802.3ad Link Aggregation FAQ

What is link aggregation?

Link aggregation, otherwise known as IEEE 802.3ad standard, allows the grouping of interfaces into a larger bandwidth 'trunk'. It also allows for high availability (HA) by automatically redirecting traffic from a failed link in a trunk to the remaining links in that trunk.

Are there other names for link aggregation?

Link aggregation is also called Ethernet trunk, NIC teaming, port teaming, port trunking, and NIC bonding.

What FortiGate models support link aggregation?

Link aggregation is supported on FortiGate-800 and up.

What versions of FortiOS support link aggregation?

It is a new feature in version 3.0MR1.

How canI check if 802.3ad is supported on my FortiGate unit?

Create a new interface (System > Network > Interface) with a type of 802.3ad Aggregate. If this option does not appear, and you are using FortiOS v3.0MR1, then link aggregation is not supported on your FortiGate unit.

What is LACP?

Link Aggregation Control Protocol is the Layer-2 negotiation protocol used by both ends of the aggregated links to establish the actual links. The other end of the links is called the peer.

When do I need to use LACP?

If you are creating an aggregate between two FortiGate units, you can turn LACP off (lacp-mode static). If your FortiGate unit is connecting to a non-FortiGate device, you will need LACP enabled to negotiate the link connections.

When is it a good idea to use link aggregation?

Link aggregation makes sense

• if you need the redundancy of HA,
• if you need 1.1 - 8 Gig of  bandwidth, or
• if you can't justify the cost of 10 Gig equipment.

What devices are compatible with FortiGate link aggregation?

The FortiGate unit should support any device that supports the 802.3ad standard. At this time, almost any medium sized switch will support 802.3ad.

What devices are not compatible with FortiGate 802.3ad link aggregation?

Before 802.3ad some companies added their own standards to their products - these generally do not work with 802.3ad. For example Cisco PAgP (Port Aggregation Protocol), and Adaptec Duralink trunking will not work with 802.3ad.

How many interfaces can I aggregate at once on a FortiGate?

The 802.3ad standard and Fortinet allow a maximum of eight interfaces to be aggregated. However, at this time the number of physical interfaces available on FortiGate units may limit this farther.

Can I split the links on one end of the trunk between two devices, say two FortiGate 500x blades?

No. A trunk must terminate on one device. The one possible exception to this is if a FortiGate unit has a trunk of say four links that connect to two Nortel boxes (two links each) that share an MLT (MultiLink Trunking) link. This setup has not been tested with ForiGate but is theoretically possible.

Can I aggregate ports of different types, for example a GigE and three 10/100 ports?

The FortiGate unit will allow you to put ports with a different speed in an aggregate. An aggregate between two FortiGate units will let you mix speeds (LACP is not used). If LACP is being used (default mode), it is up to the peer if all the ports will aggregate successfully. Non-Fortinet vendors may not allow mixing of speeds.

What happens when a link in a trunk fails and comes back up?

If LACP is enabled, when the link carrier signal is detected LACP starts negotiation and if successful the link will be re-integrated. If LACP is not used, the port will be marked as up and can be used by the trunk.

Are there restrictions on configuring a trunk?

The chapter on creating interfaces lists the restrictions for creating a trunk. Some of it is included below.

An interface is available for aggregation only if

• it is a physical interface, not a VLAN interface
• it is not already part of an aggregated interface
• it is in the same VDOM as the aggregated interface
• it has no defined IP address and is not configured for DHCP or PPPoE
• it has no DHCP server or relay configured on it
• it does not have any VLAN subinterfaces
• it is not referenced in any firewall policy, VIP, IP Pool or multicast policy
• it is not an HA heartbeat interface

Are there restrictions on what I can do on a trunk once it is configured, use VLANs for example?

You can do almost anything on a trunk interface that you can do on a regular interface, with the exceptions listed above. This includes configuring VLANs on the trunk.

What log events are associated with link aggregation?

There are currently no log events only for link aggregation. However, normal log events related to VLANs should apply.

What SNMP traps are associated with link aggregation?

In 3.0 GA, SNMP reports zero for the trunk's interface speed. In MR1 this was changed to report the trunk's speed as the number of ports mulitplied by the speed of statically configured ports in the trunk (if there are three 100 M/s ports, the trunk has a reported speed of 300 M/s). There is no speed reporting for dynamically configured ports. There is currently no documenting standard for this and it is what Cisco does. Apart from this, there are no SNMP traps particular to link aggregation. It should have traps similar to VLANs.