Inbound Load Balancing and Failover (Multihoming) Load Balancing & Fault Tolerance
Assuming ISP1 is down and a DNS request for www.example.com comes in, it would not be able to go through
210.58.100.1 but it will be able to reach 215.59.100.1. Multihoming detects the link status of WAN1 and answer the
request with 215.59.100.1.
Prerequisites for Multihoming
In order to multihome properly, review the requirements below.
Prerequisites for Multihoming:
l Multiple WAN links (minimum of 2).
l Registered domain names for public servers. Please make sure DNSrequests for the domains can be delivered to
FortiWAN.
l Public servers must be configured as virtual servers, or have public IPs
DNSSEC Support
The DNS Security Extensions (DNSSEC) is a specification that adds data authentications and integrity to standard
DNS. To resist tampering with DNS responses, DNSSEC introduces PKI (Public Key Infrastructure) to sign and
authenticate DNS resource record sets within the zone. A signed zone includes a collection of new resource records:
RRSIG, DNSKEY and DS.
l RRSIG contains the DNSSEC signature for the corresponded DNS records (A, AAAA, MX, CNAME and etc.) within
the zone.
l DNSKEY contains the public key corresponded to the private key used to generate RRSIG records. A DNS resolver
uses it to verify DNSSEC signatures in RRSIG.
l DS (Delegation Signer) references to the public key used to verify the RRSIG in your zone. Every DS record should
be signed by your parent zone and stored in the parent zone to establish trust chain between DNS zones.
Multihoming supports basic DNSSEC which employs only one key pair KSK (Key Sign Key) to generate DNSKEY and
RRSIG records for the zone (NSEC is not supported). The supported algorithm and key size are only RSASHA512 and
2048 bits. Note that Multihoming’s DNSSEC is not supported for Relay Mode.
Remember that you have to configure DS records with your domain registrar after you complete configurations for
DNSSEC. Please contact your domain registrar for further details about managing DS records.
FortiWAN Handbook
Fortinet Technologies Inc.
90
To Next Page
Loading...
