Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lletourn
New Contributor

LAG/LACP between stacked Fortiswitches

I currently have a fortigate with 2 stacked Fortiswitches (248D).

Each switch is connected using only one port to the other.

 

I have a LAGed NAS on one switch. The LAG uses 4 ports for higher throughput from various networked devices.

 

Before I try it, I was wondering if it was possible to LAG/LACP multiple ports of stacked fortiswitches so that devices on the 2nd switch can gain higher throughput to the NAS on the first switch?

 

Basically I don't want to have 48 devices on the 2nd switch have to go through a single 1Gb/s port to access the NAS.

 

Thank you

10 REPLIES 10
tanr
Valued Contributor II

I'm not yet a user of the FortiSwitches, but have been scanning their documentation recently about this.  For what it's worth, from what I've read:

 

I believe you can have the FortiLink to the managing 5.4.5 FortiGate be LAG.  See http://docs.fortinet.com/uploaded/files/3076/manageFSWfromFGT540.pdf, page 15 for details.  I don't know if FOS 5.4.5 or the current FortiSwitch versions support fully using all the LAG ports together, though, as mentioned in https://forum.fortinet.com/tm.aspx?m=149333

 

From https://forum.fortinet.com/tm.aspx?m=149333  it sounds like LAG for the inter-switch link (ISL) should work.  Per the admin docs, it says that the inter-switch link is "created automatically" once the switches are connected to the FGT by a FortiLink connection.  The FortiSwitch 3.4.0 CLI reference, under "config sys trunk", mentions this obliquely in its definition of "auto-isl" as "Automatically forms an ISL-encapsulated trunk, up to the specified maximum size".

 

BTW, it looks like FortiGates with 5.6.x and newer FortiSwitch versions will have a nice additional option for this called multichassis lag (MCLAG) which may be a simpler solution with more redundancy.  Referenced in http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-managing-fortiswitch/AdditionalConten....  See the mclag-icl field under "config sys trunk".  Not that I'm going to be switching to 5.6.x anytime soon!

lletourn
New Contributor

I had read about the LAG to the fortigate in the doc. But nowhere do they mention LAG support between switches. Neither as being possible or impossible.

 

ISL, from what I understood from the doc, is only used with the last switch of the stack that connects back to the fortigate.

 

I guess the only way to know is to try it and bench it to see if it works. I'm surprised that this is not documented anywhere.

 

 

tanr
Valued Contributor II

I agree, it should be better documented.

 

Please let us know how your tests of this turn out.

lletourn
New Contributor

and MC-LAG is not what I want here.

From what I understand from the way it's described, MC-LAG is used if you have 2 or more switches and you have a server with multiple network cards.

Instead of using LAG/LACP from the server to ONE of the switches to have higher total throughput, you set one of the active server network interfaces on each switch to limit the number of hops (and bottle necks) to get to the server

 

So if I have 2 switches FS-A FS-B and a server S that has 4 network interfaces

if I LAG S[1234] -> FS-A then all devices plugged in all 44 ports on FS-A can share the 4Gb/s trunk (one port is capped at 1Gps but this is fine)

 

if FS-B -> FS-A with a single port, then all 47 devices on FS-B share a SINGLE 1Gbps connection to FS-A so there is a bottleneck for the NAS

 

if I MCLAG S[12] -> FS-A and S[34] -> FS-B then the ports on each switch will share a 2Gps max to the nas

Now, What i want is (and I've done this with other vendors),

S[1234] -> FS-A

FS-B [1234...] -> FS-A

 

All devices on FS-A can share 4Gps and All devices on FS-B can also share the 4Gps to the NAS.

This last option allows for the max utilisation of the ressources.

lletourn

Sorry I posted this answer on the wrong thread, I meant it as an answer to @rgracioli_FTNT,

 

@tanr pretty much summed up my answer too

rgracioli_FTNT

yes, it's possible to use LAG between FSW and FGT, the FGT interface type is configured as "aggregate". For the links between FSW - ISL (Inter Switch Links), it's also possible to have LAG, they are automatically configured once the cable is plugged. 

Rafael Gracioli | Consulting Systems Engineer, ADC and Switching m: +31 6 50 28 72 99 | skype: rgracioli | e: rgracioli@fortinet.com

Carl_Wallmark

Does ISL work between standalone FortiSwitches ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

oheigl

Selective wrote:
Does ISL work between standalone FortiSwitches ?
Would really like to know this too

rgracioli_FTNT

LAG between two FSW can be achieved with MCLAG functionality. See MCLAG under Network Topologies at  http://docs.fortinet.com/d/fortiswitch-devices-managed-by-fortios-5.6 - when FSW is controlled by FGT. 

Rafael Gracioli | Consulting Systems Engineer, ADC and Switching m: +31 6 50 28 72 99 | skype: rgracioli | e: rgracioli@fortinet.com