- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
fortigate design
Hi,
I am considering the following configuration: implementing OSPF between the core and FortiGate. However, the core switches lack support for multihoming, featuring only a layer 3 connection. In the current topology, there is no aggregation on either the FortiGate or the switch sides. I am exploring the possibility of aggregation on the switch sides and also wondering if there is an option to use aggregate interfaces in FortiGate (excluding LACP). I would like to understand the pros and cons of such a setup. Thank you.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
As per my knowledge there is no other choice for aggregation between FG and Core except LACP.
But since you are connected to both core switches and use OSPF, this is already a good redundant design, so LACP os optional here.
Also you can enhance the resiliency speed on FG HA failover by enabling the graceful restart feature. This will allow almost zero second OSPF downtime.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
What if the below topology ? Here i have added aggregation at switch level .
Please advise ?
Created on 01-05-2024 10:01 AM Edited on 01-05-2024 10:09 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Don't see any added benefit. Just only one of two legs is active. You can test it though which would be faster for OSFP to change the topology.
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
I'm not sure if the suggested LACP with A-P HA FG is correct.
What if you make gi0/1 & gi0/2 as L2 interfaces in the same VLAN, and assign the IP (172.16.10.4) to the interface VLAN.
I mean simply like that:
interface vlan 10
ip address 172.16.10.4/30
interface range gi0/1-2
switch port mode access
switchport access vlan 10
Then it is the interface VLAN who will participate to OSPF.
The real challenge is how to have a minimum time for OSPF convergence after FG failover.
So I think this design combined with graceful restart feature it should give you almost zero second downtime.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ,
As mentioned in the document does it require a helper router
Thanks