Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

Proximity

Use this command to configure dynamic proximity. Dynamic proximity is used to order DNS lookup results based on the shortest application response time (RTT) for ICMP or TCP probes sent by the local SLB to the DNS resolver that sent the DNS request.

The system caches the RTT results for the period specified by the timeout. When there are subsequent requests from clients that have a source IP address within the same network (as specified by the netmask affinity), the RTT is taken from the results table instead of a new, real-time probe. This reduces response time.

Before you begin:

  • You must have read-write permission for global load balancing settings.

The settings you configure are applied if the dynamic-proximity RTT option is enabled in the virtual server pool configuration.

Syntax

config global-load-balance setting

set proximity-cache-aging-period <integer>

set proximity-cache-mask-length <integer>

set proximity-cache-mask-length6 <integer>

set proximity-detect-interval <integer>

set proximity-detect-protocol {icmp|icmp-and-tcp}

set proximity-detect-retry-count <integer>

end

proximity-cache-aging-period

RTT results are cached. This setting specifies the length of time in seconds for which the RTT cache entry is valid. The default is 86400. The valid range is 60-2,592,000 seconds.

proximity-cache-mask-length

Number of IPv4 netmask bits that define network affinity for the RTT table. The default is 24. For example, if the GLB records an RTT for a client with source IP address 192.168.1.100, the record is stored and applies to all requests from the 192.168.1.0/24 network.

proximity-cache-mask-length6

Number of IPv6 netmask bits that define network affinity for the RTT table. The default is 64.

proximity-detect-interval

Interval between retries if the probe fails. The default is 3. The valid range is 1-3600 seconds.

proximity-detect-protocol

  • icmp
  • icmp-and-tcp

proximity-detect-retry-count

Retry count if the probe fails. The default is 3. The valid range is 1-10 times.

Example

FortiADC-docs # config global-load-balance setting

FortiADC-docs (setting) # get

password : *

proximity-detect-protocol : icmp

proximity-detect-retry-count : 3

proximity-cache-mask-length : 24

proximity-cache-mask-length6 : 64

proximity-detect-interval : 3

proximity-cache-aging-period : 86400

persistence-mask-length : 24

persistence-mask-length6 : 64

persistence-timeout : 60

FortiADC-docs (setting) # set proximity-detect-protocol icmp

FortiADC-docs (setting) # set proximity-detect-retry-count 2

FortiADC-docs (setting) # set proximity-cache-mask-length 24

FortiADC-docs (setting) # set proximity-cache-mask-length6 64

FortiADC-docs (setting) # set proximity-detect-interval 2

FortiADC-docs (setting) # set proximity-cache-aging-period 200

FortiADC-docs (setting) # end

Proximity

Use this command to configure dynamic proximity. Dynamic proximity is used to order DNS lookup results based on the shortest application response time (RTT) for ICMP or TCP probes sent by the local SLB to the DNS resolver that sent the DNS request.

The system caches the RTT results for the period specified by the timeout. When there are subsequent requests from clients that have a source IP address within the same network (as specified by the netmask affinity), the RTT is taken from the results table instead of a new, real-time probe. This reduces response time.

Before you begin:

  • You must have read-write permission for global load balancing settings.

The settings you configure are applied if the dynamic-proximity RTT option is enabled in the virtual server pool configuration.

Syntax

config global-load-balance setting

set proximity-cache-aging-period <integer>

set proximity-cache-mask-length <integer>

set proximity-cache-mask-length6 <integer>

set proximity-detect-interval <integer>

set proximity-detect-protocol {icmp|icmp-and-tcp}

set proximity-detect-retry-count <integer>

end

proximity-cache-aging-period

RTT results are cached. This setting specifies the length of time in seconds for which the RTT cache entry is valid. The default is 86400. The valid range is 60-2,592,000 seconds.

proximity-cache-mask-length

Number of IPv4 netmask bits that define network affinity for the RTT table. The default is 24. For example, if the GLB records an RTT for a client with source IP address 192.168.1.100, the record is stored and applies to all requests from the 192.168.1.0/24 network.

proximity-cache-mask-length6

Number of IPv6 netmask bits that define network affinity for the RTT table. The default is 64.

proximity-detect-interval

Interval between retries if the probe fails. The default is 3. The valid range is 1-3600 seconds.

proximity-detect-protocol

  • icmp
  • icmp-and-tcp

proximity-detect-retry-count

Retry count if the probe fails. The default is 3. The valid range is 1-10 times.

Example

FortiADC-docs # config global-load-balance setting

FortiADC-docs (setting) # get

password : *

proximity-detect-protocol : icmp

proximity-detect-retry-count : 3

proximity-cache-mask-length : 24

proximity-cache-mask-length6 : 64

proximity-detect-interval : 3

proximity-cache-aging-period : 86400

persistence-mask-length : 24

persistence-mask-length6 : 64

persistence-timeout : 60

FortiADC-docs (setting) # set proximity-detect-protocol icmp

FortiADC-docs (setting) # set proximity-detect-retry-count 2

FortiADC-docs (setting) # set proximity-cache-mask-length 24

FortiADC-docs (setting) # set proximity-cache-mask-length6 64

FortiADC-docs (setting) # set proximity-detect-interval 2

FortiADC-docs (setting) # set proximity-cache-aging-period 200

FortiADC-docs (setting) # end