Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
j_a_m_e_s
New Contributor III

Stacked VDOM and Hardware Acceleration

Dear All,

I would like to migrate to a stacked vdom with the root learning a BGP default and relaying this to around 10 sub-vdoms via an inter-vdom link with an iBGP peering across the inter-link. I need to get around 10-15 Gbits though the platform as a whole with Jumbo frame support and I'm running the v6.0.3 train.

 

Having prep'ed the config, then I read that my 1500D platform would not be hardware accelerating any more than 2x links

 

As an alternative, I believe I can patch fibres between some of the physical ports and land these into different vdoms using 1.q subinterfaces. For resilience and improved speed, I would also like to make this a LAG.

 

Could anyone tell me please:

1. Is this approach of trunking multiple vlans across a physical cable for the physical inter-vdom link viable?

2. Is LACP possible between the vdom and are there any concerns like mac address or system id?

3. I use FGSP (and have a longer AS_PATH via the standby unit), is this compatible?

 

Thanks in advance for any advice.

 

Regards

 

James.

2 REPLIES 2
emnoc
Esteemed Contributor III

Could anyone tell me please: 1. Is this approach of trunking multiple vlans across a physical cable for the physical inter-vdom link viable?

yes that is doable , If I'm following you

2. Is LACP possible between the vdom and are there any concerns like mac address or system id?

 

What are we talking about here? Do you have a topology map?

3. I use FGSP (and have a longer AS_PATH via the standby unit), is this compatible?   what do you mean by standby,  AS_PATH and and FGSP has no bearing, explain what your talking about ?

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
j_a_m_e_s
New Contributor III

I have attached a diagram showing the intended setup. Basically traffic would enter from the North side (port 33 & port 34), then hop to a protected vdom via a LAG (ports 35 -> port 36 & port 37 -> port 38) before exiting on the South side, which again uses port 33 & port 34. 

 

According to the 1500D fastpath diagram, I think this means that potentially both NP6 asics could be involved in a typical North-South flow (e.g. Packet enters on p33, across the LAG on p37->p38 then exit on p33 again). Would this be a problem given my requirement for around 10-15Gbits throughput?

 

Thanks again for your help.

 

 

Labels
Top Kudoed Authors