beautypg.com

Fortinet 5003 User Manual

Page 60

background image

FortiSwitch-5003A and 5003 Fabric and Base Backplane Communications Guide

60

01-30000-85717-20081205

Example active-passive redundant link configuration

FortiGate-5050 fabric backplane communication

• For an active-active configuration, you create two or more spanning tree

instances on all three devices and give some instances a higher priority on one
FortiSwitch-5003A board and give other instances a higher on the other
FortiSwitch-5003A board. While both FortiSwitch-5003A boards are operating,
the spanning tree configuration distributes traffic to both boards. If one of the
FortiSwitch-5003A boards fails, spanning tree redirects all of the traffic to the
board that is still operating.

In both active-passive or active-active configurations, if one of the
FortiSwitch-5003A boards fails, sessions are temporarily interrupted because the
FortiSwitch-5003A boards do not store session information.

Example active-passive redundant link configuration

Figure 22

shows an example redundant link aggregation configuration. In this

configuration an external switch is connected to two FortiSwitch-5003A front panel
F5 interfaces. The switch adds VLAN tags to traffic from the internal and external
networks. Packets from the internal network are tagged as 100 and packets from
the external network are tagged as 101.

To make this an active-passive configuration, the spanning tree instances on the
FortiSwitch-5003A board in slot 1 should have a higher priority than the spanning
tree instances on the FortiSwitch-5003A board in slot 2. The FortiSwitch-5003A
board in slot 1 becomes the root for both spanning tree instances. Because of the
priority settings, MSTP sends all packets to the FortiSwitch-5003A board in slot 1.
If this board fails, MSTP re-directs all packets to the FortiSwitch-5003A board in
slot 2.

For a given spanning tree instance, MSTP directs packets to the device with the
lowest priority value. To give a spanning tree instance a higher priority on a device
you must configure the instance on that device with a lower priority value. The
lower priority value gives the device a higher spanning tree priority for a given
spanning tree instance.

In this example the spanning tree priority values on the FortiSwitch-5003A board
in slot 1 are both set to 4096 and the spanning tree priority values on the
FortiSwitch-5003A board in slot 2 are both set to 40960. Spanning tree directs all
traffic to the FortiSwitch-5003A board in slot 1.

All of the FortiGate-5001A boards must be operating in transparent mode and all
must have the same configuration. In this redundant configuration, traffic can be
re-directed from one fabric channel to another after a FortiSwitch-5003A fails or if
you change the MSTP configuration. To make sure the FortiGate-5001A boards
can continue to process traffic after a failure or NSTP configuration change you
must add redundant configurations to both fabric interfaces. This means adding 2
VLAN interfaces to each fabric interface (one for each VLAN tag) and configuring
duplicate firewall policies and routing for both sets of VLAN interfaces.

Note: If you have more than one spanning tree instance you can still configure an
active-passive configuration by setting the priorities of all spanning tree instances to be
higher for the same FortiSwitch-5003A board.