Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config link-load-balance virtual-tunnel

Use this command to configure virtual tunnels.

Virtual tunnels enable reliable, site-to-site connectivity using Generic Routing Encapsulation (GRE) to tunnel traffic between pairs of FortiADC appliances.

The virtual tunnel group configuration sets the list of tunnel members, as well as load balancing options like algorithm and weight.

When you add members to a virtual tunnel configuration, you specify a local and remote IP address. These addresses are IP addresses assigned to a network interface on the local and remote FortiADC appliance.

Before you begin:

  • You must have read-write permission for link load balance settings.

After you have configured a virtual tunnel configuration object, you can select it in the link policy configuration.

Syntax

config link-load-balance virtual-tunnel

edit <name>

set dispatch-method {vt-wrr|vt-chash}

config vt-member

edit <name>

set health-check-ctrl {enable|disable}

set status {enable|disable}

set tunnel-local-addr <class_ip>

set tunnel-remote-addr <class_ip>

set weight <integer>

next

end

next

end

dispatch-method

  • vt-wrr: Dispatches packets to VT members using a weighted round-robin method.
  • vt-chash: Dispatches packets by source-destination IP address tuple.

backup

  • enable—Designate the tunnel as a backup member of the group. All backup members are inactive until all main members are down.
  • disable—Designate the tunnel as a main member of the group.

health-check-ctrl

  • enable—Send probes to test whether the link is available.
  • disable—Do not send probes to test the health of the link.

status

  • enable—The member is considered available for new traffic.
  • disable—The member is considered unavailable for new traffic.

tunnel-local-addr

IP address for the network interface this system uses to form a VPN tunnel with the remote system.

tunnel-remote-addr

IP address that the remote FortiADC system uses to form a VPN tunnel with this system.

weight

Assigns relative preference among members—higher values are more preferred and are assigned connections more frequently.

Example

FortiADC-VM # config link-load-balance virtual-tunnel

FortiADC-VM (virtual-tunnel) # edit llb-vt

Add new entry 'llb-vt' for node 222

 

FortiADC-VM (llb-vt) # get

dispatch-method : vt-wrr

 

FortiADC-VM (llb-vt) # config vt-member

FortiADC-VM (vt-member) # edit vt-member-1

Add new entry 'vt-member-1' for node 225

 

FortiADC-VM (vt-member-1) # get

tunnel-local-addr : 0.0.0.0

tunnel-remote-addr : 0.0.0.0

weight : 1

status : enable

health-check-ctrl : disable

 

FortiADC-VM (vt-member-1) # set health-check-ctrl enable

FortiADC-VM (vt-member-1) # set tunnel-local-addr 192.0.2.10

FortiADC-VM (vt-member-1) # set tunnel-remote-addr 198.51.100.10

FortiADC-VM (vt-member-1) # end

 

FortiADC-VM (llb-vt) # get

dispatch-method : vt-wrr

== [ vt-member-1 ]

 

FortiADC-VM (llb-vt) # show

config link-load-balance virtual-tunnel

edit "llb-vt"

config vt-member

edit "vt-member-1"

set tunnel-local-addr 192.0.2.10

set tunnel-remote-addr 198.51.100.10

set health-check-ctrl enable

next

end

next

end

 

config link-load-balance virtual-tunnel

Use this command to configure virtual tunnels.

Virtual tunnels enable reliable, site-to-site connectivity using Generic Routing Encapsulation (GRE) to tunnel traffic between pairs of FortiADC appliances.

The virtual tunnel group configuration sets the list of tunnel members, as well as load balancing options like algorithm and weight.

When you add members to a virtual tunnel configuration, you specify a local and remote IP address. These addresses are IP addresses assigned to a network interface on the local and remote FortiADC appliance.

Before you begin:

  • You must have read-write permission for link load balance settings.

After you have configured a virtual tunnel configuration object, you can select it in the link policy configuration.

Syntax

config link-load-balance virtual-tunnel

edit <name>

set dispatch-method {vt-wrr|vt-chash}

config vt-member

edit <name>

set health-check-ctrl {enable|disable}

set status {enable|disable}

set tunnel-local-addr <class_ip>

set tunnel-remote-addr <class_ip>

set weight <integer>

next

end

next

end

dispatch-method

  • vt-wrr: Dispatches packets to VT members using a weighted round-robin method.
  • vt-chash: Dispatches packets by source-destination IP address tuple.

backup

  • enable—Designate the tunnel as a backup member of the group. All backup members are inactive until all main members are down.
  • disable—Designate the tunnel as a main member of the group.

health-check-ctrl

  • enable—Send probes to test whether the link is available.
  • disable—Do not send probes to test the health of the link.

status

  • enable—The member is considered available for new traffic.
  • disable—The member is considered unavailable for new traffic.

tunnel-local-addr

IP address for the network interface this system uses to form a VPN tunnel with the remote system.

tunnel-remote-addr

IP address that the remote FortiADC system uses to form a VPN tunnel with this system.

weight

Assigns relative preference among members—higher values are more preferred and are assigned connections more frequently.

Example

FortiADC-VM # config link-load-balance virtual-tunnel

FortiADC-VM (virtual-tunnel) # edit llb-vt

Add new entry 'llb-vt' for node 222

 

FortiADC-VM (llb-vt) # get

dispatch-method : vt-wrr

 

FortiADC-VM (llb-vt) # config vt-member

FortiADC-VM (vt-member) # edit vt-member-1

Add new entry 'vt-member-1' for node 225

 

FortiADC-VM (vt-member-1) # get

tunnel-local-addr : 0.0.0.0

tunnel-remote-addr : 0.0.0.0

weight : 1

status : enable

health-check-ctrl : disable

 

FortiADC-VM (vt-member-1) # set health-check-ctrl enable

FortiADC-VM (vt-member-1) # set tunnel-local-addr 192.0.2.10

FortiADC-VM (vt-member-1) # set tunnel-remote-addr 198.51.100.10

FortiADC-VM (vt-member-1) # end

 

FortiADC-VM (llb-vt) # get

dispatch-method : vt-wrr

== [ vt-member-1 ]

 

FortiADC-VM (llb-vt) # show

config link-load-balance virtual-tunnel

edit "llb-vt"

config vt-member

edit "vt-member-1"

set tunnel-local-addr 192.0.2.10

set tunnel-remote-addr 198.51.100.10

set health-check-ctrl enable

next

end

next

end