Clustering – FortiBalancer

4.3.1.2 Active-Active: Two Nodes

Configuration Guidelines

In Active-Active mode, node 1 will be the master for VIP1, and the backup for VIP2. Node 2 will act as the master for VIP2, and serve as the backup for VIP1. This increases the performance of your site while maintaining high availability.

The next illustration shows a typical deployment. To achieve active-active status, we need to have two virtual cluster IDs (VCID), each containing at least one VIP.

 

Figure 4-5 Active-Active Two-Node Architecture

In the above figure, FortiBalancer1 is the master for VIP1 and the backup for VIP2 and FortiBalancer2 is the master for VIP2 and the backup for VIP1.

VCID 1 will have VIP1 (192.168.2.100) and VCID 2 will have VIP2 (192.168.2.101).

Table 4-2 General Settings of Active-Active Two-Node Clustering

Operation Command
Configure SLB Refer to the SLB Configuration section.
Configure a virtual interface cluster virtual ifname <interface_name> <cluster_id>
Configure virtual cluster authentication cluster virtual auth <interface_name> <cluster_id> {0|1} [password]
Configure preemption cluster virtual preempt <interface_name> <cluster_id> <mode>
Configure virtual IP cluster virtual vip <interface_name> <cluster_id> <vip>
Configure priority cluster virtual priority <interface_name> <cluster_id> <priority> [synconfig_peer_name]
Enable the virtual cluster cluster virtual {on|off} [cluster_id|0] [interface_name]

 

Configuration Example for Active-Active SLB Clustering via CLI

We will setup node 1 as the master of VIP1 and the backup of VIP2. Node 2 will be the master of VIP2 and the backup for VIP1.

Ø    Step 1 Configure SLB for both FortiBalancer1 and FortiBalancer2

FortiBalancer1(config)#slb real http “server1” 192.168.1.50 80 1000 tcp 1 1

FortiBalancer1(config)#slb real http “server2” 192.168.1.51 80 1000 tcp 1 1

FortiBalancer1(config)#slb group method “group1” rr

FortiBalancer1(config)#slb group member “group1” “server1” 1

FortiBalancer1(config)#slb group member “group1” “server2” 1

FortiBalancer1(config)#slb virtual http “vip1” 192.168.2.100 80

FortiBalancer1(config)#slb virtual http “vip2” 192.168.2.101 80 FortiBalancer1(config)#slb policy default “vip1” “group1” FortiBalancer1(config)#slb policy default “vip2” “group1”

 

FortiBalancer2(config)#slb real http “server1” 192.168.1.50 80 1000 tcp 1 1

FortiBalancer2(config)#slb real http “server2” 192.168.1.51 80 1000 tcp 1 1

FortiBalancer2(config)#slb group method “group1” rr

FortiBalancer2(config)#slb group member “group1” “server1” 1

FortiBalancer2(config)#slb group member “group1” “server2” 1

FortiBalancer2(config)#slb virtual http “vip1” 192.168.2.100 80

FortiBalancer2(config)#slb virtual http “vip2” 192.168.2.101 80

FortiBalancer2(config)#slb policy default “vip1” “group1”

FortiBalancer2(config)#slb policy default “vip2” “group1”

  • Step 2 Configure a virtual interface name

FortiBalancer1(config)#cluster virtual ifname “port1” 100 FortiBalancer1(config)#cluster virtual ifname “port1” 101

FortiBalancer2(config)#cluster virtual ifname “port1” 100

FortiBalancer2(config)#cluster virtual ifname “port1” 101

  • Step 3 Configure virtual cluster authentication

It is recommended that you run clustering with an authentication string to avoid unauthorized participation in your cluster.

FortiBalancer1(config)#cluster virtual auth port1 100 0 FortiBalancer1(config)#cluster virtual auth port1 101 0 FortiBalancer2(config)#cluster virtual auth port1 100 0 FortiBalancer2(config)#cluster virtual auth port1 101 0

  • Step 4 Configure virtual cluster preemption

FortiBalancer1(config)#cluster virtual preempt port1 100 1 FortiBalancer1(config)#cluster virtual preempt port1 101 0

FortiBalancer2(config)#cluster virtual preempt port1 100 0

FortiBalancer2(config)#cluster virtual preempt port1 101 1

  • Step 5 Define the VIP by the “cluster virtual vip” command

FortiBalancer1(config)#cluster virtual vip “port1” 100 192.168.2.100

FortiBalancer1(config)#cluster virtual vip “port1” 101 192.168.2.101

FortiBalancer2(config)#cluster virtual vip “port1” 100 192.168.2.100 FortiBalancer2(config)#cluster virtual vip “port1” 101 192.168.2.101

  • Step 6 Define the priority

Cluster priority determines which node becomes the master. The node with highest priority becomes the master.

FortiBalancer1(config)#cluster virtual priority port1 100 255

FortiBalancer1(config)#cluster virtual priority port1 101 100

FortiBalancer2(config)#cluster virtual priority port1 100 100

FortiBalancer2(config)#cluster virtual priority port1 101 255

  • Step 7 Turn on the clustering

FortiBalancer1(config)#cluster virtual on

FortiBalancer2(config)#cluster virtual on

4.3.2 Clustering Inside Interfaces

Clustering on the inside requires a little different train of thought than that of clustering the SLB VIPs.

Note: NATing is highly recommended if the machines in your inside network need to communicate to other networks via the FortiBalancer appliance.

There are two methods of setting up the inside interface. The first is to use one VIP that will belong to one of the appliances in the Virtual Cluster. If you want to or need to share the load between the nodes you will have to setup an Active-Active configuration for the inside interfaces. We will cover how to setup both scenarios in this section.

4.3.2.1 Active-Standby (One VIP)

Configuration Guidelines

In Active-Standby mode, one box will serve as the gateway for the inside network. Upon unexpected failure of the master node, the standby node in the cluster will take over. For our purpose, we are going to pick an unused IP address on the inside network (192.168.1.3) and use it as the gateway for our inside network.

 

Figure 4-6 Inside Interface Active-Standby Mode

Table 4-3 General Settings of Inside Interface Active-Standby Clustering

Operation Command
Configure a virtual interface cluster virtual ifname <interface_name> <cluster_id>
Configure virtual IP cluster virtual vip <interface_name> <cluster_id> <vip>
Configure priority cluster virtual priority <interface_name> <cluster_id> <priority> [synconfig_peer_name]
Enable the virtual cluster cluster virtual {on|off} [cluster_id|0] [interface_name]

Configuration Example for Active-Standby Clustering Inside Interface via CLI

  • Step 1 Configure a virtual interface and its cluster ID

FortiBalancer1(config)#cluster virtual ifname “port2” 100

FortiBalancer2(config)#cluster virtual ifname “port2” 100

  • Step 2 Define the VIP by the “cluster virtual vip” command

FortiBalancer1(config)#cluster virtual vip “port2” 100 192.168.1.3 FortiBalancer2(config)#cluster virtual vip “port2” 100 192.168.1.3

  • Step 3 Define the priority

Cluster priority determines which node becomes the master. The node with highest priority becomes the master.

FortiBalancer1(config)#cluster virtual priority port2 100 255

FortiBalancer2(config)#cluster virtual priority port2 100 100

  • Step 4 Turn on the clustering

FortiBalancer1(config)#cluster virtual on

FortiBalancer2(config)#cluster virtual on

4.3.2.2 Active-Active (Two VIPs)

Configuration Guidelines

In Active-Active configuration, we will create two VIPs to serve as gateways. Half of your servers’ default routes will point to the first VIP and the other half will point to the second VIP, thus equally dividing the load between the FortiBalancer appliances.

 

Figure 4-7 Inside Interface Active- Active Mode

Table 4-4 General Settings of Inside Interface Active-Active Clustering

Operation Command
Configure a virtual interface cluster virtual ifname <interface_name> <cluster_id>
Configure virtual IP cluster virtual vip <interface_name> <cluster_id> <vip>
Configure priority cluster virtual priority <interface_name> <cluster_id> <priority> [synconfig_peer_name]
Enable the virtual cluster cluster virtual {on|off} [cluster_id|0] [interface_name]

Configuration Example for Active-Active Clustering Inside Interface via CLI We proceed along these lines by executing the following:

  • Step 1 Configure a virtual interface and its cluster ID

FortiBalancer1(config)#cluster virtual ifname “port2” 100

FortiBalancer1(config)#cluster virtual ifname “port2” 101

FortiBalancer2(config)#cluster virtual ifname “port2” 100

FortiBalancer2(config)#cluster virtual ifname “port2” 101

  • Step 2 Define the VIP by the “cluster virtual vip” command

FortiBalancer1(config)#cluster virtual vip “port2” 100 192.168.1.3

FortiBalancer1(config)#cluster virtual vip “port2” 101 192.168.1.4

FortiBalancer2(config)#cluster virtual vip “port2” 100 192.168.1.3 FortiBalancer2(config)#cluster virtual vip “port2” 101 192.168.1.4

  • Step 3 Define the priority

Cluster priority determines which node becomes the master. The node with highest priority becomes the master.

FortiBalancer1(config)#cluster virtual priority port2 100 255 FortiBalancer1(config)#cluster virtual priority port2 101 100

FortiBalancer2(config)#cluster virtual priority port2 100 100 FortiBalancer2(config)#cluster virtual priority port2 101 255

  • Step 4 Turn on the clustering

FortiBalancer1(config)#cluster virtual on FortiBalancer2(config)#cluster virtual on

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.