Fabric channel layer-2 link aggregation – Fortinet 5003 User Manual

FortiSwitch-5003A and 5003 Fabric and Base Backplane Communications Guide

56

01-30000-85717-20081205

Fabric channel layer-2 link aggregation

FortiGate-5050 fabric backplane communication

Fabric channel layer-2 link aggregation

FortiSwitch-5003A boards support 802.3ad static mode layer-2 link aggregation
and 802.1q VLANs for the fabric channels. You can use these features to
configure link aggregation to distribute traffic to multiple FortiGate-5001A or
5005FA2 boards. Link aggregation configurations also support IPv6 traffic and
traffic with jumbo frames up to 16 kbytes.

You can use link aggregation to increase the bandwidth capacity of a
FortiGate-5000 configuration by distributing network traffic among multiple
FortiGate-5001A or 5005FA2 boards. Adding a new FortiGate-5000 board to a
trunk results in an almost linear increase in performance. Link aggregation is
configured and functions the same way for 1-gigabit and 10-gigabit fabric
backplane networks. You can configure 1-gigabit configurations with FortiGate-
5001A or 5005FA2 boards. You can configure 10-gigabit configurations with
FortiGate-5001A boards combined with FortiGate-RTM-XB2 modules. FortiGate-
RTM-XB2 modules also increase performance by added NP2 acceleration to the
configuration.

You configure link aggregation by adding FortiSwitch-5003A interfaces to a link
aggregation trunk. The FortiSwitch-5003A board uses a hash algorithm based on
source and destination IP addresses to distribute sessions to the interfaces added
to the trunk. Each interface in the trunk usually corresponds to a slot in the chassis
in which a FortiGate-5001A or 5005FA2 board is installed. You can also include
FortiSwitch-5003A front panel interfaces in a trunk and distribute sessions to
FortiGate-5000 boards installed in multiple chassis.

You can add up to 8 interfaces to a trunk to distribute sessions among up to 8
FortiGate-5000 boards. You can also add multiple trunks to a single
FortiSwitch-5003A board. The total number of FortiGate-5000 boards in a trunk is
limited by the amount of bandwidth you are processing and the capacity of the
FortiSwitch-5003A board. Fortinet does not support mixing FortiGate-5001A and
5005FA2 boards in the same trunk.

If you add a FortiGate-5000 board to a trunk, or if you remove a FortiGate-5000
board from a trunk the link aggregation hash algorithm recalculates the session
distribution. If the FortiSwitch-5003A system is processing traffic when you add or
remove a FortiGate-5000 board, after sessions are redistributed the
FortiGate-5000 boards in the trunk will not necessarily continue to process the
same sessions. The same happens if a FortiGate-5000 board in a trunk fails. The
FortiSwitch-5003A system does not maintain a session table, so changes to a
trunk can result in communication being temporarily interrupted. As a result you
should only add or remove FortiGate-5000 boards from a trunk during off-peak
hours.

The FortiGate-5000 boards in a trunk must operate in transparent mode. All the
FortiGate-5000 boards in a trunk are managed separately and all must have the
same configuration. You can use the FortiManager system to maintain the same
configuration on the FortiGate-5000 boards.

Note: The FortiSwitch-5003A board does not support Link Aggregation Control Protocol
(LACP). LACP is also called 802.3ad dynamic mode layer-2 link aggregation.