Link Load Balancing – FortiBalancer

Leave a reply

13.3.3 Inbound LLB Configuration

In this implementation example, a single FortiBalancer appliance will be configured to load balance inbound traffic.

13.3.3.1 Configuration Guidelines

 

Figure 13-3 Inbound LLB

Table 13-4 General Settings of Inbound LLB

Operation Command
Configure interface IP address ip address {system_ifname|mnet_ifname|vlan_ifname|bond_ifname} <ip_address> {netmask|prefix}
Configure MNET mnet {system_ifname|bond_ifname} <user_interface_name>
Configure LLB health check llb link route <link_name> <route_ip> [weight] [hc_srcip]

[bandwidth_threshold] llb link health {on|off}

Configure SLB slb real http <real_name> <ip> [port] [max_conn]

[http|tcp|icmp|script-tcp|script-udp|sip-tcp|sip-udp|dns] [hc_up] [hc_down] slb virtual http <virtual_name> <vip> [vport] [arp|noarp] [max_conn] slb policy static <virtual_name> <real_name>
Configure LLB

DNS host and TTL

 llb dns host <host_name> <ip> [weight] [port] [link_name] llb dns ttl <host_name> [seconds]
Configure load balancing method llb method inbound {rr|wrr|proximity}
Enable IPflow and RTS ip ipflow {on|off} ip rts {on|off}

13.3.3.2 Configuration Example via the CLI

Follow these steps to configure Inbound Link Load Balancing with a single FortiBalancer appliance.

  • Step 1 Configure interface IP addresses

The Port1 interface IP will have an address from ISP1’s address range. In order to assign an additional IP address on the Port1 interface, you must define and configure a multi-netted virtual interface (MNET). You will create an MNET named “outside_isp2” and assign it an IP address from ISP2’s address range.

FortiBalancer(config)#ip address port1 100.10.1.2 255.255.255.0

FortiBalancer(config)#mnet port1 outside_isp2

FortiBalancer(config)#ip address outside_isp2 200.20.1.2 255.255.255.0

Then, configure the IP address of the Port2 interface.

FortiBalancer(config)#ip address port2 192.168.1.1 255.255.255.0

  • Step 2 Configure LLB health checks

ISP link health checks are performed to ensure that the WAN link between the local router and the ISP router is up. This health check uses ICMP Ping to test connectivity.

Perform health check on an interface on the other side of ISP1’s WAN router:

FortiBalancer(config)#llb link route ISP1 100.10.1.1 1 100.10.1.2

Perform health check on an interface on the other side of ISP2’s WAN router:

FortiBalancer(config)#llb link route ISP2 200.20.1.1 2 200.20.1.2

Enter the following command to enable link health check:

FortiBalancer(config)#llb link health on

  • Step 3 Configure Server Load Balance

FortiBalancer(config)#slb virtual http vip1 100.10.1.10 FortiBalancer(config)#slb virtual http vip2 200.20.1.10

FortiBalancer(config)#slb real http server1192.168.1.100

FortiBalancer(config)#slb policy static vip1 server1

FortiBalancer(config)#slb policy static vip2 server1

  • Step 4 Configure LLB DNS host and TTL for inbound

FortiBalancer(config)#llb dns host llb.fortinet.com 100.10.1.10 2

FortiBalancer(config)#llb dns host llb.fortinet.com 200.20.1.10 1

FortiBalancer(config)#llb dns ttl llb.fortinet.com 60

  • Step 5 Configure inbound load balancing method

FortiBalancer(config)#llb method inbound wrr

Note: To use the “proximity” method for inbound load balancing, please first make configurations about “ip eroute”.

  • Step 6 Other required configuration

Execute the following command to ensure that packets from the same connection will be directed to the same link by using the same NAT rule. By default, the IPflow function is disabled.

FortiBalancer(config)#ip ipflow on

RTS should be turned on by executing the following command to ensure that a response packet

(e.g. ICMP response) will be directed to the link from which its corresponding request packet (e.g. ICMP request) is sent. By default, the RTS function is disabled.

FortiBalancer(config)#ip rts on

Pages: 1 2 3

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.