advertisement
Chapter 5: Link Load Balancing Configuring persistence rules
Settings
Health Check
List
Inbound
Bandwidth
Outbound
Bandwidth
Guidelines
Select one or more health check configuration objects.
Maximum bandwidth rate for inbound traffic through this gateway link.
Maximum bandwidth rate for outbound traffic to this gateway link. If traffic exceeds this threshold, the FortiADC system considers the gateway to be full and does not dispatch new connections to it.
The default is 2,000,000 Kbps. The valid range is 1 to 2,147,483,647.
We recommend you tune bandwidth thresholds strategically, using the bandwidth rate and price structure agreement you have with your ISP to your advantage.
Maximum inbound bandwidth rate for a link in a spillover load balancing pool.
Inbound
Spillover
Threshold
Outbound
Spillover
Threshold
Total Spillover
Threshold
Maximum outbound bandwidth rate for a link in a spillover load balancing pool.
If you enable spillover load balancing in the link group configuration, the system maintains a spillover list. It dispatches new connections to the link with the greatest priority until its spillover threshold is exceeded; then dispatches new connections to the link with the next greatest priority until its threshold is exceeded, and so on.
The default is 2,000,000 Kbps. The valid range is 1 to 2,147,483,647.
Maximum total bandwidth rate (inbound plus outbound) for a link in a spillover load balancing pool.
Configuring persistence rules
Persistence rules identify traffic that should be ignored by load balancing rules and instead be forwarded to the same gateway each time the traffic traverses the FortiADC appliance.
You should use persistence rules with applications that use a secure connection. Such applications drop connections when the server detects a change in a client’s source IP address.
describes the types of persistence rules you can configure.
Table 30: Persistence rules used in link load balancing
Persistence Description
Source-Destination Pair Packets with the same source IP address and destination IP address take same outgoing gateway.
154 FortiADC D-Series Handbook
Fortinet Technologies, Inc.
Configuring persistence rules Chapter 5: Link Load Balancing
Persistence
Source-Destination
Address
Source Address
Destination Address
Description
Packets with a source IP address and destination IP address that belong to the same subnet take the same outgoing gateway.
Packets with a source IP address that belongs to the same subnet take the same outgoing gateway.
Packets with a destination IP address that belongs to the same subnet take same outgoing gateway.
Before you begin: l l l
You must have an awareness of the types of outbound traffic from your network. Persistence rules are useful for traffic that requires an established session, such as secure connections (HTTPS and SSH, for example).
You must have knowledge of the source and/or destination subnets to which the persistence rules should apply.
You must have Read-Write permission for Link Load Balance settings.
You can use persistence rules in link groups but not virtual tunnels.
To configure a persistence rule:
1. Go to Link Load Balance > Link Group.
2. Click the Persistence tab.
3. Click Add to display the configuration editor.
4. Complete the configuration as described in
.
5. Save the configuration.
Table 31: Persistence rule configuration
Type Guidelines
Name Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the link group configuration.
Note: After you initially save the configuration, you cannot edit the name.
Type
Source-Destination Pair
Select one of the persistence types, as described below.
Timeout The default is 300 seconds.
Source-Destination Address
FortiADC D-Series Handbook
Fortinet Technologies, Inc.
155
advertisement
advertisement