FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akumarr
Staff
Staff
Description
This article describes how Round-robin virtual server load balancing method is working.


Solution
In this example, one virtual server and three real servers behind the FortiGate are present.





How Round Robin works.

Directs new requests to the next real server, and treats all real servers as equals regardless of response time or number of connections.
Dead real servers or non-responsive real servers are avoided.

In a nutshell, round -robin network load balancing rotates connection requests among web servers in the order that requests are received.

Example.

- The first request is sent to Server A.
- The second request is sent to Server B.
- The third request is sent to Server C.

The load balancer continues passing requests to servers based on this order.
This ensures that the server load is distributed evenly to handle high traffic

Check the below mentioned Image and CLI output, there is a client and IP of the client is 30.0.0.15 which is trying to access the Virtual server(30.0.0.10).
For the first time the request is forwarded to the 1st real server and for 2nd and 3rd request it is forwarded to 2nd and 3rd real server.






2020-07-31 14:22:33.653877 port2 in 30.0.0.15.3926 -> 30.0.0.10.8080: syn 3023652026
2020-07-31 14:22:33.654433 port2 in 30.0.0.15.3927 -> 30.0.0.10.8080: syn 942030066
2020-07-31 14:22:33.654485 port1 out 192.168.0.109.64343 -> 192.168.0.110.8080: syn 942030066
Since the NAT is enabled the traffic takes 192.168.0.109 as soure(FGT IP)

For the second request:




CLI output for second request:
2020-07-31 14:31:00.096693 port2 in 30.0.0.15.7312 -> 30.0.0.10.8080: syn 4010913671
2020-07-31 14:31:00.096733 port1 out 192.168.0.109.7312 -> 192.168.0.113.8080: syn 4010913671
2020-07-31 14:31:00.097002 port1 in 192.168.0.113.8080 -> 192.168.0.109.7312: syn 792406658 ack 4010913672
2020-07-31 14:31:00.097012 port2 out 30.0.0.10.8080 -> 30.0.0.15.7312: syn 792406658 ack 4010913672
2020-07-31 14:31:00.097196 port2 in 30.0.0.15.7312 -> 30.0.0.10.8080: ack 792406659
2020-07-31 14:31:00.097203 port1 out 192.168.0.109.7312 -> 192.168.0.113.8080: ack 792406659
For the Third request:





CLI output:
2020-07-31 14:40:24.000258 port2 in 30.0.0.15.3235 -> 30.0.0.10.8080: syn 1564530690
2020-07-31 14:40:24.000301 port1 out 192.168.0.109.63651 -> 192.168.0.105.8080: syn 1564530690
2020-07-31 14:40:24.114182 port1 in 192.168.0.105.8080 -> 192.168.0.109.63651: syn 1559141411 ack 1564530691

Contributors