Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config link-load-balance link-group

Use this command to configure link groups.

Link groups include ISP gateways your company uses for outbound traffic. Grouping links reduces the risk of outages and provisions additional bandwidth to relieve potential traffic congestion.

The link group configuration specifies the load balancing algorithm and the gateway routers in the load balancing pool. You can enable LLB options, such as persistence rules and proximity routes.

Before you begin:

  • You must have configured gateway links and persistence rules and before you can select them in the link group configuration.
  • You must have read-write permission for link load balancing settings.

After you have configured a link group configuration object, you can select it in the link policy configuration.

Syntax

config link-load-balance link-group

edit <name>

set addr-type ipv4

set persistence <datasource>

set proximity-route {enable|disable}

set route-method {consistent-hash-ip | least-connection | least-new-cps | least-throughput-all | least-throughput-in | least-throughput-out | spillover-throughput-all | spillover-throughput-in | spillover-throughput-out | wrr>

config link-member

edit <name>

set backup {enable|disable}

set gateway <datasource>

set spillover-priority <integer>

set status {enable|disable}

set weight <integer>

next

end

next

end

addr-type

Only IPv4 is supported.

persistence

Specify a persistence configuration. Optional.

proximity-route

Enable/disable use of proximity routes.

route-method

  • consistent-hash-ip: Selects the gateway link based on a hash of the source IP address.
  • least-connection: Dispatches new connections to the link member with the lowest number of connections.
  • least-new-cps: Dispatches new connections to the link member that has the lowest rate of new connections per second.
  • least-throughput-all: Dispatches new connections to the link member with the least total traffic (that is, inbound plus outbound).
  • least-throughput-in: Dispatches new connections to the link member with the least inbound traffic.
  • least-throughput-out: Dispatches new connections to the link member with the least outbound traffic.
  • spillover-throughput-all: Spillover list based on total traffic (that is, inbound plus outbound).
  • spillover-throughput-in: Spillover list based on inbound traffic.
  • spillover-throughput-out: Dispatches new connections according to the spillover list based on outbound traffic.
  • wrr: Dispatches new connections to link members using a weighted round-robin method. This is the default.

config link member

backup

  • enable—Designate the link as a backup member of the group. All backup members are inactive until all main members are down.
  • disable—Designate the link as a main member of the group.

gateway

Specify a gateway configuration object.

spillover-priority

Assigns a priority to the link when using a spillover load balancing method. Higher values have greater priority. When a spillover method is enabled, the system dispatches new connections to the link that has the greatest spillover priority until its threshold is exceeded; then it dispatches new connections to the link with the next greatest priority until its threshold is exceeded, and so on.

If multiple links in a link group have the same spillover priority, the system dispatches new connections among those links according to round robin.

The default is 0. The valid range is 0-9.

status

  • enable—The member is considered available for new traffic.
  • disable—The member is considered unavailable for new traffic.

weight

Assigns relative preference among members—higher values are more preferred and are assigned connections more frequently. The default is 1. The valid range is 1 to 255.

All load balancing methods consider weight, except spillover, which uses its own priority configuration. Servers are dispatched requests proportional to their weight, relative to the sum of all weights.

The following example shows the effect of weight on WRR:

  • Sever A, Weight 2; Server B, Weight 1: Requests are sent AABAAB.
  • Sever A, Weight 3; Server B, Weight 2: Requests are sent AABAB.

For other methods, weight functions as a tie-breaker. For example, with the Least Connection algorithm, requests are sent to the server with the least connections. If the number of connections is equal, the request is sent to the server with the greater weight. For example:

  • Server A, Weight 1, 1 connection
  • Server B, Weight 2, 1 connection

The next request is sent to Server B.

Example

FortiADC-VM (link-group) # edit llb-link-group

Add new entry 'llb-link-group' for node 618

 

FortiADC-VM (llb-link-group) # get

addr-type : ipv4

route-method : wrr

persistence :

proximity-route : disable

 

FortiADC-VM (llb-link-group) # config link-member

 

FortiADC-VM (link-member) # edit 1

Add new entry '1' for node 624

 

FortiADC-VM (1) # get

gateway :

weight : 1

spillover-priority : 0

status : enable

 

FortiADC-VM (1) # set gateway llb-gateway

FortiADC-VM (1) # end

config link-load-balance link-group

Use this command to configure link groups.

Link groups include ISP gateways your company uses for outbound traffic. Grouping links reduces the risk of outages and provisions additional bandwidth to relieve potential traffic congestion.

The link group configuration specifies the load balancing algorithm and the gateway routers in the load balancing pool. You can enable LLB options, such as persistence rules and proximity routes.

Before you begin:

  • You must have configured gateway links and persistence rules and before you can select them in the link group configuration.
  • You must have read-write permission for link load balancing settings.

After you have configured a link group configuration object, you can select it in the link policy configuration.

Syntax

config link-load-balance link-group

edit <name>

set addr-type ipv4

set persistence <datasource>

set proximity-route {enable|disable}

set route-method {consistent-hash-ip | least-connection | least-new-cps | least-throughput-all | least-throughput-in | least-throughput-out | spillover-throughput-all | spillover-throughput-in | spillover-throughput-out | wrr>

config link-member

edit <name>

set backup {enable|disable}

set gateway <datasource>

set spillover-priority <integer>

set status {enable|disable}

set weight <integer>

next

end

next

end

addr-type

Only IPv4 is supported.

persistence

Specify a persistence configuration. Optional.

proximity-route

Enable/disable use of proximity routes.

route-method

  • consistent-hash-ip: Selects the gateway link based on a hash of the source IP address.
  • least-connection: Dispatches new connections to the link member with the lowest number of connections.
  • least-new-cps: Dispatches new connections to the link member that has the lowest rate of new connections per second.
  • least-throughput-all: Dispatches new connections to the link member with the least total traffic (that is, inbound plus outbound).
  • least-throughput-in: Dispatches new connections to the link member with the least inbound traffic.
  • least-throughput-out: Dispatches new connections to the link member with the least outbound traffic.
  • spillover-throughput-all: Spillover list based on total traffic (that is, inbound plus outbound).
  • spillover-throughput-in: Spillover list based on inbound traffic.
  • spillover-throughput-out: Dispatches new connections according to the spillover list based on outbound traffic.
  • wrr: Dispatches new connections to link members using a weighted round-robin method. This is the default.

config link member

backup

  • enable—Designate the link as a backup member of the group. All backup members are inactive until all main members are down.
  • disable—Designate the link as a main member of the group.

gateway

Specify a gateway configuration object.

spillover-priority

Assigns a priority to the link when using a spillover load balancing method. Higher values have greater priority. When a spillover method is enabled, the system dispatches new connections to the link that has the greatest spillover priority until its threshold is exceeded; then it dispatches new connections to the link with the next greatest priority until its threshold is exceeded, and so on.

If multiple links in a link group have the same spillover priority, the system dispatches new connections among those links according to round robin.

The default is 0. The valid range is 0-9.

status

  • enable—The member is considered available for new traffic.
  • disable—The member is considered unavailable for new traffic.

weight

Assigns relative preference among members—higher values are more preferred and are assigned connections more frequently. The default is 1. The valid range is 1 to 255.

All load balancing methods consider weight, except spillover, which uses its own priority configuration. Servers are dispatched requests proportional to their weight, relative to the sum of all weights.

The following example shows the effect of weight on WRR:

  • Sever A, Weight 2; Server B, Weight 1: Requests are sent AABAAB.
  • Sever A, Weight 3; Server B, Weight 2: Requests are sent AABAB.

For other methods, weight functions as a tie-breaker. For example, with the Least Connection algorithm, requests are sent to the server with the least connections. If the number of connections is equal, the request is sent to the server with the greater weight. For example:

  • Server A, Weight 1, 1 connection
  • Server B, Weight 2, 1 connection

The next request is sent to Server B.

Example

FortiADC-VM (link-group) # edit llb-link-group

Add new entry 'llb-link-group' for node 618

 

FortiADC-VM (llb-link-group) # get

addr-type : ipv4

route-method : wrr

persistence :

proximity-route : disable

 

FortiADC-VM (llb-link-group) # config link-member

 

FortiADC-VM (link-member) # edit 1

Add new entry '1' for node 624

 

FortiADC-VM (1) # get

gateway :

weight : 1

spillover-priority : 0

status : enable

 

FortiADC-VM (1) # set gateway llb-gateway

FortiADC-VM (1) # end