FortiGate–3700DX fast path architecture
The FortiGate-3700DX features four NP6 processors.The first two NP6 processors (np6_0 and np6_1) can be configured for low latency operation. The low latency configuration changes the FortiGate-3700D fast path architecture. The FortiGate-3700DX also includes two TP2 cards that offload GTPu sessions.
FortiGate–3700DX low latency fast path architecture
Ports 25 to 32 can be used for low latency offloading. As long as traffic enters and exits the FortiGate-3700D through ports connected to the same NP6 processor and using these low latency ports the traffic will be offloaded and have lower latency that other NP6 offloaded traffic. Latency is reduced by bypassing the integrated switch fabric (ISF).
You can use the following command to turn on low latency mode for np6_0 and np6_1:
config system np6 edit np6_0
set low-latency-mode enable next
edit np6_1
set low-latency-mode enable end
You do not have to turn on low latency to both np6_0 and np6_1. If you turn on low latency for just one NP6, the other NP6 will still be mapped according to the normal latency configuration.
With low latency enabled for both np6_0 and np6_1 the FortiGate-3700D has the following fastpath architecture:
l Four SFP+ 10Gb interfaces, port25 to port28, share connections to the first NP6 processor (np6_0) so sessions entering one of these ports and exiting through another will experience low latency
l Four SFP+ 10Gb interfaces, port29 to port32, share connections to the second NP6 processor (np6_1) so sessions entering one of these ports and exiting through another will experience low latency
l Ten SFP+ 10Gb interfaces, port5 to port14, and two 40Gb QSFP interfaces, port1 and port2, share connections to the third NP6 processor (np6_2).
l Ten SFP+ 10Gb interfaces, port15 to port24, and two 40Gb QSFP interfaces, port3 and port4, share connections to the fourth NP6 processor (np6_3).
Integrated Switch Fabric
FortiASIC NP6 np6_0
FortiASIC
|
TP2
AS C
FortiASIC NP6 np6_2
FortiASIC NP6 np6_3
FortiASIC NP6
TP2
np6_1
System Bus
CP8 CP8
CP8 CP8
CP8 CP8
CPU
CP8 CP8
You can use the following get command to display the FortiGate-3700D NP6 configuration. In this output example, the first two NP6s (np6_0 and np6_1) are configured for low latency. The command output shows four NP6s named NP6_0, NP6_1, NP6_2, and NP6_3 and the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port-list command to display this information.
get hardware npu np6 port-list
Chip XAUI Ports Max Cross-chip
Speed offloading
—— —- ——- —– ———- np6_2 0 port5 10G Yes
0 port9 10G Yes
0 port13 10G Yes
1 port6 10G Yes
1 port10 10G Yes
1 port14 10G Yes
2 port7 10G Yes
2 port11 10G Yes
3 port8 10G Yes
3 port12 10G Yes
0-3 port1 40G Yes
0-3 port2 40G Yes
—— —- ——- —– ———- np6_3 0 port15 10G Yes
0 port19 10G Yes
0 port23 10G Yes
1 port16 10G Yes
1 port20 10G Yes
1 port24 10G Yes
2 port17 10G Yes
2 port21 10G Yes
3 port18 10G Yes
3 port22 10G Yes
0-3 port3 40G Yes
0-3 port4 40G Yes
—— —- ——- —– ———- np6_0 0 port26 10G No
1 port25 10G No
2 port28 10G No
3 port27 10G No
—— —- ——- —– ———- np6_1 0 port30 10G No
1 port29 10G No
2 port32 10G No
3 port31 10G No
—— —- ——- —– ———-
FortiGate–3700D normal latency fast path architecture
You can use the following command to turn off low latency mode for np6_0 and np6_1:
config system np6 edit np6_0
set low-latency-mode disable next
edit np6_1
set low-latency-mode disable end
You do not have to turn off low latency to both np6_0 and np6_1. If you turn off low latency to just one NP6, the other NP6 will still be mapped according to the normal con- figuration.
In addition to turning off low latency, entering these commands also changes how ports are mapped to NP6s. Port1 is now mapped to np6_0 and port 3 is not mapped to np6_1. The FortiGate-3700D has the following fastpath architecture:
l One 40Gb QSFP interface, port1, and four SFP+ 10Gb interfaces, port25 to port28 share connections to the first
NP6 processor (np6_0).
l One 40Gb QSFP interface, port3, and four SFP+ 10Gb interfaces, port29 to port32 share connections to the second
NP6 processor (np6_1).
l One 40Gb QSFP interface, port2 and ten SFP+ 10Gb interfaces, port5 to port14 share connections to the third NP6 processor (np6_2).
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
l One 40Gb QSFP interface, port4, and ten SFP+ 10Gb interfaces, port15 to port24 share connections to the fourth
NP6 processor (np6_3).
Integrated Switch Fabric
|
FortiASIC TP2
AS C
FortiASIC NP6 np6_2
FortiASIC NP6 np6_3
FortiASIC NP6 np6_0
FortiASIC NP6 np6_1
TP2
|
System Bus
CP8 CP8
CP8 CP8
CP8 CP8
CPU
CP8 CP8
You can use the following get command to display the FortiGate-3700D NP6 configuration with low latency turned off for np6_0 and np6_1. The command output shows four NP6s named NP6_0, NP6_1, NP6_2, and NP6_3 and the interfaces (ports) connected to each NP6. You can also use the diagnose npu np6 port- list command to display this information.
get hardware npu np6 port-list
Chip XAUI Ports Max Cross-chip
Speed offloading
—— —- ——- —– ———- np6_0 0 port26 10G Yes
1 port25 10G Yes
2 port28 10G Yes
3 port27 10G Yes
0-3 port1 40G Yes
—— —- ——- —– ———- np6_1 0 port30 10G Yes
1 port29 10G Yes
2 port32 10G Yes
3 port31 10G Yes
0-3 port3 40G Yes
—— —- ——- —– ———- np6_2 0 port5 10G Yes
0 port9 10G Yes
0 port13 10G Yes
1 port6 10G Yes
1 port10 10G Yes
1 port14 10G Yes
2 port7 10G Yes
2 port11 10G Yes
3 port8 10G Yes
3 port12 10G Yes
0-3 port2 40G Yes
—— —- ——- —– ———- np6_3 0 port15 10G Yes
0 port19 10G Yes
0 port23 10G Yes
1 port16 10G Yes
1 port20 10G Yes
1 port24 10G Yes
2 port17 10G Yes
2 port21 10G Yes
3 port18 10G Yes
3 port22 10G Yes
0-3 port4 40G Yes
—— —- ——- —– ———-