Table of Contents
Advertisement
FortiController-5913C system
Setting up a single-chassis SALB cluster
Setting up an SLBC with two chassis
FortiController-5913C Session-Aware Load Balancing Cluster (SLBC) System Guide
10-500-259409-20160210
http://docs.fortinet.com/
• Two FortiController-5913Cs in dual mode and up to 12 workers in each chassis. Both
FortiController-5913Cs in one of the chassis receive and load balance sessions to the
workers in that chassis. If a FortiController-5913C fails, the sessions fail over to the
FortiController-5913Cs in the other chassis.
To form a single-chassis SALB cluster you must install a FortiController-5913C in chassis
slot 1, optionally a second FortiController-5913C in chassis slot 2 and configure HA and
load balancing settings.
You then install the workers in slots 3 and up and set them to forticontroller mode. The
workers find each other in the chassis and form a cluster. The worker with the lowest slot
number becomes the primary worker and the others become subordinate workers.
You connect the FortiController-5913C F1 and F2 front panel interfaces to networks. The
workers see these interfaces as fctrl/f1 and fctrl/f2.
Figure 2
shows a FortiController-5913C cluster consisting of one FortiController-5913C
and three FortiGate-5001D workers. FortiController-5913C front panel interface F1
(fctrl/f1) is connected to the Internet and front panel interface F2 (fctrl/f2) is connected to
an internal network.
You can also form a two-chassis SLBC, where each chassis would include a
FortiController-5913C in slot 1 and optionally a second FortiController-5913C in slot 2.
You then install the workers in slots 3 and up in each chassis and set them to
forticontroller mode.
You connect the chassis 1 FortiController-5913C F1 and F2 front panel interfaces to
networks. The workers see these interfaces as fctrl/f1 and fctrl/f2.
The network connections to the FortiController-5913Cs in chassis 1 are duplicated with
the FortiController-5913Cs in chassis 2. If one of the FortiController-5913Cs in chassis 1
fails, the FortiController-5913C in chassis 2 slot 1 becomes the primary FortiController
and all traffic fails over to the FortiController-5913Cs in chassis 2.
Heartbeat, base control, base management, and session sync communication is required
between the chassis using the FortiController-5913C B1 and B2 interfaces. Connect all
of the B1 interfaces together using a 10 Gbps switch. Collect all of the B2 interfaces
together using another 10 Gbps switch. Using the same switch for the B1 and B2
interfaces is not recommended and requires a double VLAN tagging configuration.
The switches must be configured to support the following VLAN tags and subnets used
by the traffic on the B1 and B2 interfaces:
• Heartbeat traffic uses VLAN 999.
• Base control traffic on the 10.101.11.0/255.255.255.0 subnet uses VLAN 301.
• Base management on the 10.101.10.0/255.255.255.0 subnet uses VLAN 101.
• Session sync traffic between the FortiControllers in slot 1 uses VLAN 1900.
• Session sync traffic between the FortiControllers in slot 2 uses VLAN 1901.
See the
FortiController Session-Aware Load Balancing Guide
FortiController-5913C session-aware load balancing (SALB)
for complete setup details.
11
Advertisement
Table of Contents
