FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
anakamura
Staff
Staff
Description
Based on the hash value calculation, check which physical port will be used within a LAG.

Note.
This command will show the port which is selected by software hash calculation, while different port can be actually used which is selected by NP6 on any NP6 platforms.

Solution
Verify which port will be used in LACP LAG.
diagnose netlink aggregate port <aggregate-interface>
[ src-mac <mac-addr> ] [ dst-mac <mac-addr> ]
or
[ src-ip <IPv4-addr> ] [ dst-ip <IPv4-addr> ] [ proto <IP-protocol> ] [ src-port <TCP/UDP port> ] [ dst-port <TCP/UDP port> ] [ vlan-id <VLAN-Id> ] [ spi <IPsec-SPI> ] [ frag (offset|flag) ]


Example for L4 hash (default)

(root) # diag netlink aggre port agg2 src-ip 1.2.3.4 dst-ip 5.6.7.8 proto 6 src-port 64123 dst-port 64124
 > port port4
(root) # diag netlink aggre port agg2 src-ip 1.2.3.4 dst-ip 5.6.7.8 proto 6 src-port 64120 dst-port 64125
> port port2


Example for L3 hash

(root) # diag netlink aggre port agg2 src-ip 1.2.3.4 dst-ip 5.6.7.8
 > port port2
diag netlink aggre port agg2 src-ip 1.2.3.4 dst-ip 5.6.7.9
 > port port4


Example for L2 hash

(root) # diag netlink aggre port agg2 src-mac 00:10:10:20:30:40 dst-mac 00:50:56:57:58:59
 > port port4
(root) # diag netlink aggre port agg2 src-mac 00:10:10:20:30:40 dst-mac 00:50:56:57:58:60
 > port port2

Related Articles

Technical Tip: Initial troubleshooting steps for LACP (Link Aggregation - 802.3ad)

Contributors