Hello all
We run a 3240C cluster in an active-pasive configuration.
We have four vdoms's in total on the devices, with pretty much the two busiest vdoms in terms of traffic, feeding into np4 0.
Our traffic predictions for next Summer suggest we might start to come close to pushing around 35 Gb's of traffic through our three data centres, so with reasonable load balancing, around 15 gbs of tcp traffic pr cluster.
Going active-active is not an option, so the key question is, even though these firewalls are rated to 40 Gb, will we have enough ceiling to accomodate this traffic level through NP4 0?
Are there any decent commands available to interrogate the NP4's and attempt to work out how hard the are currently working with our current throughput of around 5GB?
Tanks in advance
James
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
To my knowledge, there isn't anything that will report on the utilization of the backplane links to the ASICs. You can get an idea by monitoring the individual port statistics with a network monitoring system and I think that's about as good as it gets.
That 40Gb/s is marketing bs because the 3240C has 2 NP4s. A single NP4 will not be able to handle a full 40G through it. The hardware acceleration guide covers how the ports are mapped to the NPs. https://docs.fortinet.com/uploaded/files/3941/fortigate-hardware-acceleration-56.pdf (page 122) so you can design around that limitation by splitting VDOMs onto ports mapped to a different ASIC as well as running some VDOMs on your passive fortigate. With four VDOMs you could potentially run each one on a dedicated NP4.
Thanks SgtMalicious, I had already looked at the literature and had seen that the NP4 asic is a 20Gb bottleneck potentially.
I suspect that we will have to push through around 15 Gb of traffic through NP4 0.
Question is, how do we check the current performance levels of the asics? Can I run commands to show current traffic levels? I have looked around and cannot seem to find any.
Regards
James
To my knowledge, there isn't anything that will report on the utilization of the backplane links to the ASICs. You can get an idea by monitoring the individual port statistics with a network monitoring system and I think that's about as good as it gets.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1629 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.