Fortigate 100d 802.3ad bonding / Link aggregation

bandwidth bonding fortigate wide-area-network
6,869

Solution 1

I'm going to go with the assumption (rather than asking, like @Shane Madden did) and assume you don't have your own address space and are just using IP addresses assigned by the ISP on both WAN links.

802.3ad is a layer 2 link aggregation protocol. It won't help you at all in the scenario you're describing. 802.3ad would be useful if you had, say, multiple metro-Ethernet terminations from the same ISP, all using the same IP space.

The "load-balancing" functionality built-in to the Fortigate devices assigns TCP connections to a WAN link (through various means-- weights assigned to interfaces, by source address, or by utilization). You're not going to see more than the bandwidth of a single WAN connection utilized for a single TCP connection, but you will see TCP connections spread across both WAN connections. This isn't wholly ineffective if your main concern is utilizing the speed of both interfaces for users accessing web sites (or other Internet resources).

Here's FortiNet's documentation describing the feature in more detail.

If you had your own IP address space, and were peered with your ISPs using BGP, you would be able to send and receive traffic across both WAN connections. (Most small to medium-sized businesses don't have this option, though.)

If your concern is inbound redundancy (like an on-site hosted server being accessible via the same public IP address via both ISPs) then you are going to need to look to getting your own address space and peering with your ISPs. (Typically, you're talking about a whole different level of expense, too, because consumer-grade ISPs don't offer this type of functionality.)

Solution 2

You cannot aggregate this links, but you can configure fortigate for simultaneous usage. This link can help you. You need "Weighted load balance" configuration

Share:
6,869

Related videos on Youtube

Cy.
Author by

Cy.

Updated on September 18, 2022

Comments

  • Cy.
    Cy. almost 2 years

    My network is as follows:

    1 x Fortigate 100d with the two WAN ports connected to:

    1. Ethernet ISP with STATIC IP configured manually (20 Mbps symmetric) via ISP A
    2. Ethernet ISP with STATIC IP configured via DHCP (100 Mbps symmetric) via ISP B

    My question is, can I bond these two WANs to aggregate the link? If so what are the steps to follow?

    • ravi yarlagadda
      ravi yarlagadda almost 10 years
      Your ISPs are assigning you these addresses from IP space that they own, right? You're not speaking BGP to the ISPs?
    • Cy.
      Cy. almost 10 years
      Correct. These are assigned by each ISP.
    • ravi yarlagadda
      ravi yarlagadda almost 10 years
      Does this answer (the 'without BGP' section) apply to your infrastructure?
  • Cy.
    Cy. almost 10 years
    Could you please elaborate which links could I aggregate then?
  • Nik
    Nik almost 10 years
    As written below, aggregation is layer2 feature. you can't aggregate links in different broadcasting domain. that you want to get in the end? aggregation may not be the best way to do this
  • Cy.
    Cy. almost 10 years
    Great answer and totally understood. Thank you as this clarifies all what I had confused in my mind.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Fortinet multiple WAN IP to several ports
Fortigate bandwidth monitoring
fortigate traffic packets not logged
Gauge network traffic for each Citrix session
NIC bonding with two uplinks
Bandwidth sizing for simultaneous RDP sessions
FreeBSD link aggregation no faster than single link
Link Aggregation (Bonding) for bandwidth does not work when Link Aggregation Groups (LAG) set on smart switch
Is there a free (local) network bandwidth limiter software?
How to reliably measure the network bandwidth used by a process