2

I'm working on a company with some Fortinet appliances. One of them is a Load Balancer named AscenLink. The specific model is an AscenLink AL-700.

There's a insane problem: a huge packet loss on the device, here's an excerpt or the mtr Unix software output:

Packets               Pings
 Host                                                                      Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 172.16.214.1                                                            0.0%   106    0.7   1.0   0.7   2.0   0.0
 2. 189.3.123.133                                                          52.4%   106    1.3   1.3   1.0   2.3   0.0
 3. 189.3.123.129                                                           0.9%   106    1.6   1.8   1.5   2.7   0.0
 4. embratel-s2-0-0-1-2-2-2-0-gacc01.vta.embratel.net.br                   25.7%   106  1045. 933.2 576.4 1259. 164.4

The architecture is simple. The first hop is the firewall/NAT on a Fortigate device, the second one with the 52.4% of packet loss is the Ascenlink Load Balancer and the next hop is the Cisco 2900 router from the ISP.

I've double checked and certified all the cables connecting the devices and they are good. Checked the diagnostics and statistics from the Ascenlink device and it claims to be good, looked for troubleshooting options on the manual and nothing was really conclusive. So I'm running out of options and I can't even use Google, since appears that no one uses this product.

I was wondering if someone here on ServerFault uses this Load Balancer from Fortinet and if there's some similar cases on the community.

Thanks in advance,

Vinícius Ferrão
  • 5,520
  • 11
  • 55
  • 95

1 Answers1

0

From my experience, an Ascenlink is actually a link balancer and not a load balancer. i.e. for sharing internet traffic outbound across multiple links. Fortinet actually bought Ascenlink a couple of years ago and have integrated some of their features in the newest FortiOS software.

I suspect there are atleast 2 x internet connections going into the Ascenlink - otherwise, I can't see any use for it - unless other design requirements that I'm not yet aware of. You may as well connect Cisco 2900 direct to the Fortinet.

I am speculating but if you have a second internet connection on the Ascenlink it could be that traffic is routing 50% of the time out the second link which might be down or affected?

Can you provide a network diagram and include details about any second, third or tertiary connections off the Ascenlink. If no other connections, then what is it doing ?

scottmc
  • 11
  • 2