FortiGate Topics
Introduction to ECMP on FortiGate
Equal Cost Multipath Routing (ECMP) is a network feature that enables traffic distribution across multiple paths with the same routing cost, allowing routers like FortiGate to enhance load balancing and redundancy within a network. With ECMP, organizations can achieve efficient utilization of multiple WAN connections, reduce latency, and avoid single points of failure.
In FortiGate, ECMP is especially valuable for businesses that rely on multiple ISPs or need high availability, allowing traffic to flow seamlessly even if one path goes down. This article covers how ECMP works, its use cases, and a step-by-step guide to configuring and optimizing ECMP on FortiGate devices.
What is Equal Cost Multipath Routing (ECMP)?
ECMP is a routing strategy that enables a router to balance network traffic across multiple paths with the same cost. This mechanism uses load-sharing techniques to distribute traffic, effectively utilizing all available bandwidth and enhancing network resilience. In contrast to traditional routing, where only one path is chosen even if multiple paths exist, ECMP allows FortiGate to consider all paths with equal cost for data transmission.
Benefits of ECMP on FortiGate:
- Load Balancing: ECMP helps distribute the network load evenly, preventing any single link from becoming overburdened.
- Redundancy and Resilience: ECMP automatically shifts traffic to an alternate path if one path fails, ensuring uninterrupted service.
- Cost Efficiency: By utilizing all available links equally, ECMP maximizes the return on investment for multiple ISP or WAN links.
Use Cases for ECMP on FortiGate
ECMP is particularly useful in environments with multiple internet links or large-scale internal networks. Here are some common scenarios where ECMP is advantageous:
- Multi-WAN Load Balancing: Distribute traffic between multiple WAN connections, allowing efficient utilization of all ISP links.
- Redundancy for High Availability: In case of link failure, ECMP routes traffic over alternative paths, ensuring uptime.
- Enhanced Bandwidth for Data-Intensive Applications: Balance traffic for heavy workloads like video conferencing, VoIP, or large file transfers across multiple paths.
- Cost-Effective Scaling: In branch offices or remote sites, ECMP supports load balancing across multiple, lower-cost links instead of investing in a single high-bandwidth line.
ECMP Configuration on FortiGate
If multiple routes (static, OSPF or BGP) have the same attributes (distance, metric and priority), they are all active and FortiGate distributes traffic acros all of them. To be considered for ECMP, routes must have the same values for the following attributes:
- Destination subnet
- Distance
- Metric
- Priority
To check this values you need to open CLI and type get router info routing-table all
fgt # get router info routing-table all
Routing table for VRF=0
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [5/0] via xxx.xxx.xxx.xxx, wan1
C xxx.xxx.xxx.xxx/30 is directly connected, wan1
S 192.168.10.0/24 [4/0] is directly connected, to1
S 192.168.11.0/24 [10/0] is directly connected, to1
S 192.168.19.0/24 [10/0] via 192.168.20.112, internal
ECMP Methods
- Source IP (default)
- Sessions from the same source IP Address use the same route
- Source-destination IP
- Sessions with the same source and destination IP use the same route
- Weighted
- Sessions are distributed based on route, or interface weights
- Usage (spillover)
- One route is used until the volume treshold is reached, then the next route is used.
Configuring ECMP
The ECMP methos is set on the CLI (firmware 6.0.13)
config system settings
set v4-ecmp-mode [source-ip-based | weight-based | usage-based | source-dest-ip-based]For weight -based ECMP, weight balues are configured per interface, or per route on the CLI:
config system interface
edit interface <name>
set weight <0 to 255>ECMP allows you to have multiple links for the same destination. On this way you have failover – redundancy and resilience.
For ECMP you need to have a firewall policy in the place to allow traffic to go through the interfaces.
More information you can find on the link.
