Fortinet 5003 User Manual

FortiSwitch-5003A boards support 802.3ad static mode layer-2 link aggregation 
and 802.1q VLANs for the fabric channels. You can use these features to 
configure link aggregation to distribute traffic to multiple FortiGate-5001A or 
5005FA2 boards. Link aggregation configurations also support IPv6 traffic and 
traffic with jumbo frames up to 16 kbytes.

You can use link aggregation to increase the bandwidth capacity of a 
FortiGate-5000 configuration by distributing network traffic among multiple 
FortiGate-5001A or 5005FA2 boards. Adding a new FortiGate-5000 board to a 
trunk results in an almost linear increase in performance. Link aggregation is 
configured and functions the same way for 1-gigabit and 10-gigabit fabric 
backplane networks. You can configure 1-gigabit configurations with FortiGate-
5001A or 5005FA2 boards. You can configure 10-gigabit configurations with 
FortiGate-5001A boards combined with FortiGate-RTM-XB2 modules. FortiGate-
RTM-XB2 modules also increase performance by added NP2 acceleration to the 
configuration.

You configure link aggregation by adding FortiSwitch-5003A interfaces to a link 
aggregation trunk. The FortiSwitch-5003A board uses a hash algorithm based on 
source and destination IP addresses to distribute sessions to the interfaces added 
to the trunk. Each interface in the trunk usually corresponds to a slot in the 
chassis in which a FortiGate-5001A or 5005FA2 board is installed. You can also 
include FortiSwitch-5003A front panel interfaces in a trunk and distribute sessions 
to FortiGate-5000 boards installed in multiple chassis.

You can add up to 8 interfaces to a trunk to distribute sessions among up to 8 
FortiGate-5000 boards. You can also add multiple trunks to a single 
FortiSwitch-5003A board. The total number of FortiGate-5000 boards in a trunk is 
limited by the amount of bandwidth you are processing and the capacity of the 
FortiSwitch-5003A board. Fortinet does not support mixing FortiGate-5001A and 
5005FA2 boards in the same trunk. 

If you add a FortiGate-5000 board to a trunk, or if you remove a FortiGate-5000 
board from a trunk the link aggregation hash algorithm recalculates the session 
distribution. If the FortiSwitch-5003A system is processing traffic when you add or 
remove a FortiGate-5000 board, after sessions are redistributed the 
FortiGate-5000 boards in the trunk will not necessarily continue to process the 
same sessions. The same happens if a FortiGate-5000 board in a trunk fails. The 
FortiSwitch-5003A system does not maintain a session table, so changes to a 
trunk can result in communication being temporarily interrupted. As a result you 
should only add or remove FortiGate-5000 boards from a trunk during off-peak 
hours.

The FortiGate-5000 boards in a trunk must operate in transparent mode. All the 
FortiGate-5000 boards in a trunk are managed separately and all must have the 
same configuration. You can use the FortiManager system to maintain the same 
configuration on the FortiGate-5000 boards.

Note: The FortiSwitch-5003A board does not support Link Aggregation Control Protocol 
(LACP). LACP is also called 802.3ad dynamic mode layer-2 link aggregation.

Note: Due to the way the hash algorithm works, FortiGate-5000 boards in the lower 
numbered chassis slots in a trunk may receive more traffic. The order of the interfaces in 
the trunk does not matter, the numerically lowest slots will always be the ones to receive 
more traffic if the number of interfaces in the trunk is not a power of 2.