FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
aabukhshim
Staff
Staff
Description
This article describes the performance expectation for each load balancing algorithms.

Solution
General Information.

IPsec aggregate supports four redundant load-balancing algorithms:

Round-robin: Per packet round-robin distribution.
Redundant: Use first tunnel that is up for all traffic
L3: Use layer 3 address for distribution.
L4: Use layer 4 information for distribution.

Performance expectation per redundant load-balancing algorithms.

- There should be no performance issues with L3, L4 and Redundant algorithms due to the load balancing is done per flow and the packets for the same flow will flow from the source to the destination over the same path/tunnel.
The expected throughput should be as same as if only tunnel is used.


- Round-robin load-balancing and Weighted round robin algorithms are based on per packet load balancing, having the traffic for the same flow distributed over two or more tunnels may results in packets arriving out of order, FortiGate Will not hold and arrange the packets to be in order before forwarding them to the destination, FortiGate will forward the packets in the same order it received them.
The slight delay/latency of the tunnels/paths and/or the congestion that might accrue over one path can cause out of order packets which will affect the over all throughput.



Contributors