beautypg.com

Fortinet 5003 User Manual

Page 78

background image

FortiSwitch-5003A and 5003 Fabric and Base Backplane Communications Guide

78

01-30000-85717-20081205

Base backplane HA configurations

FortiGate-5140 and 5050 base backplane communication

This list is sorted into hash map order, rather than purely by alphabetical order or
purely by interface number value comparisons. As a result, the list is sorted
primarily alphabetical by interface name (for example, base1 is before port1), then
secondarily by index numbers:

• 1
• 10
• 2 through 8
• 9

Because interface names, and therefore sort order, vary by FortiGate model, the
preferred slot number for single FortiSwitch boards varies by FortiGate model.

For example, a FortiGate-5001SX or FortiGate-5001FA2 board has interfaces
named port1 through port10; port9 and port10 are equally weighted heartbeat
interfaces, connected to the hub/switch slot 1 FortiSwitch and the hub/switch
slot 2 FortiSwitch, respectively. In the Heartbeat Interface list, port1 is first.
However, port10 is not last: due to hash map lookup,port10 is selected after port1
and before port2, not after port9. Failover passes heartbeat communications from
the FortiSwitch board in hub/switch slot 2 to hub/switch lot 1.

There are additional considerations if you create additional heartbeat backup
interfaces connecting FortiGate board interfaces port2 through port8. In this case,
if the FortiSwitch board in hub/switch slot 2 fails or is removed, the FortiGate
cluster could fail over to port2 through port8, and lastly fail over to the interface
connected to the FortiSwitch board in hub/switch slot 1.

Because of this behavior, if you install a single FortiSwitch board in hub/switch
slot 1 with those two models of FortiGate boards, and want to give heartbeat
selection precedence to the base backplane interface, you must set its heartbeat
interface priority to a greater value than the other interfaces. Otherwise, by
default, when priorities are equal, the heartbeat link through the base backplane
interface will be used only in failover, rather than primary, conditions. This is
typically the inverse of intended behavior.

For FortiGate-5001A and FortiGate-5005FA2 boards, the base backplane
interfaces are named base1 and base2. These interface names are always sorted
to the top of the interface list. So for a cluster of these boards, if you have a single
FortiSwitch board it doesn’t matter which slot you install it in because both base
interfaces are sorted to the top of the interface list.

Note: For FortiOS versions 3.0 MR7 and earlier, the FortiGate web-based manager and
CLI list interfaces in sort order.