Outbound link load balancing configuration examples

 

The following information provides outbound link load balancing configuration examples.

 

This document is not restricted to specific software or hardware versions. Procedures and information in the examples might be slightly different depending on the software or hardware version of the device.

The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

The following information is provided based on the assumption that you have basic knowledge of the outbound link load balancing feature.

Network configuration

ISP 1 and ISP 2 provide an enterprise with two links, Link 1 and Link 2. Both links have the same router hop count, bandwidth, and cost.

Configure outbound link load balancing to meet the following requirements:

·     The traffic for SoHu video application is distributed to link Link1.

·     The traffic for all other application is distributed to link Link2.

Figure 1 Network diagram

 

Software versions used

This configuration example was created and verified on F9345 of the F1060 device.

Procedures

1.     Assign IP addresses to interfaces and add the interfaces to security zones.

# On the top navigation bar, click the Network tab.

# From the navigation pane, select Interface Configuration > Interfaces.

# Click the Edit icon for GE 1/0/1.

# In the dialog box that opens, configure the interface:

¡     Select the Untrust security zone.

¡     On the IPv4 Address tab, enter the IP address and mask of the interface. In this example, enter 30.1.1.1/24.

¡     Use the default settings for other parameters.

¡     Click OK.

# Add GE 1/0/2 to the Untrust security zone and set its IP address to 20.1.1.1./24 in the same way you configure GE 1/0/1.

# Add GE 1/0/3 to the Trust security zone and set its IP address to 192.168.100.82/24 in the same way you configure GE 1/0/1.

2.     Configure security policies.

# On the top navigation bar, click Policies.

# From the navigation pane, select Security Policies > Security Policies.

# Click Create.

# In the dialog box that opens, configure a security policy named Trust-to-Untrust:

¡     Enter policy name Trust-to-Untrust.

¡     Select source zone Trust.

¡     Select destination zone Untrust.

¡     Select type IPv4.

¡     Select action Permit.

¡     Enter source IPv4 address 192.168.100.0/24.

¡     Use the default settings for other parameters.

¡     Click OK.

# Configure a security policy named Local-to-Untrust:

¡     Enter policy name Local-to-Untrust.

¡     Select source zone Local.

¡     Select destination zone Untrust.

¡     Select type IPv4.

¡     Select action Permit.

¡     Enter destination IPv4 addresses 20.1.1.0/24 and 30.1.1.0/24.

¡     Use the default settings for other parameters.

¡     Click OK.

3.     Configure an ICMP probe template.

# On the top navigation bar, click Objects.

# From the navigation pane, click Health Monitoring.

# Click Create.

# In the dialog box that opens, configure an ICMP probe template:

a.     Enter template name t1.

b.     Select type ICMP.

c.     Enter 100 for the Length of data to pad field.

d.     Enter 5000 for the Probe interval field.

e.     Enter 3000 for the Probe timeout field.

f.     Click OK.

Figure 2 Creating an ICMP probe template

 

4.     Configure an application group.

# On the top navigation bar, click Objects.

# From the navigation pane, select APPSecurity > APP Recognition > Application Groups.

# Click Create.

# In the dialog box that opens, configure an application group named app-group_video:

¡     Enter group name app-group_video.

¡     Add application SoHuVideo in the Streaming_Media category to the Selected Applications pane.

¡     Click OK.

Figure 3 Creating an application group

 

5.     Configure links.

# On the top navigation bar, click Polices.

# From the navigation pane, select Load Balancing > Common Configuration > Links.

# Click Create.

# In the dialog box that opens, configure a link named link1:

¡     Enter link name link1.

¡     Select Manual for the Next hop config method field.

¡     Enter next hop IPv4 address 30.1.1.2.

¡     Set the link cost for proximity calculation to 0.

¡     Enable the link feature.

¡     Enable VRF inheritance.

¡     Click OK.

Figure 4 Creating link link1

 

# Configure link link2 in the same way you configure link link1.

Figure 5 Creating link link2

 

6.     Configure link groups.

# On the top navigation bar, click Polices.

# From the navigation pane, select Load Balancing > Link Load Balancing > Outbound Link LB.

# On the Link Group tab, click Create.

# In the dialog box that opens, configure a link group named Link_group1:

¡     Enter link group name Link_group1.

¡     Disable dynamic proximity.

¡     Select scheduling algorithm Round robin.

¡     Select probe method t1.

¡     Set the success criteria to At least 1.

¡     Add link link1 to the link group.

¡     Click OK.

Figure 6 Creating link group Link_group1

 

# Configure link group Link_group2 in the same way you configure link group Link_group1.

Figure 7 Creating link group Link_group2

 

7.     Configure a class.

# On the top navigation bar, click Polices.

# From the navigation pane, select Load Balancing > Link Load Balancing > Outbound Link LB.

# On the Class tab, click Create.

# In the dialog box that opens, configure a class named class_app:

¡     Enter class name class_app.

¡     Select Match any for the Match type field.

¡     Add application group app-group_video as a match rule.

¡     Click OK.

Figure 8 Creating class class_app

 

8.     Configure IPv4 routing policies.

# On the top navigation bar, click Polices.

# From the navigation pane, select Load Balancing > Link Load Balancing > Outbound Link LB.

# In the Global configuration area on the IPv4 Routing Policy tab, enable LB service and Link protection.

Figure 9 Global configuration

 

# In the Policy area on the IPv4 Routing Policy tab, click Create.

# In the dialog box that opens, configure an IPv4 routing policy:

¡     Select name class-app.

¡     Select forwarding mode Load balance.

¡     Select primary link group link_group1.

¡     Select Match next rule for the Fallback action field.

¡     Click OK.

Figure 10 Creating class class-app

 

# In the Policy area on the IPv4 Routing Policy tab, click the Edit icon for the default IPv4 routing policy named Default.

# In the dialog box that opens, configure the default IPv4 routing policy:

¡     Select forwarding mode Load balance.

¡     Select primary link group link_group2.

¡     Click OK.

Figure 11 Editing the default IPv4 routing policy

 

The IPv4 routing policy configuration is as follows:

Figure 12 IPv4 routing policy configuration

 

Verifying the configuration

1.     Open the Sohu video client, and select a movie to play.

2.     Verify that the traffic for the Sohu video client is transmitted over link link1:

# On the top navigation bar, click the Monitor tab.

# From the navigation pane, select Statistics > Outbound Link LB Statistics > Links.

The Link Statistics page is as follows:

Figure 13 Link statistics