Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akumarr
Staff
Staff

Created on ‎08-16-2020 05:42 AM

Article Id 194554

Technical Tip: Stat virtual server load balancing method

Description
This article describes how static virtual server load balancing method is working.

Solution
In this example there is one virtual server and three real servers behind the FortiGate.





How Static load balancing works.

The traffic load is statically spread evenly across all real servers.
However, sessions are not assigned according to how busy individual real servers are.
This load balancing method provides some persistence because all sessions from the same source address always go to the same real server.
However, the distribution is stateless, so if a real server is added or removed (or goes up or down) the distribution is changed and persistence can be lost.

Check the below example with two clients, one is 30.0.0.15 and other one is 30.0.0.25 and both are trying to access the virtual server.

First example:

From client one, when trying to access the virtual server and no matter how many request are sent, all traffic will be forwarded only to specific real server.





2020-08-01 06:44:32.601191 port2 in 30.0.0.15.9533 -> 30.0.0.10.8080: syn 979574993
2020-08-01 06:44:32.601276 port1 out 192.168.0.106.9533 -> 192.168.0.113.8080: syn 979574993
2020-08-01 06:44:32.601683 port1 in 192.168.0.113.8080 -> 192.168.0.106.9533: syn 2958156751 ack 979574994
2020-08-01 06:44:32.601699 port2 out 30.0.0.10.8080 -> 30.0.0.15.9533: syn 2958156751 ack 979574994
For the same source address let's try from different browser and check the result.





From the above image, the traffic has been forwarded to the same real server.

Example 2.

Try to access to the virtual server From 30.0.0.25.





CLI output:
2020-08-01 06:53:55.526380 port2 in 30.0.0.25.49164 -> 30.0.0.10.8080: syn 447626936
2020-08-01 06:53:55.526484 port1 out 192.168.0.106.49164 -> 192.168.0.110.8080: syn 447626936
2020-08-01 06:53:55.526856 port1 in 192.168.0.110.8080 -> 192.168.0.106.49164: syn 2318928637 ack 447626937
2020-08-01 06:53:55.526873 port2 out 30.0.0.10.8080 -> 30.0.0.25.49164: syn 2318928637 ack 447626937

1558
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.