will use LACP to:
• detect suitable links between itself and the other device, and form a single logical link
• detect individual port failure so that the aggregate can redistribute queuing to avoid a failed port
To configure a link aggregate interface
1. Go to System > Network > Interface.
To access this part of the web UI, your administrator's account access profile must have
Read and
Write permission to items in the
Network Configuration category. For details, see
“Permissions”.
2. Mark the check box next to the 2 or more physical network interfaces associated with the physical network ports that you want to aggregate into a single logical interface.
3. Click Create New.
A dialog appears.
4. Configure these settings:
Setting name | | Description |
Name | Type the name (such as agg) of this logical interface that can be referenced by other parts of the configuration. Do not use spaces or special characters. The maximum length is 15 characters. Tip: The name cannot be changed once you save the entry. For a workaround, see “Renaming entries”. |
Type | Select 802.3ad Aggregate. |
Lacp-rate | Select the rate of transmission for the LACP frames (LACPUs) between FortiWeb and the peer device at the other end of the trunking cables, either: • SLOW — Every 30 seconds. • FAST — Every 1 second. Note: This must match the setting on the other device. If the rates do not match, FortiWeb or the other device could mistakenly believe that the other’s ports have failed, effectively disabling ports in the trunk. |
Algorithm | Select the connectivity layers that will be considered when distributing frames among the aggregated physical ports. • layer2 — Consider only the MAC address. This results in the most even distribution of frames, but may be disruptive to TCP if packets frequently arrive out of order. • layer2_3 — Consider both the MAC address and IP session. Queue frames involving the same session to the same port. This results in slightly less even distribution, and still does not guarantee perfectly ordered TCP sessions, but does result in less jitter within the session. • layer3_4 — Consider both the IP session and TCP connection. Queue frames involving the same session and connection to the same port. Distribution is not even, but this does prevent TCP retransmissions associated with link aggregation. |
IP/Netmask | Type the IP address/subnet mask associated with the aggregate. The IP address must be on the same subnet as the network to which the interface connects. Two network interfaces cannot have IP addresses on the same subnet. |
5. Click OK.
Your new aggregate appears in the list of network interfaces.
To configure an IPv4link aggregate via the CLI
1. Enter the following commands:
config system interface
edit "aggregate"
set type agg
set status up
set intf <port_name> <port_name>
set algorithm {layer2 | layer2_3 | layer3_4}
set lacp-speed {fast | slow}
set ip <address_ipv4> <netmask_ipv4mask>
next
end
where:
• <port_name> is the name of a physical network interface, such as port3
• <address_ipv4> is the IP address assigned to the network interface
• <netmask_ipv4mask> is its netmask in dotted decimal format
• {layer2 | layer2_3 | layer3_4} is a choice between the connectivity layers that will be considered when distributing frames among the aggregated physical ports.
• {fast | slow} is a choice of the rate of transmission for the LACP frames (LACPUs) between FortiWeb and the peer device at the other end of the trunking cables; this must match the LACP peer
See also