Fortigate 500E appears to be not load balancing throughput properly

Author
FB
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2010/06/29 07:47:56
  • Status: offline
2020/09/17 11:37:59 (permalink)
0

Fortigate 500E appears to be not load balancing throughput properly

Fortigate 500E appears to be not load balancing throughput properly V6.2.3
 
I have a 2-Nod cluster running since the launch of the 500E hardware
Over time, sometimes, we have some sync problems
In the last months we were struggling with a problem related to a non-synch cluster and, at the end, it was an old and expired certificate. After the removal of the vpn.certificate.ca, the problem was partially solved
 
But..
 
After a while we noticed that our A-A cluster is load balancing the session, now, 18K sessions per node, but most of the time, Master is processing 50-100 Mbps throughput, but Slave node is processing  between 25-900Kbps
 
Most of the users are in home, so we´re using VPNSSL and sometimes pptpD, but it shuould laod balance trhoughput even that way, am I right?
 
 
get system performance status | grep network
Average network usage: 65936 / 68076 kbps in 1 minute, 71031 / 72909 kbps in 10 minutes, 67995 / 69644 kbps in 30 minutes
get system performance status | grep network
Average network usage: 2383 / 443 kbps in 1 minute, 2533 / 460 kbps in 10 minutes, 2227 / 436 kbps in 30 minutes
 
users also complanin about some disconenctyins, TS/RDP session being disconencted with no reason, http session dying and mannually being refreshd to get back, weird behaviour
 
CPUs are under 5% and Memory below 30% on both nodes (less usage on Slave)



config system ha
set mode a-a
set sync-packet-balance disable
unset session-sync-dev
set route-ttl 10
set route-wait 0
set route-hold 10
set multicast-ttl 600
set sync-config enable
set encryption disable
set authentication disable
set hb-interval 2
set hb-lost-threshold 6
set hello-holddown 20
set gratuitous-arps enable
set arps 5
set arps-interval 8
set session-pickup enable
set session-pickup-connectionless enable
set session-pickup-expectation disable
set session-pickup-delay disable
set link-failed-signal disable
set uninterruptible-upgrade enable
set ha-mgmt-status disable
set ha-eth-type "8890"
set hc-eth-type "8891"
set l2ep-eth-type "8893"
set ha-uptime-diff-margin 300
set vcluster2 disable
set override disable
set priority 130
set schedule weight-round-robin
unset monitor
unset pingserver-monitor-interface
unset vdom
set ssd-failover disable
set memory-compatible-mode disable
set inter-cluster-session-sync disable
set load-balance-all enable

end
#1

0 Replies Related Threads

    Jump to:
    © 2020 APG vNext Commercial Version 5.5