15-High Availability Configuration Guide

HomeSupportConfigure & DeployConfiguration GuidesH3C Access Controllers Configuration Guides(R5447P04)-6W10015-High Availability Configuration Guide
04-Load balancing configuration
Title Size Download
04-Load balancing configuration 556.73 KB

Contents

Load balancing overview·· 1

Advantages of load balancing· 1

Load balancing types· 1

Configuring outbound link load balancing· 2

About outbound link load balancing· 2

Typical network diagram·· 2

Workflow· 2

Restrictions: Hardware compatibility with outbound link load balancing· 3

Outbound link load balancing tasks at a glance· 4

Relationship between configuration items· 4

Tasks at a glance· 5

Configuring a link group· 5

Link group tasks at a glance· 5

Creating a link group· 6

Configuring a scheduling algorithm for a link group· 6

Setting the availability criteria· 7

Disabling NAT· 7

Configuring SNAT· 7

Enabling the slow online feature· 8

Configuring health monitoring· 9

Specifying a fault processing method· 9

Configuring the proximity feature· 10

Configuring a link· 11

Link tasks at a glance· 11

Creating a link and specifying a link group· 12

Specifying an outbound next hop for a link· 12

Specifying an outgoing interface for a link· 12

Setting a weight and priority· 13

Configuring the bandwidth and connection parameters· 13

Configuring health monitoring· 13

Enabling the slow offline feature· 14

Setting the link cost for proximity calculation· 14

Setting the bandwidth ratio and maximum expected bandwidth· 15

Configuring a virtual server 15

Restrictions and guidelines· 15

Virtual server tasks at a glance· 15

Creating a virtual server 16

Specifying the VSIP and port number 16

Specifying link groups· 16

Specifying an LB policy· 17

Specifying a parameter profile· 17

Configuring the bandwidth and connection parameters· 17

Enabling the link protection feature· 18

Enabling bandwidth statistics collection by interfaces· 18

Enabling a virtual server 18

Configuring an LB class· 19

LB class tasks at a glance· 19

Creating an LB class· 19

Creating a match rule that references an LB class· 19

Creating a source IP address match rule· 20

Creating a destination IP address match rule· 20

Creating an ACL match rule· 20

Creating an input interface match rule· 20

Creating a user match rule· 20

Creating a user group match rule· 21

Creating a domain name match rule· 21

Creating an ISP match rule· 21

Creating an application group match rule· 21

Configuring an LB action· 22

About LB actions· 22

Restrictions and guidelines· 22

LB action tasks at a glance· 22

Creating an LB action· 22

Configuring a forwarding LB action· 23

Configuring the ToS field in IP packets sent to the server 23

Configuring an LB policy· 24

About LB policies· 24

LB policy tasks at a glance· 24

Creating an LB policy· 24

Specifying an LB action· 24

Specifying the default LB action· 25

Configuring a sticky group· 25

Sticky group tasks at a glance· 25

Creating a sticky group· 25

Configuring the IP sticky method· 25

Configuring the timeout time for sticky entries· 26

Ignoring the limits for sessions that match sticky entries· 26

Configuring a parameter profile· 26

About configuring a parameter profile· 26

Creating a parameter profile· 27

Configuring the ToS field in IP packets sent to the client 27

Configuring ISP information· 27

About configuring ISP information· 27

Restrictions and guidelines· 27

Configuring ISP information manually· 27

Importing an ISP file· 28

Configuring the ALG feature· 28

Performing a load balancing test 28

Enabling SNMP notifications· 29

Enabling load balancing logging· 29

About load balancing logging· 29

Enabling load balancing basic logging· 30

Enabling load balancing NAT logging· 30

Enabling load balancing link busy state logging· 30

Displaying and maintaining outbound link load balancing· 30

Outbound link load balancing configuration examples· 31

Example: Configuring outbound link load balancing· 31

Configuring transparent DNS proxies· 34

About transparent DNS proxies· 34

Application scenario· 34

Workflow· 35

Transparent DNS proxy on the LB device· 36

Restrictions: Hardware compatibility with transparent DNS proxies· 37

Transparent DNS proxy tasks at a glance· 38

Configuring a transparent DNS proxy· 38

Restrictions and guidelines· 38

Transparent DNS proxy tasks at a glance· 38

Creating a transparent DNS proxy· 39

Specifying an IP address and port number 39

Specifying the default DNS server pool 39

Specifying an LB policy· 40

Enabling the link protection feature· 40

Enabling the transparent DNS proxy· 40

Configuring a DNS server pool 41

Creating a DNS server pool 41

Configuring a scheduling algorithm for a DNS server pool 41

Configuring health monitoring· 42

Configuring a DNS server 43

DNS server tasks at a glance· 43

Creating a DNS server and specifying a DNS server pool 43

Specifying an IP address and port number 43

Enabling the device to automatically obtain the IP address of a DNS server 44

Associating a link with a DNS server 44

Setting a weight and priority· 44

Configuring health monitoring· 45

Configuring a link· 45

Link tasks at a glance· 45

Creating a link· 46

Specifying an outbound next hop for a link· 46

Specifying an outgoing interface for a link· 46

Configuring the maximum bandwidth· 46

Configuring health monitoring· 47

Setting the bandwidth ratio and maximum expected bandwidth· 47

Configuring an LB class· 48

LB class tasks at a glance· 48

Creating an LB class· 48

Creating a match rule that references an LB class· 48

Creating a source IP address match rule· 48

Creating a destination IP address match rule· 49

Creating an ACL match rule· 49

Creating a domain name match rule· 49

Configuring an LB action· 49

About LB actions· 49

Restrictions and guidelines· 50

LB action tasks at a glance· 50

Creating an LB action· 50

Configuring a forwarding LB action· 50

Configuring the ToS field in IP packets sent to the DNS server 51

Configuring an LB policy· 52

LB policy tasks at a glance· 52

Creating an LB policy· 52

Specifying an LB action· 52

Specifying the default LB action· 52

Configuring a sticky group· 53

Sticky group tasks at a glance· 53

Creating a sticky group· 53

Configuring the IP sticky method· 53

Configuring the timeout time for sticky entries· 54

Enabling load balancing logging· 54

About load balancing logging· 54

Enabling load balancing NAT logging· 54

Enabling load balancing link busy state logging· 54

Displaying and maintaining transparent DNS proxy· 54

Transparent DNS proxy configuration examples· 55

Example: Configuring transparent DNS proxy· 55

 


Load balancing overview

Load balancing (LB) is a cluster technology that distributes services among multiple network devices or links.

Advantages of load balancing

Load balancing has the following advantages:

·     High performance—Improves overall system performance by distributing services to multiple devices or links.

·     Scalability—Meets increasing service requirements without compromising service quality by easily adding devices or links.

·     High availability—Improves overall availability by using backup devices or links.

·     Manageability—Simplifies configuration and maintenance by centralizing management on the load balancing device.

·     Transparency—Preserves the transparency of the network topology for end users. Adding or removing devices or links does not affect services.

Load balancing types

Link load balancing is supported to implement dynamic link selection among multiple carrier links, enhancing link utilization. Link load balancing supports IPv4 and IPv6, but does not support IPv4-to-IPv6 packet translation. Link load balancing is classified into the following types:

·     Outbound link load balancing—Load balances traffic among the links from the internal network to the external network.

·     Transparent DNS proxy—Load balances DNS requests among the links from the internal network to the external network.


Configuring outbound link load balancing

About outbound link load balancing

Outbound link load balancing load balances traffic among the links from the internal network to the external network.

Typical network diagram

Figure 1 Network diagram

 

As shown in Figure 1, outbound link load balancing contains the following elements:

·     LB device—Distributes outbound traffic among multiple links.

·     Link—Physical links provided by ISPs.

·     VSIP—Virtual service IP address of the cluster, which identifies the destination network for packets from the internal network.

·     Server IP—IP address of a server.

Workflow

Figure 2 shows the outbound link load balancing workflow.

Figure 2 Outbound link load balancing workflow

 

The workflow for outbound link load balancing is as follows:

1.     The LB device receives traffic from the internal server.

2.     The LB device selects the optimal link based on the LB policy, sticky method, proximity algorithm, and scheduling algorithm (typically the bandwidth algorithm or maximum bandwidth algorithm) in turn.

3.     The LB device forwards the traffic to the external server through the optimal link.

4.     The LB device receives traffic from the external server.

5.     The LB device forwards the traffic to the internal server.

Restrictions: Hardware compatibility with outbound link load balancing

Hardware series

Model

Product code

Outbound link load balancing compatibility

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

Yes

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

Yes

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

No

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

No

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

No

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

No

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

No

Hardware series

Model

Product code

Outbound link load balancing compatibility

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

No

WX5800H series

WX5860H

EWP-WX5860H-GL

No

Outbound link load balancing tasks at a glance

Relationship between configuration items

Figure 3 shows the relationship between the following configuration items:

·     Link group—A collection of links that contain similar functions. A link group can be referenced by a virtual server or an LB action.

·     Link—Physical links provided by ISPs.

·     Virtual server—A virtual service provided by the LB device to determine whether to perform load balancing for packets received on the LB device. Only the packets that match a virtual server are load balanced.

·     LB class—Classifies packets to implement load balancing based on packet type.

·     LB action—Drops, forwards, or modifies packets.

·     LB policy—Associates an LB class with an LB action. An LB policy can be referenced by a virtual server.

·     Sticky group—Uses a sticky method to distribute similar sessions to the same link. A sticky group can be referenced by a virtual server or an LB action.

·     Parameter profile—Defines advanced parameters to process packets. A parameter profile can be referenced by a virtual server.

Figure 3 Relationship between the main configuration items

 

Tasks at a glance

To configure outbound link load balancing, perform the following tasks:

1.     Configuring a link group

2.     Configuring a link

3.     Configuring a virtual server

4.     (Optional.) Configuring an LB policy

a.     Configuring an LB class

b.     Configuring an LB action

c.     Configuring an LB policy

5.     (Optional.) Configuring a sticky group

6.     (Optional.) Configuring a parameter profile

7.     (Optional.) Configuring ISP information

8.     (Optional.) Configuring the ALG feature

9.     (Optional.) Performing a load balancing test

10.     (Optional.) Configuring SNMP notifications and logging for load balancing

¡     Enabling SNMP notifications

¡     Enabling load balancing logging

Configuring a link group

You can add links that contain similar functions to a link group to facilitate management.

Link group tasks at a glance

To configure a link group, perform the following tasks:

1.     Creating a link group

2.     Configuring a scheduling algorithm for a link group

3.     Setting the availability criteria

4.     Disabling NAT

5.     (Optional.) Configuring SNAT

6.     (Optional.) Enabling the slow online feature

7.     (Optional.) Configuring health monitoring

8.     (Optional.) Specifying a fault processing method

9.     (Optional.) Configuring the proximity feature

Creating a link group

1.     Enter system view.

system-view

2.     Create a link group and enter link group view.

loadbalance link-group link-group-name

3.     (Optional.) Configure a description for the link group.

description text

By default, no description is configured for a link group.

Configuring a scheduling algorithm for a link group

About this task

Perform this task to specify a scheduling algorithm for a link group and specify the number of links to participate in scheduling. The LB device calculates the links to process user requests based on the specified scheduling algorithm.

The device provides the following scheduling algorithms for a link group:

·     Weighted least connection algorithm (link-based)—Always assigns user requests to the link with the fewest number of weighted active connections (the total number of active connections in all link groups divided by weight). The weight value used in this algorithm is configured in real server view.

·     Random algorithm—Randomly assigns user requests to links.

·     Round robin algorithm—Assigns user requests to links based on the weights of links. A higher weight indicates more user requests will be assigned.

·     Bandwidth algorithm—Distributes user requests to links according to the weights and remaining bandwidth of links.

·     Maximum bandwidth algorithm—Distributes user requests always to an idle link that has the largest remaining bandwidth.

·     Source IP address hash algorithm—Hashes the source IP address of user requests and distributes user requests to different links according to the hash values.

·     Source IP address and port hash algorithm—Hashes the source IP address and port number of user requests and distributes user requests to different links according to the hash values.

·     Destination IP address hash algorithm—Hashes the destination IP address of user requests and distributes user requests to different links according to the hash values.

Procedure

1.     Enter system view.

system-view

2.     Enter link group view.

loadbalance link-group link-group-name

3.     Specify a scheduling algorithm for the link group.

predictor hash address { destination | source | source-ip-port } [ mask mask-length ] [ prefix prefix-length ]

predictor { least-connection | { bandwidth | max-bandwidth } [ inbound | outbound ] | random | round-robin }

By default, the scheduling algorithm for a link group is weighted round robin.

4.     Specify the number of links to participate in scheduling.

selected-link min min-number max max-number

By default, the links with the highest priority participate in scheduling.

Setting the availability criteria

About this task

Perform this task to set the criteria (lower percentage and higher percentage) to determine whether a link group is available. This helps implement traffic switchover between the master and backup link groups.

·     When the number of available links to the total number of links in the master link group is smaller than the lower percentage, traffic is switched to the backup link group.

·     When the number of available links to the total number of links in the master link group is greater than the upper percentage, traffic is switched back to the master link group.

Procedure

1.     Enter system view.

system-view

2.     Enter link group view.

loadbalance link-group link-group-name

3.     Set the criteria to determine whether the link group is available.

activate lower lower-percentage upper upper-percentage

By default, when a minimum of one link is available, the link group is available.

Disabling NAT

Restrictions and guidelines

Typically, outbound link load balancing networking requires disabling NAT for a link group.

Procedure

1.     Enter system view.

system-view

2.     Enter link group view.

loadbalance link-group link-group-name

3.     Disable NAT for the link group.

transparent enable

By default, NAT is enabled for a link group.

Configuring SNAT

About this task

After a link group references the SNAT address pool, the LB device replaces the source address of the packets it receives with an SNAT address before forwarding the packets.

Restrictions and guidelines

An SNAT address pool can have a maximum of 256 IPv4 addresses and 65536 IPv6 addresses. No overlapping IPv4 or IPv6 addresses are allowed in different SNAT address pools.

As a best practice, do not use SNAT because its application scope is limited for outbound link load balancing.

Procedure

1.     Enter system view.

system-view

2.     Create an SNAT address pool and enter SNAT address pool view.

loadbalance snat-pool pool-name

3.     (Optional.) Configure a description for the SNAT address pool.

description text

By default, no description is configured for an SNAT address pool.

4.     Specify an address range for the SNAT address pool.

IPv4:

ip range start start-ipv4-address end end-ipv4-address

IPv6:

ipv6 range start start-ipv6-address end end-ipv6-address

By default, an SNAT address pool does not contain address ranges.

5.     Return to system view.

quit

6.     Enter link group view.

loadbalance link-group link-group-name

7.     Specify the SNAT address pool to be referenced by the link group.

snat-pool pool-name

By default, no SNAT address pool is referenced by a link group.

Enabling the slow online feature

About this task

Links newly added to a link group might be unable to immediately process large numbers of services assigned by the LB device. To resolve this issue, enable the slow online feature for the link group. The feature uses the standby timer and ramp-up timer. When the links are brought online, the LB device does not assign any services to the links until the standby timer expires.

When the standby timer expires, the ramp-up timer starts. During the ramp-up time, the LB device increases the service amount according to the processing capability of the links, until the ramp-up timer expires.

Procedure

1.     Enter system view.

system-view

2.     Enter link group view.

loadbalance link-group link-group-name

3.     Enable the slow online feature for the link group.

slow-online [ standby-time standby-time ramp-up-time ramp-up-time ]

By default, the slow online feature is disabled for a link group.

Configuring health monitoring

About this task

Perform this task to enable health monitoring to detect the availability of links.

Restrictions and guidelines

The health monitoring configuration in link view takes precedence over the configuration in link group view.

You can specify an NQA template or load balancing template for health monitoring. For information about NQA templates, see NQA configuration in Network Management and Monitoring Configuration Guide.

Procedure

1.     Enter system view.

system-view

2.     Enter link group view.

loadbalance link-group link-group-name

3.     Specify a health monitoring method for the link group.

probe template-name

By default, no health monitoring method is specified for a link group.

4.     Specify the health monitoring success criteria for the link group.

success-criteria { all | at-least min-number }

By default, health monitoring succeeds only when all the specified health monitoring methods succeed.

Specifying a fault processing method

About this task

Perform this task to specify one of the following fault processing methods for a link group:

·     Keep—Does not actively terminate the connection with the failed link. Keeping or terminating the connection depends on the timeout mechanism of the protocol.

·     Reschedule—Redirects the connection to another available link in the link group.

·     Reset—Terminates the connection with the failed link by sending RST packets (for TCP packets) or ICMP unreachable packets (for other types of packets).

Procedure

1.     Enter system view.

system-view

2.     Enter link group view.

loadbalance link-group link-group-name

3.     Specify a fault processing method for the link group.

fail-action { keep | reschedule | reset }

By default, the fault processing method is keep. All available connections are kept.

Configuring the proximity feature

About this task

The proximity feature performs link detection to select the optimal link to a destination. If no proximity information for a destination is available, the load balancing module selects a link based on the scheduling algorithm. It then performs proximity detection to generate proximity entries for forwarding subsequent traffic.

You can specify an NQA template or load-balancing probe template to perform link detection. The device generates proximity entries according to the detection results and proximity parameter settings. For information about NQA templates, see NQA configuration in Network Management and Monitoring Configuration Guide.

Restrictions and guidelines

To configure the proximity feature, first configure proximity parameters in proximity view, and then enable the proximity feature in link group view.

Configuring a load balancing probe template

1.     Enter system view.

system-view

2.     Create a load balancing probe template and enter load balancing probe template view.

loadbalance probe-template icmp template-name

3.     Set the probe interval.

frequency interval

The default setting is 300 seconds.

4.     Set the timeout time for probe responses.

timeout timeout-value

The default setting is 3 seconds.

Configuring proximity parameters

1.     Enter system view.

system-view

2.     Enter proximity view.

loadbalance proximity

3.     Specify the proximity probe method for packets.

match [ match-id ] { tcp } { lb-probe lb-template | probe nqa-template }

By default, no proximity probe method is specified.

4.     Specify the default proximity probe method.

match default { lb-probe lb-template | probe nqa-template }

By default, the default proximity probe method is not specified.

5.     Set the mask length for IPv4 proximity entries.

ip mask { mask-length | mask }

By default, the mask length for IPv4 proximity entries is 24.

6.     Set the prefix length for IPv6 proximity entries.

ipv6 prefix prefix-length

By default, the prefix length for IPv6 proximity entries is 96.

7.     Set the network delay weight for proximity calculation.

rtt weight rtt-weight

By default, the network delay weight for proximity calculation is 100.

8.     Set the TTL weight for proximity calculation.

ttl weight ttl-weight

By default, the TTL weight for proximity calculation is 100.

9.     Set the bandwidth weight for proximity calculation.

bandwidth { inbound | outbound } weight bandwidth-weight

By default, the inbound or outbound bandwidth weight for proximity calculation is 100.

10.     Set the cost weight for proximity calculation.

cost weight cost-weight

By default, the cost weight for proximity calculation is 100.

11.     Set the aging timer for proximity entries.

timeout timeout-value

By default, the aging timer for proximity entries is 60 seconds.

12.     Set the maximum number of proximity entries.

max-number number

By default, the number of proximity entries is not limited.

Enabling the proximity feature

1.     Enter system view.

system-view

2.     Enter link group view.

loadbalance link-group link-group-name

3.     Enable the proximity feature.

proximity enable

By default, the proximity feature is disabled for a link group.

Configuring a link

A link is a physical link provided by an ISP. A link can belong to only one link group. A link group can have multiple links.

Link tasks at a glance

To configure a link, perform the following tasks:

1.     Creating a link and specifying a link group

2.     Specifying a next hop IP address or an outgoing interface

Choose one of the following tasks:

¡     Specifying an outbound next hop for a link

¡     Specifying an outgoing interface for a link

3.     Setting a weight and priority

4.     (Optional.) Configuring the bandwidth and connection parameters

5.     (Optional.) Configuring health monitoring

6.     (Optional.) Enabling the slow offline feature

7.     (Optional.) Setting the link cost for proximity calculation

8.     (Optional.) Setting the bandwidth ratio and maximum expected bandwidth

Creating a link and specifying a link group

1.     Enter system view.

system-view

2.     Create a link and enter link view.

loadbalance link link-name

By default, no links exist.

3.     (Optional.) Configure a description for the link.

description text

By default, no description is configured for a link.

4.     Specify a link group for the link.

link-group link-group-name

By default, a link does not belong to any link group.

Specifying an outbound next hop for a link

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Specify an outbound next hop for the link.

IPv4:

router ip ipv4-address

IPv6:

router ipv6 ipv6-address

By default, a link does not have an outbound next hop.

Specifying an outgoing interface for a link

About this task

In scenarios where IP addresses are obtained through PPPoE, an LB device can dynamically obtain the outbound next hop IP address through the specified outgoing interface.

Procedure

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Specify an outgoing interface for the link.

router interface interface-type interface-number

By default, no outgoing interface is specified for a link.

Setting a weight and priority

About this task

Perform this task to configure a weight for the weighted round robin and weighted least connection algorithms of a link, and the scheduling priority in the link group for the server.

Procedure

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Set a weight for the link.

weight weight-value

By default, the weight of a link is 100.

4.     Set a priority for the link.

priority priority

By default, the priority of a link is 4.

Configuring the bandwidth and connection parameters

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Set the maximum bandwidth for the link.

rate-limit bandwidth [ inbound | outbound ] bandwidth-value

By default, the maximum bandwidth, inbound bandwidth, and outbound bandwidth are 0 KBps for a link. The bandwidths are not limited.

4.     Set the maximum number of connections for the link.

connection-limit max max-number

By default, the maximum number of connections is 0 for a link. The number is not limited.

5.     Set the maximum number of connections per second for the link.

rate-limit connection connection-number

By default, the maximum number of connections per second is 0 for a link. The number is not limited.

Configuring health monitoring

About this task

Perform this task to enable health monitoring to detect the availability of a link.

Restrictions and guidelines

The health monitoring configuration in link view takes precedence over the configuration in link group view.

Procedure

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Specify a health monitoring method for the link.

probe template-name

By default, no health monitoring method is specified for a link.

4.     Specify the health monitoring success criteria for the link.

success-criteria { all | at-least min-number }

By default, the health monitoring succeeds only when all the specified health monitoring methods succeed.

Enabling the slow offline feature

About this task

The shutdown command immediately terminates existing connections of a link. The slow offline feature ages out the connections, and does not establish new connections.

Restrictions and guidelines

To enable the slow offline feature for a link, you must execute the slow-shutdown enable command and then the shutdown command. If you execute the shutdown command and then the slow-shutdown enable command, the slow offline feature does not take effect and the link is shut down.

Procedure

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Enable the slow offline feature for the link.

slow-shutdown enable

By default, the slow offline feature is disabled.

4.     Shut down the link.

shutdown

By default, the link is activated.

Setting the link cost for proximity calculation

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Set the link cost for proximity calculation.

cost cost-value

By default, the link cost for proximity calculation is 0.

Setting the bandwidth ratio and maximum expected bandwidth

About this task

When the traffic exceeds the maximum expected bandwidth multiplied by the bandwidth ratio of a link, new traffic (traffic that does not match any sticky entries) is not distributed to the link. When the traffic drops below the maximum expected bandwidth multiplied by the bandwidth recovery ratio of the link, the link participates in scheduling again.

In addition to being used for link protection, the maximum expected bandwidth is used for remaining bandwidth calculation in the bandwidth algorithm, maximum bandwidth algorithm, and dynamic proximity algorithm.

Procedure

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Set the bandwidth ratio.

bandwidth [ inbound | outbound ] busy-rate busy-rate-number [ recovery recovery-rate-number ]

By default, the total bandwidth ratio is 70.

4.     Set the maximum expected bandwidth.

max-bandwidth [ inbound | outbound ] bandwidth-value

By default, the maximum expected bandwidth, maximum uplink expected bandwidth, and maximum downlink expected bandwidth are 0 KBps. The bandwidths are not limited.

Configuring a virtual server

A virtual server is a virtual service provided by the LB device to determine whether to perform load balancing for packets received on the LB device. Only the packets that match a virtual server are load balanced.

Restrictions and guidelines

Outbound link load balancing supports only the link-IP virtual server.

Virtual server tasks at a glance

To configure a virtual server, perform the following tasks:

1.     Creating a virtual server

2.     Specifying the VSIP and port number

3.     Configuring a packet processing policy

Choose the following tasks as needed:

¡     Specifying link groups

¡     Specifying an LB policy

4.     (Optional.) Specifying a parameter profile

5.     (Optional.) Configuring the bandwidth and connection parameters

6.     (Optional.) Enabling the link protection feature

7.     (Optional.) Enabling bandwidth statistics collection by interfaces

8.     Enabling a virtual server

Creating a virtual server

1.     Enter system view.

system-view

2.     Create a link-IP virtual server and enter virtual server view.

virtual-server virtual-server-name type link-ip

3.     (Optional.) Configure a description for the virtual server.

description text

By default, no description is configured for the virtual server.

Specifying the VSIP and port number

1.     Enter system view.

system-view

2.     Enter link-IP virtual server view.

virtual-server virtual-server-name

3.     Specify the VSIP for the virtual server.

IPv4:

virtual ip address ipv4-address [ mask-length | mask ]

IPv6:

virtual ipv6 address ipv6-address [ prefix-length ]

By default, no IPv4 or IPv6 address is specified for a virtual server.

4.     Specify the port number for the virtual server.

port port-number

By default, the port number is 0 (meaning any port number) for a link-IP virtual server.

Specifying link groups

About this task

When the primary link group is available (contains available links), the virtual server forwards packets through the primary link group. When the primary link group is not available, the virtual server forwards packets through the backup link group.

Procedure

1.     Enter system view.

system-view

2.     Enter virtual server view.

virtual-server virtual-server-name

3.     Specify link groups.

default link-group link-group-name [ backup backup-link-group-name ] [ sticky sticky-name ]

By default, no link group is specified for a virtual server.

Specifying an LB policy

About this task

By referencing an LB policy, the virtual server load balances matching packets based on the packet contents.

Procedure

1.     Enter system view.

system-view

2.     Enter virtual server view.

virtual-server virtual-server-name

3.     Specify an LB policy for the virtual server.

lb-policy policy-name

By default, the virtual server does not reference any LB policies.

A virtual server can only reference a policy profile of the specified type. For example, a virtual server of the link-IP type can only reference a policy profile of the link-generic type.

Specifying a parameter profile

About this task

You can configure advanced parameters through a parameter profile. The virtual server references the parameter profile to analyze, process, and optimize service traffic.

Procedure

1.     Enter system view.

system-view

2.     Enter virtual server view.

virtual-server virtual-server-name

3.     Specify a parameter profile for the virtual server.

parameter ip profile-name

By default, the virtual server does not reference any parameter profiles.

Configuring the bandwidth and connection parameters

1.     Enter system view.

system-view

2.     Enter virtual server view.

virtual-server virtual-server-name

3.     Set the maximum bandwidth for the virtual server.

rate-limit bandwidth [ inbound | outbound ] bandwidth-value

By default, the maximum bandwidth, inbound bandwidth, and outbound bandwidth for the virtual server are 0 KBps. The bandwidths are not limited.

4.     Set the maximum number of connections for the virtual server.

connection-limit max max-number

By default, the maximum number of connections of the virtual server is 0. The number is not limited.

5.     Set the maximum number of connections per second for the virtual server.

rate-limit connection connection-number

By default, the maximum number of connections per second for the virtual server is 0. The number is not limited.

Enabling the link protection feature

About this task

Perform this task to prevent traffic from overwhelming a busy link. If traffic exceeds the bandwidth ratio of a link, the LB device distributes new traffic that does not match any sticky entries to other links.

Restrictions and guidelines

This feature takes effect only when bandwidth statistics collection by interfaces is enabled.

Procedure

1.     Enter system view.

system-view

2.     Enter virtual server view.

virtual-server virtual-server-name

3.     Enable the link protection feature.

bandwidth busy-protection enable

By default, the link protection feature is disabled.

Enabling bandwidth statistics collection by interfaces

About this task

By default, the load balancing module automatically collects link bandwidth statistics. Perform this task to enable interfaces to collect bandwidth statistics.

Procedure

1.     Enter system view.

system-view

2.     Enter virtual server view.

virtual-server virtual-server-name

3.     Enable bandwidth statistics collection by interfaces.

bandwidth interface statistics enable

By default, bandwidth statistics collection by interfaces is disabled.

Enabling a virtual server

About this task

After you configure a virtual server, you must enable the virtual server for it to work.

Procedure

1.     Enter system view.

system-view

2.     Enter virtual server view.

virtual-server virtual-server-name

3.     Enable the virtual server.

service enable

By default, the virtual server is disabled.

Configuring an LB class

An LB class classifies packets by comparing packets against specific rules. Matching packets are further processed by LB actions. You can create a maximum of 65535 rules for an LB class.

LB class tasks at a glance

To configure an LB class, perform the following tasks:

1.     Creating an LB class

2.     Creating a match rule

Choose the following tasks as needed:

¡     Creating a match rule that references an LB class

¡     Creating a source IP address match rule

¡     Creating a destination IP address match rule

¡     Creating an ACL match rule

¡     Creating an input interface match rule

¡     Creating a user match rule

¡     Creating a user group match rule

¡     Creating a domain name match rule

¡     Creating an ISP match rule

¡     Creating an application group match rule

Creating an LB class

1.     Enter system view.

system-view

2.     Create a link-generic LB class, and enter LB class view.

loadbalance class class-name type link-generic [ match-all | match-any ]

When you create an LB class, you must specify the class type. You can enter an existing LB class view without specifying the class type. If you specify the class type when entering an existing LB class view, the class type must be the one specified when you create the LB class.

3.     (Optional.) Configure a description for the LB class.

description text

By default, no description is configured for the LB class.

Creating a match rule that references an LB class

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create a match rule that references an LB class.

match [ match-id ] class class-name

Creating a source IP address match rule

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create a source IP address match rule.

match [ match-id ] source { ip address ipv4-address [ mask-length | mask ] | ipv6 address ipv6-address [ prefix-length ] }

Creating a destination IP address match rule

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create a destination IP address match rule.

match [ match-id ] destination { ip address ipv4-address [ mask-length | mask ] | ipv6 address ipv6-address [ prefix-length ] }

Creating an ACL match rule

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create an ACL match rule.

match [ match-id ] acl [ ipv6 ] { acl-number | name acl-name }

Creating an input interface match rule

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create an input interface match rule.

match [ match-id ] interface interface-type interface-number

Creating a user match rule

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create a user match rule.

match [ match-id ] [ identity-domain domain-name ] user user-name

Creating a user group match rule

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create a user group match rule.

match [ match-id ] [ identity-domain domain-name ] user-group user-group-name

Creating a domain name match rule

About this task

The LB device stores mappings between domain names and IP addresses in the DNS cache. If the destination IP address of an incoming packet matches an IP address in the DNS cache, the LB device queries the domain name for the IP address. If the queried domain name matches the domain name configured in a match rule, the LB device takes the LB action on the packet.

Procedure

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create a domain name match rule.

match [ match-id ] destination domain-name domain-name

By default, an LB class does not have any match rules.

Creating an ISP match rule

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create an ISP match rule.

match [ match-id ] isp isp-name

Creating an application group match rule

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create an application group match rule.

match [ match-id ] app-group group-name

Configuring an LB action

About LB actions

LB actions include the following modes:

·     Forwarding mode—Determines whether and how to forward packets. If no forwarding action is specified, packets are dropped.

·     Modification mode—Modifies packets. To prevent the LB device from dropping the modified packets, the modification action must be used together with a forwarding action.

If you create an LB action without specifying any of the previous action modes, packets are dropped.

Restrictions and guidelines

The "Configuring the forwarding mode" and "Specifying link groups" tasks are mutually exclusive. Configuring one task automatically cancels the other task that you have configured.

LB action tasks at a glance

To configure an LB action, perform the following tasks:

1.     Creating an LB action

2.     (Optional.) Configuring a forwarding LB action

¡     Configuring the forwarding mode

¡     Specifying link groups

¡     (Optional.) Matching the next rule upon failure to find a link

3.     (Optional.) Configuring a modification LB action

¡     Configuring the ToS field in IP packets sent to the server

Creating an LB action

1.     Enter system view.

system-view

2.     Create a link-generic LB action and enter LB action view.

loadbalance action action-name type link-generic

When you create an LB action, you must specify the action type. You can enter an existing LB action view without specifying the action type. If you specify the action type when entering an existing LB action view, the action type must be the one specified when you create the LB action.

3.     (Optional.) Configure a description for the LB action.

description text

By default, no description is configured for the LB action.

Configuring a forwarding LB action

About this task

Three forwarding LB action types are available:

·     Forward—Forwards matching packets.

·     Specify link groups—When the primary link group is available (contains available real servers), the primary link group is used to guide packet forwarding. When the primary link group is not available, the backup link group is used to guide packet forwarding.

·     Match the next rule upon failure to find a link—If the device fails to find a link according to the LB action, it matches the packet with the next rule in the LB policy.

Configuring the forwarding mode

1.     Enter system view.

system-view

2.     Enter LB action view.

loadbalance action action-name

3.     Configure the forwarding mode.

forward all

By default, the forwarding mode is to discard packets.

Specifying link groups

1.     Enter system view.

system-view

2.     Enter LB action view.

loadbalance action action-name

3.     Specify link groups.

link-group link-group-name [ backup backup-link-group-name ] [ sticky sticky-name ]

By default, no link group is specified.

Matching the next rule upon failure to find a link

1.     Enter system view.

system-view

2.     Enter LB action view.

loadbalance action action-name

3.     Match the next rule upon failure to find a link.

fallback-action continue

By default, the next rule is not matched when no links are available for the current LB action.

Configuring the ToS field in IP packets sent to the server

1.     Enter system view.

system-view

2.     Enter LB action view.

loadbalance action action-name

3.     Configure the ToS field in IP packets sent to the server.

set ip tos tos-number

By default, the ToS field in IP packets sent to the server is not changed.

Configuring an LB policy

About LB policies

An LB policy associates an LB class with an LB action to guide packet forwarding. In an LB policy, you can configure an LB action for packets matching the specified LB class, and configure the default action for packets matching no LB class.

You can specify multiple LB classes for an LB policy. Packets match the LB classes in the order the LB classes are configured. If an LB class is matched, the specified LB action is performed. If no LB class is matched, the default LB action is performed.

LB policy tasks at a glance

To configure an LB policy, perform the following tasks:

1.     Creating an LB policy

2.     Specifying an LB action

3.     Specifying the default LB action

Creating an LB policy

1.     Enter system view.

system-view

2.     Create a link-generic LB policy, and enter LB action view.

loadbalance policy policy-name type link-generic

When you create an LB policy, you must specify the policy type. You can enter an existing LB policy view without specifying the policy type. If you specify the policy type when entering an existing LB policy view, the policy type must be the one specified when you create the LB policy.

3.     (Optional.) Configure a description for the LB policy.

description text

By default, no description is configured for an LB policy.

Specifying an LB action

Restrictions and guidelines

A link-generic LB policy can reference only link-generic LB classes and link-generic LB actions.

Procedure

1.     Enter system view.

system-view

2.     Enter LB policy view.

loadbalance policy policy-name

3.     Specify an LB action for the specified LB class.

class class-name [ insert-before before-class-name ] action action-name

By default, no LB action is specified for any LB classes.

You can specify an LB action for different LB classes.

Specifying the default LB action

Restrictions and guidelines

A link-generic LB policy can only reference link-generic LB actions.

Procedure

1.     Enter system view.

system-view

2.     Enter LB policy view.

loadbalance policy policy-name

3.     Specify the default LB action.

default-class action action-name

By default, no default LB action is specified.

Configuring a sticky group

A sticky group uses a sticky method to distribute similar sessions to the same link according to sticky entries. The sticky method applies to the first packet of a session. Other packets of the session are distributed to the same link.

Sticky group tasks at a glance

To configure a sticky group, perform the following tasks:

1.     Creating a sticky group

2.     Configuring the IP sticky method

3.     (Optional.) Configuring the timeout time for sticky entries

4.     (Optional.) Ignoring the limits for sessions that match sticky entries

Creating a sticky group

1.     Enter system view.

system-view

2.     Create an address- and port-type sticky group and enter sticky group view.

sticky-group group-name type address-port

When you create a sticky group, you must specify the group type. You can enter an existing sticky group view without specifying the group type. If you specify the group type when entering an existing sticky group view, the group type must be the one specified when you create the sticky group.

3.     (Optional.) Configure a description for the sticky group.

description text

By default, no description is configured for the sticky group.

Configuring the IP sticky method

1.     Enter system view.

system-view

2.     Enter sticky group view.

sticky-group group-name

3.     Configure the IP sticky method.

IPv4:

ip [ port ] { both | destination | source } [ mask mask-length ]

IPv6:

ipv6 [ port ] { both | destination | source } [ prefix prefix-length ]

By default, no IP sticky method is configured.

Configuring the timeout time for sticky entries

1.     Enter system view.

system-view

2.     Enter sticky group view.

sticky-group group-name

3.     Configure the timeout time for sticky entries.

timeout timeout-value

By default, the timeout time for sticky entries is 86400 seconds for sticky groups of the HTTP cookie type and 60 seconds for sticky groups of other types.

Ignoring the limits for sessions that match sticky entries

About this task

Perform this task to ignore the following limits for sessions that match sticky entries:

·     Bandwidth and connection parameters on links.

·     LB connection limit policies on virtual servers.

Procedure

1.     Enter system view.

system-view

2.     Enter sticky group view.

sticky-group group-name

3.     Ignore the limits for sessions that match sticky entries.

override-limit enable

By default, the session limits apply to sessions that match sticky entries.

Configuring a parameter profile

About configuring a parameter profile

You can configure advanced parameters through a parameter profile. The virtual server references the parameter profile to analyze, process, and optimize service traffic.

Creating a parameter profile

1.     Enter system view.

system-view

2.     Create an IP-type parameter profile and enter parameter profile view.

parameter-profile profile-name type ip

By default, no parameter profiles exist.

When you create a parameter profile, you must specify the profile type. You can enter an existing parameter profile view without specifying the profile type. If you specify the profile type when entering an existing parameter profile view, the profile type must be the one specified when you create the parameter profile.

3.     (Optional.) Configure a description for the parameter profile.

description text

By default, no description is configured for the parameter profile.

Configuring the ToS field in IP packets sent to the client

1.     Enter system view.

system-view

2.     Enter IP parameter profile view.

parameter-profile profile-name

3.     Configure the ToS field in IP packets sent to the client.

set ip tos tos-number

By default, the ToS field in IP packets sent to the client is not changed.

Configuring ISP information

About configuring ISP information

Perform this task to configure IP address information for an ISP. The IP address information can be used by an ISP match rule. When the destination IP address of packets matches the ISP match rule of an LB class, the LB device takes the action associated with the class. The device supports the following methods to configure IP address information:

·     Manual configuration—The administrator manually specifies IP address information.

·     ISP file import—The administrator manually imports an ISP file in .tp format.

Restrictions and guidelines

You can configure ISP information manually, import an ISP file, or use both methods.

Configuring ISP information manually

1.     Enter system view.

system-view

2.     Create an ISP and enter ISP view.

loadbalance isp name isp-name

3.     Specify the IP address for the ISP.

IPv4:

ip address ipv4-address { mask-length | mask }

IPv6:

ipv6 address ipv6-address prefix-length

By default, an ISP does not contain IPv4 or IPv6 addresses.

An ISP does not allow overlapping network segments.

4.     (Optional.) Configure a description for the ISP.

description text

By default, no description is configured for the ISP.

Importing an ISP file

1.     Enter system view.

system-view

2.     Import an ISP file.

loadbalance isp file isp-file-name

Configuring the ALG feature

About this task

The Application Level Gateway (ALG) feature distributes parent and child sessions to the same link.

Procedure

1.     Enter system view.

system-view

2.     Enable ALG.

¡     Enable ALG for the specified protocol:
loadbalance alg { dns | ftp | h323 | icmp-error | ils | mgcp | nbt | pptp | rsh | rtsp | sccp | sip | sqlnet | tftp | xdmcp }

¡     Enable ALG for all protocols:
loadbalance alg all-enable

By default, ALG is enabled for the DNS, FTP, PPTP, and RTSP protocols and ICMP error packets.

Performing a load balancing test

About this task

Perform this task in any view to test the load balancing result.

Procedure

1.     Execute the following command to perform an IPv4 load balancing test in any view:

loadbalance schedule-test ip { application http { message-file file-name | method { get | post } url url [ header header ]&<1-10> [ content content-value ] } | protocol { protocol-number | icmp | tcp | udp } } destination destination-address destination-port destination-port source source-address source-port source-port

2.     Execute the following command to perform an IPv6 load balancing test in any view:

loadbalance schedule-test ipv6 { application http { message-file file-name | method { get | post } url url [ header header ]&<1-10> [ content content-value ] } | protocol { protocol-number | icmpv6 | tcp | udp } } destination destination-address destination-port destination-port source source-address source-port source-port

Enabling SNMP notifications

About this task

To report critical load balancing events to an NMS, enable SNMP notifications for load balancing. For load balancing event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

The SNMP notifications configuration tasks for Layer 4 and Layer 7 server load balancing are the same.

Procedure

1.     Enter system view.

system-view

2.     Enable SNMP notifications for load balancing.

snmp-agent trap enable loadbalance

By default, SNMP notifications are enabled for load balancing.

Enabling load balancing logging

About load balancing logging

For security auditing purposes, enable load balancing logging to record load balancing information. Load balancing logging includes the following types:

·     Basic logging.

·     NAT logging.

·     Link busy state logging.

Basic logging generates logs for the following events:

·     The state of a link or link group changes.

·     The health monitoring result of a link changes.

·     The number of connections on a link or virtual server reaches or drops below the upper limit.

·     The connection establishment rate on a link or virtual server reaches or drops below the upper limit.

·     A primary/backup  server farm switchover occurs between server farms specified for a virtual server.

·     A primary/backup  server farm switchover occurs between server farms specified for an LB action.

NAT logging records NAT session information, including IP address and port translation information and access information.

Link busy state logging records busy states for all links.

Enabling load balancing basic logging

1.     Enter system view.

system-view

2.     Enable load balancing basic logging.

loadbalance log enable base

By default, load balancing basic logging is enabled.

Enabling load balancing NAT logging

1.     Enter system view.

system-view

2.     Enable load balancing NAT logging.

loadbalance log enable nat

By default, load balancing NAT logging is disabled.

Enabling load balancing link busy state logging

1.     Enter system view.

system-view

2.     Enable load balancing link busy state logging.

loadbalance log enable bandwidth-busy

By default, load balancing link busy state logging is disabled.

Displaying and maintaining outbound link load balancing

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display LB action information.

display loadbalance action [ name action-name ]

Display LB class information.

display loadbalance class [ name class-name ]

Display ISP information.

display loadbalance isp [ ip ipv4-address | ipv6 ipv6-address | name isp-name ]

Display LB policy information.

display loadbalance policy [ name policy-name ]

Display proximity entry information.

display loadbalance proximity [ ip [ ipv4-address ] | ipv6 [ ipv6-address ] ]

Display parameter profile information.

display parameter-profile [ name parameter-name ]

Display link information.

display loadbalance link [ brief | name link-name ]

Display link statistics.

display loadbalance link statistics [ name link-name ]

Display link outbound interface statistics.

display loadbalance link out-interface statistics [ name link-name ]

Display link group information.

display loadbalance link-group [ brief | name link-group-name ]

Display sticky entry information.

display sticky virtual-server [ virtual-server-name ] [ class class-name | default-class | default-link-group ]

Display sticky group information.

display sticky-group [ name group-name ]

Display virtual server information.

display virtual-server [ brief | name virtual-server-name ]

Display virtual server statistics.

display virtual-server statistics [ name virtual-server-name ]

Display the ALG status for all protocols.

display loadbalance alg

Clear proximity entry information.

reset loadbalance proximity [ ip [ ipv4-address ] | ipv6 [ ipv6-address ] ]

Clear all Layer 7 connections.

reset loadbalance connections

Clear link statistics.

reset loadbalance link statistics [ link-name ]

Clear virtual server statistics.

reset virtual-server statistics [ virtual-server-name ]

Outbound link load balancing configuration examples

Example: Configuring outbound link load balancing

Network configuration

In Figure 4, ISP 1 and ISP 2 provide two links, Link 1 and Link 2, with the same router hop count, bandwidth, and cost. Link 1 has lower network delay.

Configure link load balancing for the AC to select an optimal link for traffic from the client to the server.

Figure 4 Network diagram

Procedure

1.     Configure IP addresses for interfaces.

<AC> system-view

[AC] interface gigabitethernet 1/0/1

[AC-GigabitEthernet1/0/1] ip address 10.1.1.1 24

[AC-GigabitEthernet1/0/1] quit

[AC] interface gigabitethernet 1/0/2

[AC-GigabitEthernet1/0/2] ip address 20.1.1.1 24

[AC-GigabitEthernet1/0/2] quit

2.     Configure a link group:

# Create the ICMP-type NQA template t1, and configure the NQA client to send the probe result to the feature that uses the template on a per-probe basis.

[AC] nqa template icmp t1

[AC-nqatplt-icmp-t1] reaction trigger per-probe

[AC-nqatplt-icmp-t1] quit

# Specify the default proximity probe method as t1, and set the network delay weight for proximity calculation to 200.

[AC] loadbalance proximity

[AC-lb-proximity] match default probe t1

[AC-lb-proximity] rtt weight 200

[AC-lb-proximity] quit

# Create the link group lg, and enable the proximity feature.

[AC] loadbalance link-group lg

[AC-lb-lgroup-lg] proximity enable

# Disable the NAT feature.

[AC-lb-lgroup-lg] transparent enable

[AC-lb-lgroup-lg] quit

3.     Configure links:

# Create the link link1 with next hop address 10.1.1.2, and add it to the link group lg.

[AC] loadbalance link link1

[AC-lb-link-link1] router ip 10.1.1.2

[AC-lb-link-link1] link-group lg

[AC-lb-link-link1] quit

# Create the link link2 with next hop address 20.1.1.2, and add it to link group lg.

[AC] loadbalance link link2

[AC-lb-link-link2] router ip 20.1.1.2

[AC-lb-link-link2] link-group lg

[AC-lb-link-link2] quit

4.     Create the link-IP virtual server vs with VSIP 0.0.0.0/0, specify its default master link group lg, and enable the virtual server.

[AC] virtual-server vs type link-ip

[AC-vs-link-ip-vs] virtual ip address 0.0.0.0 0

[AC-vs-link-ip-vs] default link-group lg

[AC-vs-link-ip-vs] service enable

[AC-vs-link-ip-vs] quit

Verifying the configuration

# Display brief information about all links.

[AC] display loadbalance link brief

Link             Route IP             State        VPN instance   Link group

link1            10.1.1.2             Active                      lg

link2            20.1.1.2             Active                      lg

# Display detailed information about all link groups.

[AC] display loadbalance link-group

Link group: lg

  Description:

  Predictor: Round robin

  Proximity: Enabled

  NAT: Disabled

  SNAT pool:

  Failed action: Keep

  Active threshold: Disabled

  Slow-online: Disabled

  Selected link: Disabled

  Probe information:

    Probe success criteria: All

    Probe method:

    t1

  Total link: 2

  Active link: 2

  Link list:

  Name          State         VPN instance  Router IP            Weight Priority

  link1         Active                      10.1.1.2             100    4

  link2         Active                      20.1.1.2             100    4

# Display detailed information about all virtual servers.

[AC] display virtual-server

Virtual server: vs

  Description:

  Type: LINK-IP

  State: Active

  VPN instance:

  Virtual IPv4 address: 0.0.0.0/0

  Virtual IPv6 address: --

  Port: 0

  Primary link group: lg (in use)

  Backup link group:

  Sticky:

  LB policy:

  LB limit-policy:

  Connection limit: --

  Rate limit:

    Connections: --

    Bandwidth: --

    Inbound bandwidth: --

    Outbound bandwidth: --

  Connection synchronization: Disabled

  Sticky synchronization: Disabled

  Bandwidth busy protection: Disabled

  Interface bandwidth statistics: Disabled

  Route advertisement: Disabled

# Display brief information about all IPv4 proximity entries.

[AC] display loadbalance proximity ip

  IPv4 entries in total: 1

    IPv4 address/Mask length       Timeout     Best link

    ------------------------------------------------------------

    10.1.1.0/24                    50          link1

Configuring transparent DNS proxies

About transparent DNS proxies

Application scenario

As shown in Figure 5, intranet users of an enterprise can access external servers A and B through link 1 of ISP 1 and link 2 of ISP 2. External servers A and B provide the same services. All DNS requests of intranet users are forwarded to DNS server A, which returns the resolved IP address of external server A to the requesting users. In this way, all traffic of intranet users is forwarded on one link. Link congestion might occur.

The transparent DNS proxy feature can solve this problem by forwarding DNS requests to DNS servers in different ISPs. All traffic from intranet users is evenly distributed on multiple links. This feature can prevent link congestion and ensure service continuity upon a link failure.

Figure 5 Transparent DNS proxy working mechanism

 

Workflow

The transparent DNS proxy is implemented by changing the destination IP address of DNS requests.

Figure 6 Transparent DNS proxy workflow

 

Table 1 Workflow description

Step

Source IP address

Destination IP address

1.     An intranet user on the client host sends a DNS request to the LB device.

Host IP address

IP address of DNS server A

2.     The LB device selects a DNS server to forward the DNS request according to the scheduling algorithm.

N/A

N/A

3.     The LB device changes the destination IP address of the DNS request as the IP address of the selected DNS server.

Host IP address

IP address of the selected DNS server

4.     The DNS server processes the DNS request and replies with a DNS response.

IP address of the selected DNS server

Host IP address

5.     The LB device changes the source IP address of the DNS response as the destination IP address of the DNS request.

IP address of DNS server A

Host IP address

6.     The intranet user accesses the external server according to the resolved IP address in the DNS response.

Host IP address

IP address of the external server

7.     The external server responds to the intranet user.

IP address of the external server

Host IP address

 

Transparent DNS proxy on the LB device

The LB device distributes DNS requests to multiple links by changing the destination IP address of DNS requests.

As shown in Figure 7, the LB device contains the following elements:

·     Transparent DNS proxy—The LB device performs transparent DNS proxy for a DNS request only when the port number of the DNS request matches the port number of the transparent DNS proxy.

·     DNS server pool—A group of DNS servers.

·     DNS server—Entity that processes DNS requests.

·     Link—Physical link provided by an ISP.

·     LB class—Classifies packets to implement load balancing based on packet type.

·     LB action—Drops, forwards, or modifies packets.

·     LB policy—Associates an LB class with an LB action. An LB policy can be referenced by the transparent DNS proxy.

Figure 7 Transparent DNS proxy on the LB device

 

If the destination IP address and port number of a DNS request match those of the transparent DNS proxy, the LB device processes the DNS request as follows:

1.     The LB device finds the DNS server pool associated with the transparent DNS proxy.

2.     The LB device selects a DNS server according to the scheduling algorithm configured for the DNS server pool.

3.     The LB device uses the IP address of the selected DNS server as the destination IP address of the DNS request, and sends the request to the DNS server.

4.     The DNS server receives and processes the DNS request, and replies with a DNS response.

The intranet user can now access the external server after receiving the DNS response.

Restrictions: Hardware compatibility with transparent DNS proxies

Hardware series

Model

Product code

Transparent DNS proxy compatibility

WX1800H series

WX1804H-PWR

EWP-WX1804H-PWR-CN

Yes

WX2500H series

WX2508H-PWR-LTE

WX2510H-PWR

WX2510H-F-PWR

WX2540H

WX2540H-F

WX2560H

EWP-WX2508H-PWR-LTE

EWP-WX2510H-PWR

EWP-WX2510H-F-PWR

EWP-WX2540H

EWP-WX2540H-F

EWP-WX2560H

Yes

MAK series

MAK204

MAK206

EWP-MAK204

EWP-MAK206

Yes

WX3000H series

WX3010H

WX3010H-X-PWR

WX3010H-L-PWR

WX3024H

WX3024H-L-PWR

WX3024H-F

EWP-WX3010H

EWP-WX3010H-X-PWR

EWP-WX3010H-L-PWR

EWP-WX3024H

EWP-WX3024H-L-PWR

EWP-WX3024H-F

No

WX3500H series

WX3508H

WX3508H

WX3510H

WX3510H

WX3520H

WX3520H-F

WX3540H

WX3540H

EWP-WX3508H

EWP-WX3508H-F

EWP-WX3510H

EWP-WX3510H-F

EWP-WX3520H

EWP-WX3520H-F

EWP-WX3540H

EWP-WX3540H-F

No

WX5500E series

WX5510E

WX5540E

EWP-WX5510E

EWP-WX5540E

No

WX5500H series

WX5540H

WX5560H

WX5580H

EWP-WX5540H

EWP-WX5560H

EWP-WX5580H

No

Access controller modules

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

LSUM1WCME0

EWPXM1WCME0

LSQM1WCMX20

LSUM1WCMX20RT

LSQM1WCMX40

LSUM1WCMX40RT

EWPXM2WCMD0F

EWPXM1MAC0F

No

Hardware series

Model

Product code

Transparent DNS proxy compatibility

WX1800H series

WX1804H-PWR

WX1810H-PWR

WX1820H

WX1840H

EWP-WX1804H-PWR

EWP-WX1810H-PWR

EWP-WX1820H

EWP-WX1840H-GL

Yes

WX3800H series

WX3820H

WX3840H

EWP-WX3820H-GL

EWP-WX3840H-GL

No

WX5800H series

WX5860H

EWP-WX5860H-GL

No

Transparent DNS proxy tasks at a glance

To configure the transparent DNS proxy feature, perform the following tasks:

1.     Configuring a transparent DNS proxy

2.     Configuring a DNS server pool

3.     Configuring a DNS server

4.     Configuring a link

5.     (Optional.) Configuring an LB policy

a.     Configuring an LB class

b.     Configuring an LB action

c.     Configuring an LB policy

6.     (Optional.) Configuring a sticky group

7.     (Optional.) Enabling load balancing logging

Configuring a transparent DNS proxy

By configuring a transparent DNS proxy, you can load balance DNS requests that match the transparent DNS proxy.

Restrictions and guidelines

If both the "Specifying the default DNS server pool" and "Specifying an LB policy" tasks are configured, packets are processed by the LB policy first. If the processing fails, the packets are processed by the default DNS server pool.

Transparent DNS proxy tasks at a glance

To configure a transparent DNS proxy, perform the following tasks:

1.     Creating a transparent DNS proxy

2.     Specifying an IP address and port number

3.     Configuring a packet processing policy

Choose the following tasks as needed:

¡     Specifying the default DNS server pool

¡     Specifying an LB policy

4.     (Optional.) Enabling the link protection feature

5.     Enabling the transparent DNS proxy

Creating a transparent DNS proxy

1.     Enter system view.

system-view

2.     Create a transparent DNS proxy and enter its view.

loadbalance dns-proxy dns-proxy-name type udp

Specifying an IP address and port number

Restrictions and guidelines

As a best practice, configure an all-zero IP address for a transparent DNS proxy. In this case, all DNS requests are processed by the transparent DNS proxy.

Procedure

1.     Enter system view.

system-view

2.     Enter transparent DNS proxy view.

loadbalance dns-proxy dns-proxy-name

3.     Specify an IP address for the transparent DNS proxy.

IPv4:

ip address ipv4-address [ mask-length | mask ]

IPv6:

ipv6 address ipv6-address [ prefix-length ]

By default, no IP address is specified for a transparent DNS proxy.

4.     Specify the port number for the transparent DNS proxy.

port port-number

By default, the port number is 53 for a transparent DNS proxy.

Specifying the default DNS server pool

1.     Enter system view.

system-view

2.     Enter transparent DNS proxy view.

loadbalance dns-proxy dns-proxy-name

3.     Specify the default DNS server pool for the transparent DNS proxy.

default dns-server-pool pool-name [ sticky sticky-name ]

By default, no default DNS server pool is specified for a transparent DNS proxy.

Specifying an LB policy

About this task

By referencing an LB policy, the transparent DNS proxy load balances matching DNS requests based on the packet contents. For more information about configuring an LB policy, see "Configuring an LB policy."

Procedure

1.     Enter system view.

system-view

2.     Enter transparent DNS proxy view.

loadbalance dns-proxy dns-proxy-name

3.     Specify an LB policy for the transparent DNS proxy.

lb-policy policy-name

By default, a transparent DNS proxy does not reference any LB policies.

Enabling the link protection feature

About this task

This feature enables a transparent DNS proxy to select a DNS server based on the link bandwidth ratio. If the bandwidth ratio of a link is exceeded, the DNS server is not selected.

If the traffic volume on the link to a DNS server exceeds the maximum expected bandwidth multiplied by the bandwidth ratio, the DNS server is busy and will not be selected. If the traffic volume drops below the maximum expected bandwidth multiplied by the bandwidth recovery ratio, the DNS server participates in scheduling again. For more information about setting the bandwidth ratio, see "Setting the bandwidth ratio and maximum expected bandwidth."

Procedure

1.     Enter system view.

system-view

2.     Enter transparent DNS proxy view.

loadbalance dns-proxy dns-proxy-name

3.     Enable the link protection feature.

bandwidth busy-protection enable

By default, the link protection feature is disabled.

Enabling the transparent DNS proxy

About this task

After configuring a transparent DNS proxy, you must enable the transparent DNS proxy for it to work.

Procedure

1.     Enter system view.

system-view

2.     Enter transparent DNS proxy view.

loadbalance dns-proxy dns-proxy-name

3.     Enable the transparent DNS proxy.

service enable

By default, a transparent DNS proxy is disabled.

Configuring a DNS server pool

By configuring a DNS server pool, you can perform centralized management on DNS servers that have similar functions.

Creating a DNS server pool

1.     Enter system view.

system-view

2.     Create a DNS server pool and enter its view.

loadbalance dns-server-pool pool-name

3.     (Optional.) Configure a description for the DNS server pool.

description text

By default, no description is configured for a DNS server pool.

Configuring a scheduling algorithm for a DNS server pool

About this task

Perform this task to specify a scheduling algorithm for a DNS server pool and specify the number of DNS servers to participate in scheduling. The LB device calculates the DNS servers to process DNS requests based on the following scheduling algorithms:

·     Source IP address hash algorithm—Hashes the source IP address of DNS requests and distributes DNS requests to different DNS servers according to the hash values. This hash algorithm ensures that DNS requests with the same source IP address are distributed to the same DNS server.

·     Source IP address and port hash algorithm—Hashes the source IP address and port number of DNS requests and distributes DNS requests to different DNS servers according to the hash values. This hash algorithm ensures that DNS requests with the same source IP address and port number are distributed to the same DNS server.

·     Destination IP address hash algorithm—Hashes the destination IP address of DNS requests and distributes DNS requests to different DNS servers according to the hash values. This hash algorithm ensures that DNS requests with the same destination IP address are distributed to the same DNS server.

·     Random algorithm—Distributes DNS requests to DNS servers randomly.

·     Weighted round-robin algorithm—Distributes DNS requests to DNS servers in a round-robin manner according to the weights of DNS servers. For example, you can assign weight values 2 and 1 to DNS server A and DNS server B, respectively. This algorithm distributes two DNS requests to DNS server A and then distributes one DNS request to DNS server B. This algorithm applies to scenarios where DNS servers have different performance and bear similar load for each session.

·     Bandwidth algorithm—Distributes DNS requests to DNS servers according to the weights and remaining bandwidths of DNS servers. When the remaining bandwidths of two DNS servers are the same, this algorithm is equivalent to the round-robin algorithm. When the weights of two DNS servers are the same, this algorithm always distributes DNS requests to the DNS server that has larger remaining bandwidth.

·     Maximum bandwidth algorithm—Distributes DNS requests always to an idle DNS server that has the largest remaining bandwidth.

Procedure

1.     Enter system view.

system-view

2.     Enter DNS server pool view.

loadbalance dns-server-pool pool-name

3.     Specify a scheduling algorithm for the DNS server pool.

predictor hash address { destination | source | source-ip-port } [ mask mask-length ] [ prefix prefix-length ]

predictor { random | round-robin | { bandwidth | max-bandwidth } [ inbound | outbound ] }

By default, the scheduling algorithm for a DNS server pool is weighted round robin.

4.     Specify the number of DNS servers to participate in scheduling.

selected-server min min-number max max-number

By default, the DNS servers with the highest priority participate in scheduling.

Configuring health monitoring

About this task

Perform this task to enable health monitoring to detect the availability of DNS servers in a DNS server pool.

Restrictions and guidelines

The health monitoring configuration in DNS server view takes precedence over the configuration in DNS server pool view.

You can specify an NQA template or load balancing template for health monitoring. For information about NQA templates, see NQA configuration in Network Management and Monitoring Configuration Guide.

Procedure

1.     Enter system view.

system-view

2.     Enter DNS server pool view.

loadbalance dns-server-pool pool-name

3.     Specify a health monitoring method for the DNS server pool.

probe template-name

By default, no health monitoring method is specified for a DNS server pool.

4.     Specify the health monitoring success criteria for the DNS server pool.

success-criteria { all | at-least min-number }

By default, health monitoring succeeds only when all the specified health monitoring methods succeed.

Configuring a DNS server

Perform this task to configure an entity on the LB device for processing DNS requests. DNS servers configured on the LB device correspond to DNS servers in ISP networks. A DNS server can belong to only one DNS server pool. A DNS server pool can contain multiple DNS servers.

DNS server tasks at a glance

To configure a DNS server, perform the following tasks:

1.     Creating a DNS server and specifying a DNS server pool

2.     Configuring an IP address for a DNS server

Choose one of the following tasks:

¡     Specifying an IP address and port number

¡     Enabling the device to automatically obtain the IP address of a DNS server

3.     Associating a link with a DNS server

4.     (Optional.) Setting a weight and priority

5.     (Optional.) Configuring health monitoring

Creating a DNS server and specifying a DNS server pool

1.     Enter system view.

system-view

2.     Create a DNS server and enter its view.

loadbalance dns-server dns-server-name

3.     (Optional.) Configure a description for the DNS server.

description text

By default, no description is configured for a DNS server.

4.     Specify a DNS server pool for the DNS server.

dns-server-pool pool-name

By default, a DNS server does not belong to any DNS server pool.

Specifying an IP address and port number

1.     Enter system view.

system-view

2.     Enter DNS server view.

loadbalance dns-server dns-server-name

3.     Specify an IP address for the DNS server.

IPv4:

ip address ipv4-address

IPv6:

ipv6 address ipv6-address

By default, no IP address is specified for a DNS server.

4.     Specify the port number for the DNS server.

port port-number

By default, the port number of a DNS server is 0. Packets use their own port numbers.

Enabling the device to automatically obtain the IP address of a DNS server

About this task

In scenarios where IP addresses are obtained through PPPoE, an LB device can dynamically obtain the IP address of a DNS server.

Before configuring this task, you must specify the outgoing interface for the link associated with the DNS server. Otherwise, the IP address of the DNS server cannot be obtained.

Procedure

1.     Enter system view.

system-view

2.     Enter DNS server view.

loadbalance dns-server dns-server-name

3.     Enable the device to automatically obtain the IP address of the DNS server.

auto-alloc address

By default, the device does not automatically obtain the IP address of a DNS server.

Associating a link with a DNS server

Restrictions and guidelines

A DNS server can be associated with only one link. A link can be associated with multiple DNS servers.

Procedure

1.     Enter system view.

system-view

2.     Enter DNS server view.

loadbalance dns-server dns-server-name

3.     Associate a link with the DNS server.

link link-name

By default, no link is associated with a DNS server.

Setting a weight and priority

About this task

Perform this task to set a weight for the weighted round robin algorithm and bandwidth algorithm of a DNS server, and set the scheduling priority in the DNS server pool for the DNS server.

Procedure

1.     Enter system view.

system-view

2.     Enter DNS server view.

loadbalance dns-server dns-server-name

3.     Set a weight for the DNS server.

weight weight-value

By default, the weight of a DNS server is 100.

4.     Set a priority for the DNS server.

priority priority

By default, the priority of a DNS server is 4.

Configuring health monitoring

About this task

Perform this task to enable health monitoring to detect the availability of a DNS server.

Restrictions and guidelines

The health monitoring configuration in DNS server view takes precedence over the configuration in DNS server pool view.

Procedure

1.     Enter system view.

system-view

2.     Enter DNS server view.

loadbalance dns-server dns-server-name

3.     Specify a health monitoring method for the DNS server.

probe template-name

By default, no health monitoring method is specified for a DNS server.

4.     Specify the health monitoring success criteria for the DNS server.

success-criteria { all | at-least min-number }

By default, health monitoring succeeds only when all the specified health monitoring methods succeed.

Configuring a link

A link is a physical link provided by an ISP. You can guide traffic forwarding by specifying an outbound next hop for a link. You can enhance link performance by configuring the maximum bandwidth, health monitoring, bandwidth ratio, and maximum expected bandwidth.

Link tasks at a glance

To configure a link, perform the following tasks:

1.     Creating a link

2.     Specifying a next hop IP address or an outgoing interface

Choose one of the following tasks:

¡     Specifying an outbound next hop for a link

¡     Specifying an outgoing interface for a link

3.     (Optional.) Configuring the maximum bandwidth

4.     (Optional.) Configuring health monitoring

5.     (Optional.) Setting the bandwidth ratio and maximum expected bandwidth

Creating a link

1.     Enter system view.

system-view

2.     Create a link and enter link view.

loadbalance link link-name

3.     (Optional.) Configure a description for the link.

description text

By default, no description is configured for a link.

Specifying an outbound next hop for a link

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Specify an outbound next hop for the link.

IPv4:

router ip ipv4-address

IPv6:

router ipv6 ipv6-address

By default, no outbound next hop is specified for a link.

Specifying an outgoing interface for a link

About this task

In scenarios where IP addresses are obtained through PPPoE, an LB device can dynamically obtain the outbound next hop IP address through the specified outgoing interface.

Procedure

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Specify an outgoing interface for the link.

router interface interface-type interface-number

By default, no outgoing interface is specified for a link.

Configuring the maximum bandwidth

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Set the maximum bandwidth for the link.

rate-limit bandwidth [ inbound | outbound ] bandwidth-value

By default, the maximum bandwidth for a link is not limited.

Configuring health monitoring

About this task

Perform this task to enable health monitoring to detect the availability of a link.

Procedure

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Specify a health monitoring method for the link.

probe template-name

By default, no health monitoring method is specified for a link.

4.     Specify the health monitoring success criteria for the link.

success-criteria { all | at-least min-number }

By default, the health monitoring succeeds only when all the specified health monitoring methods succeed.

Setting the bandwidth ratio and maximum expected bandwidth

About this task

When the traffic exceeds the maximum expected bandwidth multiplied by the bandwidth ratio of a link, new traffic (traffic that does not match any sticky entries) is not distributed to the link. When the traffic drops below the maximum expected bandwidth multiplied by the bandwidth recovery ratio of the link, the link participates in scheduling again.

In addition to being used for link protection, the maximum expected bandwidth is used for remaining bandwidth calculation in the bandwidth algorithm and maximum bandwidth algorithm.

Procedure

1.     Enter system view.

system-view

2.     Enter link view.

loadbalance link link-name

3.     Set the bandwidth ratio.

bandwidth [ inbound | outbound ] busy-rate busy-rate-number [ recovery recovery-rate-number ]

By default, the total bandwidth ratio is 70.

4.     Set the maximum expected bandwidth.

max-bandwidth [ inbound | outbound ] bandwidth-value

By default, the maximum expected bandwidth is not limited.

Configuring an LB class

An LB class classifies packets by comparing packets against specific rules. Matching packets are further processed by LB actions. You can create a maximum of 65535 rules for an LB class.

LB class tasks at a glance

To configure an LB class, perform the following tasks:

1.     Creating an LB class

2.     Creating a match rule

Choose the following tasks as needed:

¡     Creating a match rule that references an LB class

¡     Creating a source IP address match rule

¡     Creating a destination IP address match rule

¡     Creating an ACL match rule

¡     Creating a domain name match rule

Creating an LB class

1.     Enter system view.

system-view

2.     Create a DNS LB class, and enter LB class view.

loadbalance class class-name type dns [ match-all | match-any ]

When you create an LB class, you must specify the class type. You can enter an existing LB class view without specifying the class type. If you specify the class type when entering an existing LB class view, the class type must be the one specified when you create the LB class.

3.     (Optional.) Configure a description for the LB class.

description text

By default, no description is configured for an LB class.

Creating a match rule that references an LB class

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create a match rule that references an LB class.

match [ match-id ] class class-name

Creating a source IP address match rule

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create a source IP address match rule.

match [ match-id ] source { ip address ipv4-address [ mask-length | mask ] | ipv6 address ipv6-address [ prefix-length ] }

Creating a destination IP address match rule

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create a destination IP address match rule.

match [ match-id ] destination { ip address ipv4-address [ mask-length | mask ] | ipv6 address ipv6-address [ prefix-length ] }

Creating an ACL match rule

Restrictions and guidelines

If the specified ACL does not exist, the ACL match rule does not take effect.

Procedure

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create an ACL match rule.

match [ match-id ] acl [ ipv6 ] { acl-number | name acl-name }

By default, an LB class does not have any match rules.

Creating a domain name match rule

1.     Enter system view.

system-view

2.     Enter LB class view.

loadbalance class class-name

3.     Create a domain name match rule.

match [ match-id ] domain-name domain-name

Configuring an LB action

About LB actions

LB actions include the following modes:

·     Forwarding mode—Determines whether and how to forward packets. If no forwarding action is specified, packets are dropped.

·     Modification mode—Modifies packets. To prevent the LB device from dropping the modified packets, the modification action must be used together with a forwarding action.

If you create an LB action without specifying any of the previous action modes, packets are dropped.

Restrictions and guidelines

The following tasks are mutually exclusive:

·     Configuring the forwarding mode

·     Specifying a DNS server pool for guiding packet forwarding

·     Skipping the current transparent DNS proxy

Configuring one task automatically cancels the other task that you have configured.

LB action tasks at a glance

To configure an LB action, perform the following tasks:

1.     Creating an LB action

2.     (Optional.) Configuring a forwarding LB action

¡     Configuring the forwarding mode

¡     Specifying a DNS server pool for guiding packet forwarding

¡     Skipping the current transparent DNS proxy

¡     Matching the next rule upon failure to find a DNS server

3.     (Optional.) Configuring a modification LB action

¡     Configuring the ToS field in IP packets sent to the DNS server

Creating an LB action

1.     Enter system view.

system-view

2.     Create a DNS LB action and enter LB action view.

loadbalance action action-name type dns

When you create an LB action, you must specify the action type. You can enter an existing LB action view without specifying the action type. If you specify the action type when entering an existing LB action view, the action type must be the one specified when you create the LB action.

3.     (Optional.) Configure a description for the LB action.

description text

By default, no description is configured for an LB action.

Configuring a forwarding LB action

About this task

Three forwarding LB action types are available:

·     Forward—Forwards matching packets.

·     Specify a DNS server pool for guiding packet forwarding.

·     Skip the current transparent DNS proxy—Skips the current transparent DNS proxy and match the next transparent DNS proxy or virtual server.

·     Match the next rule upon failure to find a DNS server—If the device fails to find a DNS server according to the LB action, it matches the packet with the next rule in the LB policy.

Configuring the forwarding mode

1.     Enter system view.

system-view

2.     Enter DNS LB action view.

loadbalance action action-name

3.     Configure the forwarding mode.

forward all

By default, the forwarding mode is to discard packets.

Specifying a DNS server pool for guiding packet forwarding

1.     Enter system view.

system-view

2.     Enter DNS LB action view.

loadbalance action action-name

3.     Specify a DNS server pool for guiding packet forwarding.

dns-server-pool pool-name [ sticky sticky-name ]

By default, no DNS server pool is specified for guiding packet forwarding.

Skipping the current transparent DNS proxy

1.     Enter system view.

system-view

2.     Enter DNS LB action view.

loadbalance action action-name

3.     Skip the current transparent DNS proxy.

skip current-dns-proxy

By default, the forwarding mode is to discard packets.

Matching the next rule upon failure to find a DNS server

1.     Enter system view.

system-view

2.     Enter DNS LB action view.

loadbalance action action-name

3.     Match the next rule upon failure to find a DNS server.

fallback-action continue

By default, the next rule is not matched (packets are dropped) when no DNS servers are available for an LB action.

Configuring the ToS field in IP packets sent to the DNS server

1.     Enter system view.

system-view

2.     Enter DNS LB action view.

loadbalance action action-name

3.     Configure the ToS field in IP packets sent to the DNS server.

set ip tos tos-number

By default, the ToS field in IP packets sent to the DNS server is not changed.

Configuring an LB policy

LB policy tasks at a glance

To configure an LB policy, perform the following tasks:

1.     Creating an LB policy

2.     Specifying an LB action

3.     Specifying the default LB action

Creating an LB policy

1.     Enter system view.

system-view

2.     Create a DNS LB policy and enter LB action view.

loadbalance policy policy-name type dns

When you create an LB policy, you must specify the policy type. You can enter an existing LB policy view without specifying the policy type. If you specify the policy type when entering an existing LB policy view, the policy type must be the one specified when you create the LB policy.

3.     (Optional.) Configure a description for the LB policy.

description text

By default, no description is configured for an LB policy.

Specifying an LB action

Restrictions and guidelines

A DNS LB policy can reference only DNS LB classes and DNS LB actions.

Procedure

1.     Enter system view.

system-view

2.     Enter DNS LB policy view.

loadbalance policy policy-name

3.     Specify an LB action for an LB class.

class class-name [ insert-before before-class-name ] action action-name

By default, no LB action is specified for an LB class.

Specifying the default LB action

Restrictions and guidelines

The default LB action takes effect on packets that do not match any LB classes.

A DNS LB policy can reference only a DNS LB action as the default LB action.

Procedure

1.     Enter system view.

system-view

2.     Enter DNS LB policy view.

loadbalance policy policy-name

3.     Specify the default LB action.

default-class action action-name

By default, no default LB action is specified.

Configuring a sticky group

A sticky group uses a sticky method to distribute similar sessions to the same DNS server according to sticky entries. The sticky method applies to the first packet of a session. Other packets of the session are distributed to the same DNS server.

Sticky group tasks at a glance

To configure a sticky group, perform the following tasks:

1.     Creating a sticky group

2.     Configuring the IP sticky method

3.     (Optional.) Configuring the timeout time for sticky entries

Creating a sticky group

1.     Enter system view.

system-view

2.     Create an address- and port-type sticky group and enter sticky group view.

sticky-group group-name type address-port

When you create a sticky group, you must specify the group type. You can enter an existing sticky group view without specifying the group type. If you specify the group type when entering an existing sticky group view, the group type must be the one specified when you create the sticky group.

3.     (Optional.) Configure a description for the sticky group.

description text

By default, no description is configured for a sticky group.

Configuring the IP sticky method

1.     Enter system view.

system-view

2.     Enter sticky group view.

sticky-group group-name

3.     Configure the IP sticky method.

IPv4:

ip [ port ] { both | destination | source } [ mask mask-length ]

IPv6:

ipv6 [ port ] { both | destination | source } [ prefix prefix-length ]

By default, no IP sticky method is configured.

Configuring the timeout time for sticky entries

1.     Enter system view.

system-view

2.     Enter sticky group view.

sticky-group group-name

3.     Configure the timeout time for sticky entries.

timeout timeout-value

By default, the timeout time for sticky entries is 60 seconds.

Enabling load balancing logging

About load balancing logging

For security auditing purposes, enable load balancing logging to record load balancing information. Load balancing logging includes NAT logging and link busy state logging.

NAT logging records NAT session information, including IP address and port translation information and access information.

Link busy state logging records busy states for all links.

Enabling load balancing NAT logging

1.     Enter system view.

system-view

2.     Enable load balancing NAT logging.

loadbalance log enable nat

By default, load balancing NAT logging is disabled.

Enabling load balancing link busy state logging

1.     Enter system view.

system-view

2.     Enable load balancing link busy state logging.

loadbalance log enable bandwidth-busy

By default, load balancing link busy state logging is disabled.

Displaying and maintaining transparent DNS proxy

Execute display commands in any view and reset commands in user view.

 

Task

Command

Display DNS server pool information.

display loadbalance dns-server-pool [ brief | name pool-name ]

Display DNS server information.

display loadbalance dns-server [ brief | name dns-server-name ]

Display DNS server statistics.

display loadbalance dns-server statistics [ name dns-server-name ]

Display transparent DNS proxy information.

display loadbalance dns-proxy [ brief | name dns-proxy-name ]

Display transparent DNS proxy statistics.

display loadbalance dns-proxy statistics [ name dns-proxy-name ]

Display link information.

display loadbalance link [ brief | name link-name ]

Display link statistics.

display loadbalance link statistics [ name link-name ]

Display LB class information.

display loadbalance class [ name class-name ]

Display LB action information.

display loadbalance action [ name action-name ]

Display LB policy information.

display loadbalance policy [ name policy-name ]

Display sticky entry information for transparent DNS proxies.

display sticky dns-proxy [ dns-proxy-name ] [ class class-name | default-class | default-dns-server-pool ]

Display sticky group information.

display sticky-group [ name group-name ]

Clear DNS server statistics.

reset loadbalance dns-server statistics [ dns-server-name ]

Clear transparent DNS proxy statistics.

reset loadbalance dns-proxy statistics [ dns-proxy-name ]

Clear link statistics.

reset loadbalance link statistics [ link-name ]

 

Transparent DNS proxy configuration examples

Example: Configuring transparent DNS proxy

Network configuration

In Figure 8, ISP 1 and ISP 2 provide two links with the same bandwidth: Link 1 and Link 2. The IP address of the DNS server of ISP 1 is 10.1.2.100. The IP address of the DNS server of ISP 2 is 20.1.2.100. Intranet users use domain name www.abc.com to access Web server A and Web server B.

Configure a transparent DNS proxy on the AC to evenly distribute user traffic to Link 1 and Link 2.

Figure 8 Network diagram

Procedure

1.     Configure IP addresses for interfaces.

<AC> system-view

[AC] interface vlan-interface 100

[AC-Vlan-interface100] ip address 192.168.1.100 24

[AC-Vlan-interface100] quit

[AC] interface gigabitethernet 1/0/2

[AC-GigabitEthernet1/0/2] ip address 10.1.1.1 24

[AC-GigabitEthernet1/0/2] quit

[AC] interface gigabitethernet 1/0/3

[AC-GigabitEthernet1/0/3] ip address 20.1.1.1 24

[AC-GigabitEthernet1/0/3] quit

2.     Configure links:

# Create the link link1 with next hop address 10.1.1.2.

[AC] loadbalance link link1

[AC-lb-link-link1] router ip 10.1.1.2

[AC-lb-link-link1] quit

# Create the link link2 with next hop address 20.1.1.2.

[AC] loadbalance link link2

[AC-lb-link-link2] router ip 20.1.1.2

[AC-lb-link-link2] quit

3.     Create a DNS server pool named dsp.

[AC] loadbalance dns-server-pool dsp

[AC-lb-dspool-dsp] quit

4.     Configure DNS servers:

# Create a DNS server named ds1, configure its IP address as 10.1.2.100, assign it to DNS server pool dsp, and associate it with link link1.

[AC] loadbalance dns-server ds1

[AC-lb-ds-ds1] ip address 10.1.2.100

[AC-lb-ds-ds1] dns-server-pool dsp

[AC-lb-ds-ds1] link link1

[AC-lb-ds-ds1] quit

# Create a DNS server named ds2, configure its IP address as 20.1.2.100, assign it to DNS server pool dsp, and associate it with link link2.

[AC] loadbalance dns-server ds2

[AC-lb-ds-ds2] ip address 20.1.2.100

[AC-lb-ds-ds2] dns-server-pool dsp

[AC-lb-ds-ds2] link link2

[AC-lb-ds-ds2] quit

5.     Configure a transparent DNS proxy:

# Create a UDP transparent DNS proxy named dns-proxy1, configure its IP address as 0.0.0.0, specify DNS server pool dsp as its default DNS server pool, and enable the transparent DNS proxy.

[AC] loadbalance dns-proxy dns-proxy1 type udp

[AC-lb-dp-udp-dp] ip address 0.0.0.0 0

[AC-lb-dp-udp-dp] default dns-server-pool dsp

[AC-lb-dp-udp-dp] service enable

[AC-lb-dp-udp-dp] quit

Verifying the configuration

# Display brief information about all DNS servers.

[AC] display loadbalance dns-server brief

DNS server  Address         Port   Link       State      DNS server pool

ds1         10.1.2.100      0      link1      Active     dsp

ds2         20.1.2.100      0      link2      Active     dsp

# Display detailed information about all DNS server pools.

[AC] display loadbalance dns-server-pool

DNS server pool: dsp

  Description:

  Predictor: Round robin

  Selected server: Disabled

  Probe information:

    Probe success criteria: All

    Probe method:

  Total DNS servers: 2

  Active DNS servers: 2

  DNS server list:

  Name        State         Address         port   Link      Weight   Priority

  ds1         Active        10.1.2.100      0      link1     100      4

  ds2         Active        20.1.2.100      0      link2     100      4

# Display detailed information about all transparent DNS proxies.

[AC] display loadbalance dns-proxy

DNS proxy: dns-proxy1

  Type: UDP

  State: Active

  Service state: Enabled

  VPN instance:

  IPv4 address: 1.1.1.0/24

  IPv6 address: --

  Port: 53

  DNS server pool: dsp

  Sticky:

  LB policy:

  Connection synchronization: Enabled

  Sticky synchronization: Enabled

  Bandwidth busy protection: Disabled

After you complete the previous configuration, the LB device can evenly distribute DNS requests to DNS server A and DNS server B. Then, intranet user traffic is evenly distributed to Link 1 and Link 2.

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网