Tuesday, December 23, 2014

[3 of many] Migrating to Fortinet 5.2 - ECMP Load Balancing - Answers

In the last post here, I have discussed the problems we had with ECMP. In short, the traffic was not balancing properly and switching from one to the other connection after we have migrated to 5.2.

First, the answers from technical support:
A very busy but knowledgeable and fast person has taken our case. After initial testing based on our suggestions, it took an hour or so to rapidly check everything on our system and answer one or two of  my questions.
It looks like everything was working since the beginning. In fact, the documentation from Fortinet

states that ECMP load balancing is using upload (yes you heard it right!- upload) traffic to determine when load balancing occurs. That is, under lab conditions a few Youtube videos saturating 5Mbit connection generate around 600kbits of upload traffic. At the same time, a single Skype conversation will result in around 1Mbit of upload bandwidth used. Given that our own traffic is mostly Youtube (90% to 95%) we have set up spillover threshold to 600k. I will post here any adjustments we make.

A few important notes:
  • ECMP is using the first available route as default if all routes have the same distance. That is, for ECMP to work in proper and predictable manner (according to Fortinet support) all routes must have the same distance. 
  • However, ECMP accepts routes with different distances and is supposed to select the first available route with the shortest distance as the default and the other one as the spillover. This method was perfectly functional just before 5.2 and should also be working after 5.2. It is not an official statement and should be tested.
In short, I was wrong and Fortinet has helped me to find the answers. Unfortunately, the support person answered only the questions we had on the support ticket. In fact, he has really politely suggested to open a new ticket for debugging the new load balancing method (Wan Link Load Balancing) because he is busy and another client is waiting for him. I cannot say that he was unhelpful or impolite but I do expect to have more than an hour of support in the rare occasions I need help and I finally get it from someone who knows what he/she is doing.


  1. Hello,
    I have a FORTINET 100D, I don't understand how to set load balancing of two lines (WAN1-WAN2)..
    I would like that fortinet can manage requests (hotspot wifi) according to the load of a single WAN..

    My 2 connections have this bandwidth available:
    WAN1 - download: 600Kbps upload: 80Kbps
    WAN2 - download: 1200Kbps upload: 150Kbps

    How can I set fortinet to permit the user to surf in Internet on the lines less discharge?


    1. Well... it depends.

      There are two methods:
      1) ECMP load balancing - old way
      2) WAN Link Load Balancing - new way

      If your setup is simple, use the second method with Measured-Volume based setting. You can find a simple tutorial here :https://www.youtube.com/watch?v=HRajFKAdflU&feature=youtu.be. Note that the settings in 5.2.X are located here: System-->Network--> WAN Link Load Balancing Interface.

      If your setup is complex, I need more details to give you the proper steps.

  2. Hi,

    I have issue with my old way ECMP load balancing. This issue was happening after I migrated to 5.2.x from 5.0.x. How to move from ECMP to WAN Link Load Balancing ? Thank you.

    1. I would love to help BUT I definitely need more info. For now see my comments above with links to Youtube videos from Fortinet. I think, there are also more recent ones that explain the process.