Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Lucas_Piris
New Contributor

HA with load balance all retransmission

Hi,

 

We have a Fortigate HA with load balance all enabled, and we are monitoring the behavior, and I can see many retransmissions between slave and master, just when the slave unit process the packet, see this picture:

 

Anyone known if this is normal? when we have load balance all enabled?

  

Regars

Lucas

 

12 REPLIES 12
Lucas_Piris

But without the load balance, I do not have any advantage using active-active, right? I do not have this UTM HA.

 

vjoshi wrote:

Hello Lucas,

 

Weird, I expect it to happen, but without any traffic doesn't seem to be correct.

 

I would recommend not to use the load balance all, instead use the virtual cluster for effective load sharing.

 

 

Jan_Scholten
Contributor

A/A still works by load balancing UTM (AV/IPS) stuff to the second Fortigate.

 

Load-Balance all trys to load balance even single TCP sessions to the secondary Fortigate.

The overhead needed for that (New TCP SYN is coming to fgt master, replicate that session over HA link to the secondary FGT ...) is in general more expensive than the acceleration you may gain. 

There may be some corner cases where load balance all makes sense (lots of elephant flows?) but in general: do not do it.

 

If you thought about using HA as "twice the firewalls, twice the performance" you will have a hard time.

There was a concept of independent firewalls(clusters) which synchronize their sessions, but i can't find the paper.

 

 

vjoshi_FTNT
Staff
Staff

Hello Lucas, The real advantage of the a-a HA load balancing can be seen with UTM. If you do not have UTM, then there is no real benefit of load balancing. As Jan said in the previous post, the overhead is more than the load sharing benefit you get out of it. As I mentioned in earlier posts, if you want a real load sharing between the two devices for all the sessions(with and without UTM), virtual clustering which is possible with VDOMs where each VDOM is served by one unit.

 

 

Labels
Top Kudoed Authors