Tunnel Routing Load Balancing & Fault Tolerance
Tunnel Routing
Tunneling is a technique to perform data transmission for a foreign protocol over a incompatible network; such as
running IPv6 over IPv4, and the transimission of data for use within a private, corporate network through a public
network. Tunneling is done by encapsulaeing and decapsulating data and information of the particular protocol within
the incompatible transmission unit symmetrically. Traditional tunneling is established over single WAN link which is a
lack of load balancing and fault tolerance. FortiWAN's Tunnel Routing (TR) is a technique that builds a special
connection between two FortiWAN units to deliver link aggregation and fault tolerance over multiple WAN links ideally
tailored for multinational intranet systems. Different to Auto Routing destributing sessions over WAN links, Tunnel
Routing breaks further a session down to packets over multiple WAN links and allows data to be prioritized during
transfer while boosting the performance of critical services such as VPN and live video streaming while avoiding delays
and data loss.
FortiWAN sets up a proprietary tunnel which we called “Tunnel Routing” between source and destination sites with
GRE (Generic Routing Encapsulation) protocol. GRE (Generic Routing Encapsulation) Protocol packs the Payload
(Original Packet) with Delivery Header and GRE Encapsulation Header. Then the packet is routed to the destination IP
address. The feature of FortiWAN’s Tunnel Routing is that with proper policy setting it can do the routing between a
single point and multiple points as well as between multiple points and multiple points. When packet arrives at the
destination IP, the remote FortiWAN on destination will decapsulate the packet to regain the source and destination IP
address and forward the packet to the target host, so the LANs in different locations can do communications with
FortiWAN directly. Being packed with GRE header and given the new source and destination IP address, the original
packet could be transferred via multiple links according to the defined Tunnel Routing rules. Furthermore, when one
WAN link break down, FortiWAN’s WLHD function would reroute the packet to the healthy WAN link so that the
network connection and the data transfer reliability are guaranteed. Even the traffic of the most severe appliance as
VPN connection can be guaranteed by Tunnel Routing, what else Tunnel Routing can not do.
FortiWAN provides mechanisms to record, notify and analysis on events refer to the Tunnel Routing service, see "Log",
"Statistics: Tunnel Status", "Statistics: Tunnel Traffic", "Report: TR Status" and "Report: TR Reliability".
Tunnel Routing---Setting
Tunnel Routing settings page include four main configurations: Basic Setting, Tunnel Group, Routing Rules,
Persistent Rules.
Basic Setting
The basic settings are located here: enabling or disabling Tunnel Route logging, define names and entering tunnel
routing activation key.
Tunnel Route Log : Enable or disable logging
Local Host ID : Assign a host name for this unit. Tunnels are established between two FortiWAN units.
Host ID is used for Tunnel Routing to recognize the units running TR transmission. Sym-
metrically, this field is required to the opposite unite.
Key : Enter the key for tunnel encryption
Confirm : Confirm the key above
FortiWAN Handbook
Fortinet Technologies Inc.
102
To Next Page
Loading...
