Active-active cluster packet flow, Nat/route mode packet flow – Fortinet FortiGate 4000 User Manual

High availability

Active-Active cluster packet flow

FortiGate-4000 Installation and Configuration Guide

97

This command has the following results:

• The first connection is processed by the primary unit
• The next three connections are processed by the first subordinate unit
• The next three connections are processed by the second subordinate unit

The subordinate units process more connections than the primary unit, and both
subordinate units, on average, process the same number of connections.

Active-Active cluster packet flow

This section describes packet flow through an active-active HA cluster. The cluster
consists of two FortiGate units (primary and subordinate). Cluster interfaces are
connected using switches.

•

NAT/Route mode packet flow

•

Configuring switches to work with a NAT/Route mode cluster

•

Transparent mode packet flow

Figure 31: Active-active HA packet flow

NAT/Route mode packet flow

In NAT/Route mode, five MAC addresses are involved in active-active communication
between a client and a server if the cluster routes the packets to the subordinate unit
in the cluster:

• Virtual cluster MAC address (MAC_V)
• Client MAC address (MAC_C),
• Server MAC address (MAC_S),
• Subordinate unit internal MAC address (MAC_S_I),
• Subordinate unit external MAC address (MAC_S_E).

Server

Client

Switch 1

Switch 2

HA cluster

Primary Unit

Subordinate Unit