Tuesday, December 23, 2014

[3 of many] Migrating to Fortinet 5.2 - ECMP Load Balancing - Answers

In the last post here, I have discussed the problems we had with ECMP. In short, the traffic was not balancing properly and switching from one to the other connection after we have migrated to 5.2.

First, the answers from technical support:
A very busy but knowledgeable and fast person has taken our case. After initial testing based on our suggestions, it took an hour or so to rapidly check everything on our system and answer one or two of  my questions.
It looks like everything was working since the beginning. In fact, the documentation from Fortinet

states that ECMP load balancing is using upload (yes you heard it right!- upload) traffic to determine when load balancing occurs. That is, under lab conditions a few Youtube videos saturating 5Mbit connection generate around 600kbits of upload traffic. At the same time, a single Skype conversation will result in around 1Mbit of upload bandwidth used. Given that our own traffic is mostly Youtube (90% to 95%) we have set up spillover threshold to 600k. I will post here any adjustments we make.

A few important notes:
  • ECMP is using the first available route as default if all routes have the same distance. That is, for ECMP to work in proper and predictable manner (according to Fortinet support) all routes must have the same distance. 
  • However, ECMP accepts routes with different distances and is supposed to select the first available route with the shortest distance as the default and the other one as the spillover. This method was perfectly functional just before 5.2 and should also be working after 5.2. It is not an official statement and should be tested.
In short, I was wrong and Fortinet has helped me to find the answers. Unfortunately, the support person answered only the questions we had on the support ticket. In fact, he has really politely suggested to open a new ticket for debugging the new load balancing method (Wan Link Load Balancing) because he is busy and another client is waiting for him. I cannot say that he was unhelpful or impolite but I do expect to have more than an hour of support in the rare occasions I need help and I finally get it from someone who knows what he/she is doing.