Load balancing common configuration

Link name

Enter a link name, case insensitive.

Next hop config method

Select a next hop configuration method:

·     Manual

·     Automatic

Next hop IPv4 address

Specify an outbound next hop IPv4 address.

The IPv4 address cannot be an IPv4 address of any interface on the device, loopback address, multicast address, broadcast address, or an address in the format of 0.X.X.X.

Next hop IPv6 address

Specify an outbound next hop IPv6 address.

The IPv6 address cannot be an IPv6 address of any interface on the device, loopback address, multicast address, link-local address, or all-zero address.

Outgoing interface

Specify an outgoing interface for the link. The outgoing interface must be an interface whose IP address can be dynamically obtained.

Link cost for proximity calculation

Specify the link cost for proximity calculation.

Link feature

Enable or disable the link feature.

VRF

Specify the VPN instance to which the link belongs.

VRF inheritance

Enable or disable VRF inheritance. When VRF inheritance is enabled, a link without a VPN instance specified inherits the VPN instance of the virtual server. When VRF inheritance is disabled, a link without a VPN instance specified belongs to the public network.

Description

Enter a description for the link.

Weight

Specify the link weight. For the weighted round robin and weighted least connections algorithms, a greater value means a higher priority to be referenced.

Priority

Specify the priority of the link in a link group.

If the number of links with the highest priority is less than the minimum number, links with lower priority are selected to meet the minimum number or until no links are available.

You can configure the maximum number and minimum number from Policies > Load Balancing > Link Load Balancing > Outbound Link Load Balancing > Link Group.

Link group

Select an existing link group or create a link group.

A created link group can be viewed from the Policies > Load Balancing > Link Load Balancing > Outbound Link Load Balancing > Link Group page.

Probe method

Specify a probe template used to detect the health and availability of the link. You can also configure this parameter for a link group from Policies > Load Balancing > Outbound Link Load Balancing > Link Group. The probe template configured for a link has higher priority over that configured for a link group.

You can select an existing probe template or create a probe template. A created probe template can be viewed from the Objects > Health Monitoring page.

Success criteria

Specify the health monitoring success criteria for the link.

·     All probes succeed—Health monitoring succeeds only when all the specified health monitoring methods succeed.

·     At least n probes succeed—Health monitoring succeeds when a minimum of the specified number of health monitoring methods succeed. When the specified number of health monitoring methods is greater than the number of health monitoring methods on the device, health monitoring succeeds if all health monitoring methods succeed.

Total bandwidth-Bandwidth ratio

Specify the bandwidth ratio. The bandwidth ratio is the percentage of the current bandwidth to the total maximum bandwidth. When the traffic exceeds the maximum expected bandwidth multiplied by the bandwidth ratio of a link, new traffic (traffic that does not match any sticky entries) is not distributed to the link.

If you do not set this parameter, the maximum value that can be set applies.

Total bandwidth-Bandwidth recovery ratio

Specify the bandwidth recovery ratio. When the traffic drops below the maximum expected bandwidth multiplied by the bandwidth recovery ratio of the link, the link participates in scheduling again.

The bandwidth recovery ratio of a link must be smaller than or equal to the bandwidth ratio of the link.

Inbound bandwidth-Bandwidth ratio

Specify the inbound bandwidth ratio. The inbound bandwidth ratio is the percentage of the current inbound bandwidth to the maximum inbound bandwidth. When the traffic exceeds the maximum expected bandwidth multiplied by the bandwidth ratio of a link, new traffic (traffic that does not match any sticky entries) is not distributed to the link.

If you do not set this parameter, the maximum value that can be set applies.

Inbound bandwidth-Bandwidth recovery ratio

Specify the inbound bandwidth recovery ratio. When the traffic drops below the maximum expected bandwidth multiplied by the bandwidth recovery ratio of the link, the link participates in scheduling again.

The bandwidth recovery ratio of a link must be smaller than or equal to the bandwidth ratio of the link.

Outbound bandwidth-Bandwidth ratio

Specify the outbound bandwidth ratio. The inbound bandwidth ratio is the percentage of the current inbound bandwidth to the maximum inbound bandwidth. When the traffic exceeds the maximum expected bandwidth multiplied by the bandwidth ratio of a link, new traffic (traffic that does not match any sticky entries) is not distributed to the link.

If you do not set this parameter, the maximum value that can be set applies.

Outbound bandwidth-Bandwidth recovery ratio

Specify the outbound bandwidth recovery ratio. When the traffic drops below the maximum expected bandwidth multiplied by the bandwidth recovery ratio of the link, the link participates in scheduling again.

he bandwidth recovery ratio of a link must be smaller than or equal to the bandwidth ratio of the link.

Maximum bandwidth-Expected bandwidth

Specify the total maximum expected bandwidth. The value 0 means that the total maximum expected bandwidth is not limited. In addition to being used for link protection, the total maximum expected bandwidth is used for remaining bandwidth calculation in the bandwidth algorithm, maximum bandwidth algorithm, and dynamic proximity algorithm.

Maximum bandwidth-Expected inbound bandwidth

Specify the inbound maximum expected bandwidth. The value 0 means that the inbound maximum expected bandwidth is not limited. In addition to being used for link protection, the inbound maximum expected bandwidth is used for remaining bandwidth calculation in the bandwidth algorithm, maximum bandwidth algorithm, and dynamic proximity algorithm.

Maximum bandwidth-Expected outbound bandwidth

Specify the outbound maximum expected bandwidth. The value 0 means that the outbound maximum expected bandwidth is not limited. In addition to being used for link protection, the outbound maximum expected bandwidth is used for remaining bandwidth calculation in the bandwidth algorithm, maximum bandwidth algorithm, and dynamic proximity algorithm.

QoS-Connections

Specify the maximum number of connections allowed on the link. The value 0 means that the number of connections allowed on a link is not limited.

QoS-Connections per second

Specify the maximum number of connections per second allowed on the link. The value 0 means that the number of connections per second allowed on a link is not limited.

QoS-Bandwidth

Specify the total maximum bandwidth allowed on the link. The value 0 means that the total bandwidth allowed on a link is not limited.

QoS-Inbound bandwidth

Specify the inbound maximum bandwidth allowed on the link. The value 0 means that the inbound bandwidth allowed on a link is not limited.

QoS-Outbound bandwidth

Specify the outbound maximum bandwidth allowed on the link. The value 0 means that the outbound bandwidth allowed on a link is not limited.

Stick group name

Enter a name for the sticky group, case insensitive.

Type

Select a group type:

·     Address and port

·     Payload

·     HTTP-Content

·     HTTP-Cookie

·     HTTP-Header

·     SSL

·     RADIUS

·     SIP

·     HTTP-Passive

·     UDP-Passive

·     TCP-Payload

Aging time

Specify the timeout time for sticky entries. For sticky groups of the HTTP cookie type, the following rules apply:

·     If the sticky method is cookie insert or cookie rewrite, a timeout timer of 0 indicates session persistency.

·     If the sticky method is cookie get, a timeout timer of 0 indicates the timeout time for the sticky entries is 0 seconds.

Override limits

Enable or disable the function of ignoring the limits for sessions that match sticky entries. After this function is enabled, the device ignores the following limits for sessions that match sticky entries:

·     Bandwidth and connection parameters on real servers or links.

·     LB connection limit policies on virtual servers.

Stickiness-over-busyness

Enable or disable the stickiness-over-busyness function. This function enables the device to assign client requests to real servers based on sticky entries, regardless of whether the real servers are busy. When this function is disabled, the device assigns client requests to only real servers in normal state.

Description

Enter a description for the sticky group.

IPv4

Select an IPv4 address/port sticky method:

·     Source address

·     Source address/port

·     Destination address

·     Destination address/port

·     Source address/Destination address

·     Source/Destination address/port

IPv6

Select an IPv6 address/port sticky method:

·     Source address

·     Source address/port

·     Destination address

·     Destination address/port

·     Source address/Destination address

·     Source/Destination address/port

Offset

Specify the offset value of the HTTP payload based on the start of the HTTP packet.

Start string

Specify the regular expression that marks the start of the HTTP payload. The string cannot contain question marks (?).

Length/End string

Specify the length and end string of the HTTP payload.

·     Length—Specify the length of the HTTP payload. The value 0 indicates any length.

·     End string—Specify the regular expression that marks the end of the HTTP payload. The string cannot contain question marks (?).

Offset

Specify the offset value of the entity based on the start of the HTTP packet.

Start string

Specify the regular expression that marks the start of the entity. The string cannot contain question marks (?).

Length/End string

Specify the length and end string of the HTTP entity.

·     Length—Specify the length of the HTTP entity. The value 0 indicates any length.

·     End string—Specify the regular expression that marks the end of the HTTP entity. The string cannot contain question marks (?).

Cookie stickiness

Select a cookie sticky method:

·     Cookie insert—Inserts the Set-Cookie field to the HTTP response packets sent by the server.

·     Cookie rewrite—Rewrites the Set-Cookie field in the HTTP response packets sent by the server.

·     Cookie get—Gets the Set-Cookie field in the HTTP response packets sent by the server.

Cookie name

Specify an HTTP cookie by its name, case sensitive.

Cookie domain name

Specifies a domain name indicating the hosts to which the cookie will be sent. If you do not specify this option, the cookie will be sent to only the host where it is created.

Suppose a client can visit hosts example.com, www.example.com, and www.corp.example.com. If you specify example.com, the client includes the cookie when sending HTTP requests to any of the three hosts. If you specify www.corp.example.com, the client includes the cookie only when sending HTTP requests to www.corp.example.com.

This parameter is supported only by the cookie insert sticky method.

Cookie path

Specifies a path to which the cookie will be sent. If you do not specify a path, the cookie will be sent to every path (the root directory / applies) of the specified domain name.

This parameter limits the scope of the cookie to the specified path. Suppose a client can visit folders www.example.com/a and www.example.com/b. If you specify domain name www.example.com and path /a, the client includes the cookie only when sending HTTP requests to www.example.com/a.

This parameter is supported only by the cookie insert sticky method.

HTTPOnly

Enable this option to prevent the cookie from being accessed by scripts. If you disable this option, the cookie can be accessed by scripts.

The option prevents attackers from obtaining cookie information by using scripts.

This option is supported only by the cookie insert and cookie rewrite sticky methods.

Secure

Enable this option to transmit the cookie over only HTTPS connections. If you disable this option, the cookie can be transmitted over any connections.

This option is supported only by the cookie insert and cookie rewrite sticky methods.

Check all packets

Enable or disable checking for all packets.

·     If the sticky method is cookie get, use this parameter to get cookies from all HTTP response packets. If this parameter is not configured, the device gets only the Set-Cookie from the first response packet of a connection.

·     If the sticky method is cookie rewrite, use this parameter to rewrite cookies in all HTTP response packets. If this parameter is not configured, the device rewrites only the Set-Cookie in the first response packet of a connection.

·     If the sticky method is cookie insert, use this parameter to insert cookies to all HTTP response packets. If this parameter is not configured, the device inserts only the Set-Cookie to the first response packet of a connection.

Secondary cookie

Specify the name of the secondary cookie, a case-sensitive. The name cannot contain brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), or horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127. Only the cookie get sticky method supports this parameter.

The device locates the secondary cookie in the URI when it fails to locate the specified cookie in the HTTP request packet header.

Offset

Specify the offset value of the cookie based on the start of the HTTP packet. Only the cookie get sticky method supports this parameter.

Start string

Specify the regular expression that marks the start of the cookie. The string cannot contain question marks (?). Only the cookie get sticky method supports this parameter.

Length/End string

Specify the length and end string of the cookie.

·     Length—Specify the length of the cookie. The value 0 indicates any length.

·     End string—Specify the regular expression that marks the end of the HTTP cookie. The string cannot contain question marks (?).

Only the cookie get sticky method supports this parameter.

Header stickiness

Select a header sticky method:

·     URL—HTTP URL based sticky method.

·     Host—HTTP host based sticky method.

·     Method—HTTP Request-Method based sticky method.

·     Version—HTTP version based sticky method.

·     Name—HTTP header name based sticky method.

Header name

Specify the HTTP header name. This parameter appears only if you have selected the HTTP header name based sticky method.

Offset

Specify the offset value of the HTTP header based on the start of the HTTP packet.

Start string

Specify the regular expression that marks the start of the HTTP header. The string cannot contain question marks (?).

Length/End string

Specify the length and end string of the HTTP header.

·     Length—Specify the length of the HTTP header. The value 0 indicates any length.

·     End string—Specify the regular expression that marks the end of the HTTP header. The string cannot contain question marks (?).

SSL stickiness

Specify the SSL sticky method based on SSL session ID. This sticky method applies only to HTTPS request packets and requires specifying an SSL server policy for the virtual server.

RADIUS attribute

Specify the RADIUS attribute sticky method. This sticky method applies only to RADIUS packets. The value 1 indicates the User-Name attribute. The value 8 indicates the Framed-IP-Address attribute.

SIP stickiness

Specify the SIP sticky method based on the call ID in the header of SIP messages. All SIP messages with same call ID are assigned to the same real server.

Check all packets

Enable or disable checking for all packets.

This parameter determines whether or not to generate sticky entries from all HTTP response packets. If this parameter is not configured, the device generates sticky entries only from the first response packet of a connection.

Request configuration

Enable the device to obtain the specified string from HTTP requests for matching HTTP-passive sticky entries.

The HTTP-passive sticky method requires both the request and response configuration for generating sticky entries. When the device receives an HTTP request, it obtains the specified string based on the request configuration. If the string matches the HTTP response string obtained using the response configuration, the device generates a sticky entry based on the string in the response. For subsequent HTTP request packets matching the sticky entry, the device forwards them according to the sticky entry.

Follow these guidelines when you configure the request and response:

·     An HTTP-passive sticky group allows the device to obtain a maximum of four strings from HTTP response packets and a maximum of four strings from HTTP request packets.

·     Suppose the device obtains n strings from HTTP response packets. The strings can further generate 2n-1 strings by combining the method IDs in the response configuration. Any of the 2n-1 strings can be used to match the string obtained using the request configuration.

·     Suppose the device obtains n strings from HTTP request packets. Those strings will be combined as one string by following the configuration order of method IDs.

Use an example to illustrate how to generate a sticky entry based on HTTP request and response packets:

·     Configure method IDs 1, 2, and 3 in the response configuration. If the device obtains strings a, b, and c based on your configuration, the strings can further generate seven strings, namely, a, b, c, ab, ac, bc, and abc.

·     Configure method IDs 2, 3, and 4 in the request configuration.

·     After receiving HTTP requests, the device generates a sticky entry when the following conditions are met:

¡     The device obtains strings a, b, and c based on the request configuration.

¡     The combined string abc matches that obtained based on the response configuration.

·     For subsequent HTTP requests matching the sticky entry generated based on the string abc, the device forwards them according to the sticky entry.

To configure the request:

1.     Click Create to create an HTTP-passive sticky method.

¡     ID—Enter the method ID.

¡     Search position—Select the position to obtain the string from the HTTP request. Options are Header and Content.

¡     Header type—Specify the type of string to obtain from the HTTP request. Options are Name and URL. This parameter is available only when the Search position is set to Header.

¡     Header name—Enter the HTTP header name, which is case insensitive. This parameter is available only when the Header type is set to Name.

¡     Start string—Specify the regular expression that marks the start of the HTTP header, URL, or HTTP entity.

¡     Length/End string—Specify the length and end string of the HTTP header, URL, or HTTP entity.

2.     Click OK. The HTTP-passive sticky method appears in the request configuration list.

Response configuration

Enable the device to obtain the specified string from HTTP responses for generating HTTP-passive sticky entries.

The HTTP-passive sticky method requires both the request and response configuration for generating sticky entries.

To configure the response:

1.     Click Create to create an HTTP-passive sticky method.

¡     ID—Enter the method ID.

¡     Search position—Select the location to obtain the string from the HTTP response. Options are Header and Content.

¡     Header type—Specify the type of string to obtain from the HTTP response. This parameter is available only when the Search position is set to Header.

¡     Header name—Enter the HTTP header name, which is case insensitive. This parameter is available only when the Header type is set to Name.

¡     Start string—Specify the regular expression that marks the start of the HTTP header or HTTP entity.

¡     Length/End string—Specify the length and end string of the HTTP header or HTTP entity. Length specifies the length of the HTTP header or HTTP entity. The value 0 indicates any length. End string specifies the regular expression that marks the end of the HTTP header or HTTP entity. The string cannot contain question marks (?).

2.     Click OK. The HTTP-passive sticky method appears in the response configuration list.

Request configuration

Enable the device to obtain the specified string from UDP requests for matching UDP-passive sticky entries.

The UDP-passive sticky method requires both the request and response configuration for generating sticky entries.

When the device receives a UDP request, it obtains the specified payload based on the request configuration. If the payload matches the UDP response payload obtained using the response configuration, the device generates a sticky entry based on the payload in the response. For subsequent UDP request packets matching the sticky entry, the device forwards them according to the sticky entry.

Select UDP-Passive sticky method to configure the following parameters:

·     Offset—Specify the offset value of the UDP payload based on the start of the UDP request packet.

·     Start string—Specify the regular expression that marks the start of the UDP payload. The string cannot contain question marks (?).

·     Length/End string—Specify the length and end string of the UDP payload. Length specifies the length of the UDP payload. The value 0 indicates any length. End string specifies the regular expression that marks the end of the UDP payload. The string cannot contain question marks (?).

Response configuration

Enable the device to obtain the specified string from UDP responses for generating UDP-passive sticky entries.

The UDP-passive sticky method requires both the request and response configuration for generating sticky entries.

Select UDP-Passive sticky method to configure the following parameters:

·     Offset—Specify the offset value of the UDP payload based on the start of the UDP response packet.

·     Start string—Specify the regular expression that marks the start of the UDP payload. The string cannot contain question marks (?).

·     Length/End string—Specify the length and end string of the UDP payload. Length specifies the length of the UDP payload. The value 0 indicates any length. End string specifies the regular expression that marks the end of the UDP payload. The string cannot contain question marks (?).

Offset

Specify the offset value of the TCP payload based on the start of the TCP packet.

Start string

Specify the regular expression that marks the start of the TCP payload. The string cannot contain question marks (?).

Length/End string

Specify the length and end string of the TCP payload.

·     Length—Specify the length of the TCP payload. The value 0 indicates any length.

·     End string—Specify the regular expression that marks the end of the TCP payload. The string cannot contain question marks (?).

SNAT pool name

Enter a name for the SNAT address pool, case insensitive.

Address range list

To add an address range:

1.     Click Add.

¡     Start IP address—Enter the start IP address.

¡     End IP address—Enter the end IP address, which cannot be smaller than the start IP address.

2.     Click OK. The new address range appears in the address range list.

Interfaces for sending gratuitous ARP/ND packets

Specify the interfaces for sending gratuitous ARP packets and ND packets.

An address conflict might occur if the IP address of the interface to be connected to the server is in the same network segment as the SNAT address pool. To avoid address conflicts, specify an interface for sending gratuitous ARP/ND packets as the interface to connect to the server.

Description

Enter a description for the SNAT address pool.

VRF

Specify the VPN instance to which proximity entries belong.

You can select an existing VPN instance or create a VPN instance. A created VPN instance can be viewed from Network > VRF.

Default probe method

Specify the default probe method.

You can select an existing probe method or create a probe method. A created probe method can be viewed from Policies > Load Balancing > Common Configuration > Proximity > Proximity Probe Method.

Mask length

Specify the mask length for IPv4 proximity entries. The value 0 indicates the natural mask.

Aging time

Set the timeout timer for proximity entries.

TTL weight

Set the TTL weight for proximity calculation. A larger value indicates a higher weight.

RTT weight

Set the network delay weight for proximity calculation. A larger value indicates a higher weight.

Cost weight

Set the cost weight for proximity calculation. A larger value indicates a higher cost weight.

Bandwidth weight

Set the bandwidth weights for proximity calculation.

·     Inbound—Set the inbound bandwidth weight for proximity calculation. A larger value indicates a higher bandwidth weight.

·     Outbound—Set the outbound bandwidth weight for proximity calculation. A larger value indicates a higher bandwidth weight.

Max entries

Set the maximum number of proximity entries. The value 0 indicates that the maximum number of proximity entries is not limited.

Packet loss ratio weight

Set the packet loss ratio weight for proximity calculation.

This parameter specifies the weight of packet loss ratio in calculating the composite link cost. It applies only when you enable the proximity feature or configure the link quality algorithm.

Probe template name

Enter a name for the probe template name, case insensitive.

Probe interval

Set the probe interval.

Timeout time

Set the timeout time for probe responses.

ISP name

Enter a name for the ISP, case insensitive.

Description

Enter a description for the ISP.

Whois maintainer object

Configure a whois maintainer object to identify an ISP.

Enter a name for the whois maintainer object, and click Add.

·     Object name—Enter a name for the whois maintainer object, a string of 1 to 63 characters. A maximum of 10 whois maintainer objects can be configured for one ISP.

·     Source—The way a whois maintainer object is added. It can be Manually configured, Imported from file, and Manually configured and Imported from file.

ISP list

1.     Click Create to configure an ISP address.

¡     Address type—Select the address type: IPv4 or IPv6.

¡     IP address—Enter an IPv4 address and mask length (1-32) or an IPv6 address and prefix length (1-128).

2.     Click OK. The ISP address appears in the ISP list.

¡     Source—The way an ISP address is obtained. It can be Manually configured, Imported from file, and Auto update.

ISP auto update

Enable or disable ISP auto update.

Whois server

Specify the whois server from which the device queries ISP information. You can specify a whois server by specifying a domain name or IP address.

·     Domain name—Specify the domain name of the whois server, a case-insensitive, dot-separated string of 1 to 253 characters. Each dot-separated label in the domain name can contain a maximum of 63 characters. The domain name can contain letters, digits, hyphens (-), underscores (_), and periods (.).

·     IPv4 address—Specify the IPv4 address of the whois server.

ISP update frequency

Specify the interval for ISP auto update. Options include Per day, Per week, and Per month. The specific update time is 4:02:00 a.m.

Last successfully updated

Time of the most recent successful update.

Last updated

Time of the most recent update.

Updated ISPs

Number of ISP addresses in the most recent update.

Update result

Result of the most recent update. Values include Success, Connection error, Connection abort, DNS error, and No update.

Region name

Enter a name for the region, case insensitive.

ISP

Add an ISP.

1.     Select an existing ISP or create an ISP. A created ISP can be viewed from the Policies > Load Balancing > Common Configuration > ISP page.

2.     Click Add. The added ISP appears in the box below the text box.