Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sims
New Contributor III

fortigate design

Hi,

 

I am considering the following configuration: implementing OSPF between the core and FortiGate. However, the core switches lack support for multihoming, featuring only a layer 3 connection. In the current topology, there is no aggregation on either the FortiGate or the switch sides. I am exploring the possibility of aggregation on the switch sides and also wondering if there is an option to use aggregate interfaces in FortiGate (excluding LACP). I would like to understand the pros and cons of such a setup. Thank you.

forigate design1.JPG

5 REPLIES 5
AEK
SuperUser
SuperUser

Hello

As per my knowledge there is no other choice for aggregation between FG and Core except LACP.

But since you are connected to both core switches and use OSPF, this is already a good redundant design, so LACP  os optional here.

Also you can enhance the resiliency speed on FG HA failover by enabling the graceful restart feature. This will allow almost zero second OSPF downtime.

AEK
AEK
sims
New Contributor III

Hi,

What if the below topology ?  Here  i have added aggregation  at switch level .

forigate design2.JPGPlease advise ?

 

 

 

 

Toshi_Esumi

Don't see any added benefit. Just only one of two legs is active. You can test it though which would be faster for OSFP to change the topology.

Toshi

AEK
SuperUser
SuperUser

Hello

I'm not sure if the suggested LACP with A-P HA FG is correct.

What if you make gi0/1 & gi0/2 as L2 interfaces in the same VLAN, and assign the IP (172.16.10.4) to the interface VLAN.

I mean simply like that:

interface vlan 10
ip address 172.16.10.4/30

interface range gi0/1-2
switch port mode access
switchport access vlan 10

Then it is the interface VLAN who will participate to OSPF.

The real challenge is how to have a minimum time for OSPF convergence after FG failover.

So I think this design combined with graceful restart feature it should give you almost zero second downtime.

AEK
AEK
sims
New Contributor III

Hi ,

As mentioned in the document does it require a helper router 

https://docs.fortinet.com/document/fortigate/7.2.0/new-features/409099/ospf-graceful-restart-on-topo...

Thanks

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors