Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config link-load-balance proximity-route

Use this command to configure proximity routes.

The proximity route feature enables you to associate link groups with efficient routes. Proximity routes can improve user experience over the WAN because traffic is routed over fast routes.

You can use either or both of these methods:

  • Dynamic Detection—The system polls the network for efficient routes. The algorithm selects a gateway based on latency. When the bandwidth usage of a gateway reaches 100%, the gateway is considered too busy and is not selected.
  • Static Table—You specify the gateways to use for traffic on destination networks.

If you configure both, the system checks the static table first for a matching route and, if any, uses it. If there is no matching static route, the system uses dynamic detection.

Note: Adding a new static route does not affect existing sessions. Deleting or editing a static route causes the related sessions to be re-created.

Before you begin:

  • You must have knowledge of IP addresses used in outbound network routes to configure a static route.
  • You must have read-write permission for link load balancing settings.

Syntax

config link-load-balance proximity-route

set mode {disable | dynamic-detect-only | static-table-first | static-table-only}

set dynamic-cache-aging-period <integer>

set dynamic-detect-protocol {icmp|icmp-and-tcp}

set dynamic-detect-retry-count <class_ip>

set dynamic-detect-retry-interval <integer>

config static-table

edit <No.>

set type {isp|subnet}

set ip-netmask <ip&netmask>

set isp-name <datasource>

set gateway <datasource>

next

end

next

end

mode

  • disable
  • dynamic-detect-only
  • static-table-first
  • static-table-only

dynamic-cache-aging-period

The default is 86,400 seconds (24 hours).

dynamic-detect-protocol

  • icmp—Use ICMP to detect routes. Calculate proximity by the smaller RTT.
  • icmp-and-tcp—Some hosts do not response ICMP requests. Specify this option to use both ICMP and TCP to detect routes and RTT. For TCP detection, port 7 (TCP echo) is used. A connection refused or connection reset by the destination is treated as successful detection.

dynamic-detect-retry-count

The default is 3.

dynamic-detect-retry-interval

The default is 3.

config static-table

type

Specify the IP and netmask manually or use an ISP address object. Routes that are specified manually have priority over ISP address object entries.

ip-netmask

Destination IP address and netmask.

isp-name

Specify an ISP address book configuration object.

If an address exists in multiple ISP address books, the route entries have priority as follows:

  1. User-defined entries.
  2. Entries from an address book that has been imported.
  3. Entries from the predefined address book (default for the firmware image).

gateway

Specify a gateway configuration object. The gateway must be able to route packets to the destination IP address that you have specified.

Example

FortiADC-VM # config link-load-balance proximity-route

FortiADC-VM (proximity-route) # set mode static-table-first

 

FortiADC-VM (proximity-route) # get

mode : static-table-first

dynamic-detect-protocol: icmp

dynamic-detect-retry-count: 3

dynamic-detect-retry-interval: 3

dynamic-cache-aging-period: 86400

 

FortiADC-VM (proximity-route) # config static-table

FortiADC-VM (static-table) # edit 1

Add new entry '1' for node 687

FortiADC-VM (1) # set gateway 198.51.100.0

FortiADC-VM (1) # set destination 198.51.100.10

FortiADC-VM (1) # end

 

FortiADC-VM (proximity-route) # get

mode : static-table-first

dynamic-detect-protocol: icmp

dynamic-detect-retry-count: 3

dynamic-detect-retry-interval: 3

dynamic-cache-aging-period: 86400

== [ 1 ]

 

FortiADC-VM (proximity-route) # show

config link-load-balance proximity-route

set mode static-table-first

config static-table

edit 1

set destination 198.51.100.10/32

set gateway 198.51.100.0

next

end

end

config link-load-balance proximity-route

Use this command to configure proximity routes.

The proximity route feature enables you to associate link groups with efficient routes. Proximity routes can improve user experience over the WAN because traffic is routed over fast routes.

You can use either or both of these methods:

  • Dynamic Detection—The system polls the network for efficient routes. The algorithm selects a gateway based on latency. When the bandwidth usage of a gateway reaches 100%, the gateway is considered too busy and is not selected.
  • Static Table—You specify the gateways to use for traffic on destination networks.

If you configure both, the system checks the static table first for a matching route and, if any, uses it. If there is no matching static route, the system uses dynamic detection.

Note: Adding a new static route does not affect existing sessions. Deleting or editing a static route causes the related sessions to be re-created.

Before you begin:

  • You must have knowledge of IP addresses used in outbound network routes to configure a static route.
  • You must have read-write permission for link load balancing settings.

Syntax

config link-load-balance proximity-route

set mode {disable | dynamic-detect-only | static-table-first | static-table-only}

set dynamic-cache-aging-period <integer>

set dynamic-detect-protocol {icmp|icmp-and-tcp}

set dynamic-detect-retry-count <class_ip>

set dynamic-detect-retry-interval <integer>

config static-table

edit <No.>

set type {isp|subnet}

set ip-netmask <ip&netmask>

set isp-name <datasource>

set gateway <datasource>

next

end

next

end

mode

  • disable
  • dynamic-detect-only
  • static-table-first
  • static-table-only

dynamic-cache-aging-period

The default is 86,400 seconds (24 hours).

dynamic-detect-protocol

  • icmp—Use ICMP to detect routes. Calculate proximity by the smaller RTT.
  • icmp-and-tcp—Some hosts do not response ICMP requests. Specify this option to use both ICMP and TCP to detect routes and RTT. For TCP detection, port 7 (TCP echo) is used. A connection refused or connection reset by the destination is treated as successful detection.

dynamic-detect-retry-count

The default is 3.

dynamic-detect-retry-interval

The default is 3.

config static-table

type

Specify the IP and netmask manually or use an ISP address object. Routes that are specified manually have priority over ISP address object entries.

ip-netmask

Destination IP address and netmask.

isp-name

Specify an ISP address book configuration object.

If an address exists in multiple ISP address books, the route entries have priority as follows:

  1. User-defined entries.
  2. Entries from an address book that has been imported.
  3. Entries from the predefined address book (default for the firmware image).

gateway

Specify a gateway configuration object. The gateway must be able to route packets to the destination IP address that you have specified.

Example

FortiADC-VM # config link-load-balance proximity-route

FortiADC-VM (proximity-route) # set mode static-table-first

 

FortiADC-VM (proximity-route) # get

mode : static-table-first

dynamic-detect-protocol: icmp

dynamic-detect-retry-count: 3

dynamic-detect-retry-interval: 3

dynamic-cache-aging-period: 86400

 

FortiADC-VM (proximity-route) # config static-table

FortiADC-VM (static-table) # edit 1

Add new entry '1' for node 687

FortiADC-VM (1) # set gateway 198.51.100.0

FortiADC-VM (1) # set destination 198.51.100.10

FortiADC-VM (1) # end

 

FortiADC-VM (proximity-route) # get

mode : static-table-first

dynamic-detect-protocol: icmp

dynamic-detect-retry-count: 3

dynamic-detect-retry-interval: 3

dynamic-cache-aging-period: 86400

== [ 1 ]

 

FortiADC-VM (proximity-route) # show

config link-load-balance proximity-route

set mode static-table-first

config static-table

edit 1

set destination 198.51.100.10/32

set gateway 198.51.100.0

next

end

end