2. The LB device selects the optimal link based on the LB policy, sticky method, proximity algorithm, and scheduling algorithm (typically the bandwidth algorithm or maximum bandwidth algorithm) in turn.

3. The LB device forwards the traffic to the external server through the optimal link.

4. The LB device receives traffic from the external server.

5. The LB device forwards the traffic to the internal server.

Scheduling algorithms

You can specify a scheduling algorithm for a link group. The LB device can distribute user requests evenly to multiple outbound links based on the specified scheduling algorithm. The device provides the following scheduling algorithms for a link group:

· IP address hash algorithm—Distributes traffic with the same source IP address, source IP address and port number, or destination IP address to the same link.

¡ Source IP address hash algorithm—Hashes the source IP address of packets.

¡ Source IP address and port hash algorithm—Hashes the source IP address and port number of packets.

¡ Destination IP address hash algorithm—Hashes the destination IP address of packets.

· Weighted least connection algorithm—Distributes traffic based on the number of active connections on the links.

¡ Weighted least connection algorithm (link-based)—Always assigns user requests to the link with the fewest number of weighted active connections (the total number of active connections in all link groups divided by weight). The weight value used in this algorithm is configured in link view.

¡ Weighted least connection algorithm (link group member-based)—Always assigns user requests to the link group member with the fewest number of weighted active connections (the total number of active connections in the specified link group divided by weight). The weight value used in this algorithm is configured in link group member view.

· Link quality algorithm—Calculates the link quality based on the network latency, route hops, and packet loss rate. In addition, it assigns connections to each link based on the link quality. The higher the link quality, the more connections assigned to it.

· Bandwidth algorithm—Distributes user requests to links according to the product of the weight and remaining bandwidth of each link. For example, if the remaining bandwidths for links lk1 and lk2 are 150 kbps and 250 kbps, respectively, and their weights are 5 and 6, the traffic distribution ratio is 150×5:250×6, which is 1:2.

· Maximum bandwidth algorithm—Distributes user requests always to an idle link that has the largest remaining bandwidth. For example, if the remaining bandwidths of links lk1 and lk2 are 150 kbps and 250 kbps, respectively, the bandwidth difference is 100 kbps.

¡ When the request traffic is less than 100 kbps, all traffic is allocated to lk2.

¡ When the request traffic is more than 100 kbps, such as 130 kbps, 100 kbps is allocated to lk2, and the remaining 30 kbps is evenly distributed between both links.

· Weighted round robin algorithm—Assigns user requests to links based on the weights of links. A higher weight indicates more user requests will be assigned.

· Random algorithm—Randomly assigns user requests to links.

LB policies

An LB policy associates a class with an action to guide packet forwarding. In an LB policy, you can configure an action for packets matching the specified class to implement load balancing in a more flexible way.

LB classes

You can specify multiple LB classes for an LB policy. Packets match the LB classes in the order the LB classes are configured.

· For an LB class of the match-any type, the specified action is taken on the packets when they match any rule. If no rule is matched, no action is taken.

· For an LB class of the match-all type, the specified action is taken only when the packets match all rules.

LB actions

LB actions include the following modes:

· Forwarding mode—Determines whether and how to forward packets. If no forwarding action is specified, packets are dropped.

· Modification mode—Modifies packets. To prevent the device from dropping the modified packets, the modification action must be used together with a forwarding action.

To drop matching packets, create an LB action without specifying any of the previous action modes.

Sticky groups

A sticky group uses a sticky method to distribute similar sessions to the same link based on sticky entries. The sticky method applies to the first packet of a session. The device distributes subsequent packets of the session to the same link, reducing repeated calculations with the scheduling algorithm and enhancing forwarding efficiency.

A sticky group processes packets as follows:

1. The device assigns the first packet of a session to a link according to the scheduling algorithm. In addition, the device generates a sticky entry according to the sticky method.

2. Upon receiving subsequent packets of the session, the device assigns them to the same link for forwarding according the sticky entry.

Health monitoring

Health monitoring detects links to make sure they can provide services correctly. The LB device actively sends probe packets to the links to detect their states in real time. Upon detecting a link failure, the LB device immediately stops assigning traffic to the link, and schedules traffic to other links in normal state. After a period of time, if the faulty link returns to normal status, the device will update the link's health monitoring state, allowing it to participate in scheduling again.

You can specify an NQA template for health monitoring. For information about NQA templates, see NQA configuration in Network Management and Monitoring Configuration Guide.

Basic concepts

Outbound link load balancing involves the following basic concepts:

· LB device—Distributes outbound traffic evenly among multiple links.

· Virtual server—The LB device performs load balancing for only the packets matching a virtual server.

· Link—Physical links provided by ISPs.

· Link group—A group of links with the same or similar features.

Outbound link load balancing tasks at a glance

Relationship between configuration items

Figure 3 shows the relationship between the following configuration items:

· Link group—A collection of links that contain similar functions. A link group can be referenced by a virtual server or an LB action.

· Link—Physical links provided by ISPs.

· Virtual server—A virtual service provided by the LB device to determine whether to perform load balancing for packets received on the LB device. Only the packets that match a virtual server are load balanced.

· LB class—Classifies packets to implement load balancing based on packet type.

· LB action—Drops, forwards, or modifies packets.

· LB policy—Associates an LB class with an LB action. An LB policy can be referenced by a virtual server.

· Sticky group—Uses a sticky method to distribute similar sessions to the same link. A sticky group can be referenced by a virtual server or an LB action.

· Parameter profile—Defines advanced parameters to process packets. A parameter profile can be referenced by a virtual server.

Figure 3 Relationship between the main configuration items

‌

Tasks at a glance

To configure outbound link load balancing, perform the following tasks:

1. Configuring a link group

2. Configuring a link

3. Configuring a virtual server

4. (Optional.) Configuring an LB policy

a. Configuring an LB class

b. Configuring an LB action

c. Configuring an LB policy

5. (Optional.) Configuring a sticky group

6. (Optional.) Configuring a parameter profile

7. (Optional.) Configuring ISP information

8. (Optional.) Configuring the ALG feature

9. (Optional.) Configuring recording of health monitoring failures

10. (Optional.) Performing a load balancing test

11. (Optional.) Configuring SNMP notifications and logging for load balancing

Enabling SNMP notifications

Enabling load balancing logging

Configuring a link group

You can add links that contain similar functions to a link group to facilitate management.

Link group tasks at a glance

To configure a link group, perform the following tasks:

1. Creating a link group

2. (Optional.) Configuring a link group member

¡ Adding and configuring a link group member

¡ Setting the weight and priority of the link group member

¡ Setting the connection limits of the link group member

¡ Configuring health monitoring for the link group member

¡ Enabling the slow shutdown feature for the link group member

3. Configuring a scheduling algorithm for the link group

4. Setting the availability criteria

5. Disabling NAT

6. (Optional.) Configuring SNAT

7. (Optional.) Enabling the slow online feature

8. (Optional.) Configuring health monitoring

9. (Optional.) Specifying a fault processing method

10. (Optional.) Configuring the proximity feature

Creating a link group

1. Enter system view.

system-view

2. Create a link group and enter link group view.

loadbalance link-group link-group-name

3. (Optional.) Configure a description for the link group.

description text

By default, no description is configured for a link group.

Adding and configuring a link group member

About this task

Perform this task to create a link group member or add an existing link as a link group member in link group view. You can also specify a link group for a link in link view to achieve the same purpose (see "Creating a link and specifying a link group").

After adding a link group member, you can configure the following parameters and features for the link in the link group:

· Weight.

· Priority.

· Connection limits.

· Health monitoring.

· Slow shutdown.

The member-based scheduling algorithm selects the best link based on these configurations.

Adding a link group member

1. Enter system view.

system-view

2. Enter link group view.

loadbalance link-group link-group-name

3. Create and add a link group member and enter link group member view.

link link-name

If the link already exists, the command adds the existing link as a link group member.

4. (Optional.) Configure a description for the link group member.

description text

By default, no description is configured for the link group member.

Setting the weight and priority of the link group member

1. Enter system view.

system-view

2. Enter link group view.

loadbalance link-group link-group-name

3. Enter link group member view.

link link-name

4. Set the weight of the link group member.

weight weight-value

The default setting is 100.

5. Set the priority of the link group member.

priority priority

The default setting is 4.

Setting the connection limits of the link group member

1. Enter system view.

system-view

2. Enter link group view.

loadbalance link-group link-group-name

3. Enter link group member view.

link link-name

4. Set the connection rate of the link group member.

rate-limit connection connection-number

The default setting is 0 (the connection rate is not limited).

5. Set the maximum number of connections allowed for the link group member.

connection-limit max max-number

The default setting is 0 (the maximum number of connections is not limited).

Configuring health monitoring for the link group member

1. Enter system view.

system-view

2. Enter link group view.

loadbalance link-group link-group-name

3. Enter link group member view.

link link-name

4. Specify a health monitoring method for the link group member.

probe template-name

By default, no health monitoring method is specified for the link group member.

You can specify an NQA template for health monitoring. For information about NQA templates, see NQA configuration in Network Management and Monitoring Configuration Guide.

5. Specify the health monitoring success criteria for the link group member.

success-criteria { all | at-least min-number }

By default, health monitoring succeeds only when all the specified health monitoring methods succeed.

Enabling the slow shutdown feature for the link group member

1. Enter system view.

system-view

2. Enter link group view.

loadbalance link-group link-group-name

3. Enter link group member view.

link link-name

4. Enable the slow shutdown feature for the link group member.

slow-shutdown enable

By default, the slow shutdown feature is disabled.

5. Shut down the link group member.

shutdown

By default, the link group member is activated.

Configuring a scheduling algorithm for the link group

About this task

Perform this task to specify a scheduling algorithm for a link group and specify the number of links to participate in scheduling. For more information about scheduling algorithms, see "Scheduling algorithms."

Restrictions and guidelines

If you specify the link quality algorithm, you must also configure the following settings in proximity view:

· Proximity probe method.

· Network delay weight.

· TTL weight.

· Packet loss ratio weight.

The proximity probe method is used to probe the network delay, TTL, packet loss ratio of the link. The weights values of network delay, TTL, and packet loss ratio are used for calculating the link quality.

Procedure

1. Enter system view.

system-view

2. Enter link group view.

loadbalance link-group link-group-name

3. Specify a scheduling algorithm for the link group.

¡ Specify a link-based scheduling algorithm.

predictor { least-connection | link-quality | { bandwidth | max-bandwidth } [ inbound | outbound ] }

¡ Specify a link group member-based scheduling algorithm.

predictor hash address { destination | source | source-ip-port } [ mask mask-length ] [ prefix prefix-length ]

predictor { least-connection member | random | round-robin }

By default, the scheduling algorithm for a link group is weighted round robin.

4. Specify the number of links to participate in scheduling.

selected-link min min-number max max-number

By default, the links with the highest priority participate in scheduling.

Setting the availability criteria

About this task

Perform this task to set the criteria (lower percentage and higher percentage) to determine whether a link group is available. This helps implement traffic switchover between the master and backup link groups.

When the number of available links to the total number of links in the master link group is smaller than the lower percentage, traffic is switched to the backup link group.

When the number of available links to the total number of links in the master link group is greater than the upper percentage, traffic is switched back to the master link group.

Procedure

1. Enter system view.

system-view

2. Enter link group view.

loadbalance link-group link-group-name

3. Set the criteria to determine whether the link group is available.

activate lower lower-percentage upper upper-percentage

By default, when a minimum of one link is available, the link group is available.

Disabling NAT

Restrictions and guidelines

Typically, outbound link load balancing networking requires disabling NAT for a link group.

Procedure

1. Enter system view.

system-view

2. Enter link group view.

loadbalance link-group link-group-name

3. Disable NAT for the link group.

transparent enable

By default, NAT is enabled for a link group.

Configuring SNAT

About this task

After a link group references the SNAT address pool, the LB device replaces the source address of the packets it receives with an SNAT address before forwarding the packets.

When multiple service modules are installed on the device, address conflicts might occur among the service modules. To solve this problem, you can split a SNAT address pool by using the following splitting methods:

· Address-based splitting—Evenly divides IP addresses in the address pool among failover groups. Each failover group uses a unique subset of the IP addresses in the address pool.

· Port-based splitting—Evenly divides port numbers in the address pool among failover groups. Each failover group uses the full set of the IP addresses in the address pool, with a different set of port numbers.

· Failover group-based splitting—Uses an IP address range in an address pool only for a specific failover group. When you configure an IP address range for an address pool, you can specify the failover group to use that IP address range.

For more information about failover groups, see Virtual Technologies Configuration Guide.

Restrictions and guidelines

An SNAT address pool can have multiple address ranges. Each address range can have a maximum of 256 IPv4 addresses or 65536 IPv6 addresses. No overlapping IPv4 or IPv6 addresses are allowed in the same SNAT address pool or different SNAT address pools.

As a best practice, do not use SNAT because its application scope is limited for outbound link load balancing.

Procedure

1. Enter system view.

system-view

2. Create a SNAT address pool and enter SNAT address pool view.

loadbalance snat-pool pool-name [ type { address-split | failover-group | port-split } ]

3. (Optional.) Configure a description for the SNAT address pool.

description text

By default, no description is configured for a SNAT address pool.

4. Specify an address range for the SNAT address pool.

IPv4:

ip range start start-ipv4-address end end-ipv4-address [ failover-group group-name [ channel channel-id ] ]

IPv6:

ipv6 range start start-ipv6-address end end-ipv6-address [ failover-group group-name [ channel channel-id ] ]

By default, a SNAT address pool does not contain address ranges.

You must specify a failover group if you have specified the failover group-based splitting method when creating the SNAT address pool. For other splitting methods, you cannot specify a failover group.

5. (Optional.) Specify a VPN instance for the SNAT address pool.

vpn-instance vpn-instance-name

By default, a SNAT address pool belongs to the public network.

Use this command to separate overlapping SNAT address pools.

6. Return to system view.

quit

7. (Optional.) Reassign IP address ranges in the SNAT address pool to multiple security engines.

loadbalance snat-pool pool-name reset

After you execute this command, the device reassigns IP address ranges in the specified SNAT address pool to multiple security engines to balance the loads and save resources.

CAUTION:

This command might result in temporary traffic interruption. Make sure you understand the potential impact before executing this command.

‌

8. Enter link group view.

loadbalance link-group link-group-name

9. Specify the SNAT address pool to be referenced by the link group.

snat-pool pool-name

By default, no SNAT address pool is referenced by a link group.

Enabling the slow online feature

About this task

Links newly added to a link group might be unable to immediately process large numbers of services assigned by the LB device. To resolve this issue, enable the slow online feature for the link group. The feature uses the standby timer and ramp-up timer. When the links are brought online, the LB device does not assign any services to the links until the standby timer expires.

When the standby timer expires, the ramp-up timer starts. During the ramp-up time, the LB device increases the service amount according to the processing capability of the links, until the ramp-up timer expires.

Procedure

1. Enter system view.

system-view

2. Enter link group view.

loadbalance link-group link-group-name

3. Enable the slow online feature for the link group.

slow-online [ standby-time standby-time ramp-up-time ramp-up-time ]

By default, the slow online feature is disabled for a link group.

Configuring health monitoring

About this task

Perform this task to enable health monitoring to detect the availability of links.

Restrictions and guidelines

You can configure all members in the group in link group view, configure only the members of the current link group in link group member view, or configure only the current link in link view. The configuration priority of the latter two is the same and higher than the health monitoring configuration in link group view. As a best practice, configure health monitoring in link group view.

You can specify an NQA template for health monitoring. For information about NQA templates, see NQA configuration in Network Management and Monitoring Configuration Guide.

Procedure

1. Enter system view.

system-view

2. Enter link group view.

loadbalance link-group link-group-name

3. Specify a health monitoring method for the link group.

probe template-name

By default, no health monitoring method is specified for a link group.

4. Specify the health monitoring success criteria for the link group.

success-criteria { all | at-least min-number }

By default, health monitoring succeeds only when all the specified health monitoring methods succeed.

Specifying a fault processing method

About this task

Perform this task to specify one of the following fault processing methods for links in a link group:

· Keep—Does not actively terminate the connection with the failed link. Keeping or terminating the connection depends on the timeout mechanism of the protocol.

· Reschedule—Redirects the connection to another available link in the link group.

· Reset—Terminates the connection with the failed link by sending RST packets (for TCP packets) or ICMP unreachable packets (for other types of packets).

Procedure

1. Enter system view.

system-view

2. Enter link group view.

loadbalance link-group link-group-name

3. Specify a fault processing method for links in the link group.

fail-action { keep | reschedule | reset }

By default, the fault processing method is keep. All available connections are kept.

Configuring the proximity feature

About this task

The proximity feature performs link detection to select the optimal link to a destination. If no proximity information for a destination is available, the load balancing module selects a link based on the scheduling algorithm. It then performs proximity detection to generate proximity entries for forwarding subsequent traffic.

You can specify an NQA template or load-balancing probe template to perform link detection. The device generates proximity entries according to the detection results and proximity parameter settings. For information about NQA templates, see NQA configuration in Network Management and Monitoring Configuration Guide.

Restrictions and guidelines

To configure the proximity feature, first configure a probe template and proximity parameters in proximity view, and then enable the proximity feature in link group view.

The proximity probe method of the LB probe template type does not support performing proximity probing for IPv6 traffic. For IPv6 traffic, specify an NQA template to perform proximity probing.

When a link quality algorithm is specified for a link group, configure the proximity probe method, the network delay weight, TTL weight, and packet loss ratio weight in proximity view.

Configuring an LB probe template

1. Enter system view.

system-view

2. Create an LB probe template and enter LB probe template view.

loadbalance probe-template icmp template-name

3. Set the probe interval.

frequency interval

The default setting is 300 seconds.

4. Set the timeout time for probe responses.

timeout timeout-value

The default setting is 3 seconds.

Configuring the proximity probe method

1. Enter system view.

system-view

2. Enter proximity view.

loadbalance proximity [ vpn-instance vpn-instance-name ]

3. Specify the proximity probe method for packets.

match [ match-id ] { tcp } { lb-probe lb-template | probe nqa-template }

By default, no proximity probe method is specified.

4. Specify the default proximity probe method.

match default { lb-probe lb-template | probe nqa-template }

By default, the default proximity probe method is not specified.

Configuring proximity parameters

1. Enter system view.

system-view

2. Enter proximity view.

loadbalance proximity [ vpn-instance vpn-instance-name ]

3. Set the mask length for IPv4 proximity entries.

ip mask { mask-length | mask }

By default, the mask length for IPv4 proximity entries is 24.

4. Set the prefix length for IPv6 proximity entries.

ipv6 prefix prefix-length

By default, the prefix length for IPv6 proximity entries is 96.

5. Set the network delay weight for proximity calculation.

rtt weight rtt-weight

By default, the network delay weight for proximity calculation is 100.

6. Set the TTL weight for proximity calculation.

ttl weight ttl-weight

By default, the TTL weight for proximity calculation is 100.

7. Set the bandwidth weight for proximity calculation.

bandwidth { inbound | outbound } weight bandwidth-weight

By default, the inbound or outbound bandwidth weight for proximity calculation is 100.

8. Set the cost weight for proximity calculation.

cost weight cost-weight

By default, the cost weight for proximity calculation is 100.

9. Set the packet loss ratio weight for proximity calculation.

packet-loss-rate weight packet-loss-rate-weight

By default, the packet loss ratio weight for proximity calculation is 0.

10. Set the aging timer for proximity entries.

timeout timeout-value

By default, the aging timer for proximity entries is 60 seconds.

11. Set the maximum number of proximity entries.

max-number number

By default, the maximum number of proximity entries is 65535.

Enabling the proximity feature

1. Enter system view.

system-view

2. Enter link group view.

loadbalance link-group link-group-name

3. Enable the proximity feature.

proximity enable

By default, the proximity feature is disabled for a link group.

Configuring a link

A link is a physical link provided by an ISP. A link can belong to multiple link groups. A link group can have multiple links.

Restrictions and guidelines

In a network where the HA group cooperates with VRRP, as a best practice, make sure the IP address of the link-attached output interface is on the same network segment as the virtual IP address of the VRRP group. For more information about HA group and VRRP association, see RBM-based hot backup configuration in High Availability Configuration Guide.

Link tasks at a glance

To configure a link, perform the following tasks:

1. Creating a link and specifying a link group

2. Specifying a next hop IP address or an outgoing interface

Choose one of the following tasks:

¡ Specifying an outbound next hop for a link

¡ Specifying an outgoing interface for a link

3. Setting a weight and priority

4. (Optional.) Configuring the bandwidth and connection parameters

5. (Optional.) Configuring health monitoring

6. (Optional.) Enabling the slow shutdown feature

7. (Optional.) Setting the link cost for proximity calculation

8. (Optional.) Setting the bandwidth ratio and maximum expected bandwidth

9. (Optional.) Disabling VPN instance inheritance for a link

Creating a link and specifying a link group

1. Enter system view.

system-view

2. Create a link and enter link view.

loadbalance link link-name

By default, no links exist.

3. (Optional.) Configure a description for the link.

description text

By default, no description is configured for a link.

4. Specify a link group for the link.

link-group link-group-name

By default, a link does not belong to any link group.

Specifying an outbound next hop for a link

1. Enter system view.

system-view

2. Enter link view.

loadbalance link link-name

3. Specify an outbound next hop for the link.

IPv4:

router ip ipv4-address

IPv6:

router ipv6 ipv6-address

By default, a link does not have an outbound next hop.

Specifying an outgoing interface for a link

About this task

In scenarios where IP addresses are obtained through PPPoE, an LB device can dynamically obtain the outbound next hop IP address through the specified outgoing interface.

Procedure

1. Enter system view.

system-view

2. Enter link view.

loadbalance link link-name

3. Specify an outgoing interface for the link.

router interface interface-type interface-number

By default, no outgoing interface is specified for a link.

Setting a weight and priority

About this task

Perform this task to configure a weight for the weighted round robin and weighted least connection algorithms of a link, and the scheduling priority in the link group for the server.

Procedure

1. Enter system view.

system-view

2. Enter link view.

loadbalance link link-name

3. Set a weight for the link.

weight weight-value

By default, the weight of a link is 100.

4. Set a priority for the link.

priority priority

By default, the priority of a link is 4.

Configuring the bandwidth and connection parameters

1. Enter system view.

system-view

2. Enter link view.

loadbalance link link-name

3. Set the maximum bandwidth for the link.

rate-limit bandwidth [ inbound | outbound ] bandwidth-value kbps

By default, the maximum bandwidth, inbound bandwidth, and outbound bandwidth are 0 for a link. The bandwidths are not limited.

4. Set the maximum number of connections for the link.

connection-limit max max-number

By default, the maximum number of connections is 0 for a link. The number is not limited.

5. Set the maximum number of connections per second for the link.

rate-limit connection connection-number

By default, the maximum number of connections per second is 0 for a link. The number is not limited.

Configuring health monitoring

About this task

Perform this task to enable health monitoring to detect the availability of a link.

Restrictions and guidelines

The health check results of a link affect the use of link group members, but the health check results of link group members do not affect the use of the link.

Procedure

1. Enter system view.

system-view

2. Enter link view.

loadbalance link link-name

3. Specify a health monitoring method for the link.

probe template-name

By default, no health monitoring method is specified for a link.

4. Specify the health monitoring success criteria for the link.

success-criteria { all | at-least min-number }

By default, the health monitoring succeeds only when all the specified health monitoring methods succeed.

Enabling the slow shutdown feature

About this task

The shutdown command immediately terminates existing connections of a link. The slow shutdown feature ages out the connections, and does not establish new connections.

Restrictions and guidelines

To enable the slow shutdown feature for a link, you must execute the slow-shutdown enable command and then the shutdown command. If you execute the shutdown command and then the slow-shutdown enable command, the slow shutdown feature does not take effect and the link is shut down.

Procedure

1. Enter system view.

system-view

2. Enter link view.

loadbalance link link-name

3. Enable the slow shutdown feature for the link.

slow-shutdown enable

By default, the slow shutdown feature is disabled.

4. Shut down the link.

shutdown

By default, the link is activated.

Setting the link cost for proximity calculation

1. Enter system view.

system-view

2. Enter link view.

loadbalance link link-name

3. Set the link cost for proximity calculation.

cost cost-value

By default, the link cost for proximity calculation is 0.

Setting the bandwidth ratio and maximum expected bandwidth

About this task

When the traffic exceeds the maximum expected bandwidth multiplied by the bandwidth ratio of a link, new traffic (traffic that does not match any sticky entries) is not distributed to the link. When the traffic drops below the maximum expected bandwidth multiplied by the bandwidth recovery ratio of the link, the link participates in scheduling again.

In addition to being used for link protection, the maximum expected bandwidth is used for remaining bandwidth calculation in the bandwidth algorithm, maximum bandwidth algorithm, and dynamic proximity algorithm.

Procedure

1. Enter system view.

system-view

2. Enter link view.

loadbalance link link-name

3. Set the bandwidth ratio.

bandwidth [ inbound | outbound ] busy-rate busy-rate-number [ recovery recovery-rate-number ]

By default, the total bandwidth ratio is 70.

4. Set the maximum expected bandwidth.

max-bandwidth [ inbound | outbound ] bandwidth-value kbps

By default, the maximum expected bandwidth, maximum uplink expected bandwidth, and maximum downlink expected bandwidth are 0. The bandwidths are not limited.

Disabling VPN instance inheritance for a link

About this task

When VPN instance inheritance is enabled, a link without a VPN instance specified inherits the VPN instance of the virtual server. When VPN instance inheritance is disabled, a link without a VPN instance specified belongs to the public network.

Procedure

1. Enter system view.

system-view

2. Enter link view.

loadbalance link link-name

3. Disable VPN instance inheritance for the link.

inherit vpn-instance disable

By default, VPN instance inheritance is enabled for a link.

Configuring a virtual server

A virtual server is a virtual service provided by the LB device to determine whether to perform load balancing for packets received on the LB device. Only the packets that match a virtual server are load balanced.

Restrictions and guidelines

Outbound link load balancing supports only the link-IP virtual server.

Virtual server tasks at a glance

To configure a virtual server, perform the following tasks:

1. ‍Creating a virtual server

2. Specifying the VSIP and port number

3. (Optional.) Specifying a VPN instance

4. Configuring a packet processing policy

Choose the following tasks as needed:

¡ Specifying link groups

¡ Specifying an LB policy

5. (Optional.) Specifying a parameter profile

6. (Optional.) Configuring the bandwidth and connection parameters

7. (Optional.) Enabling the link protection feature

8. (Optional.) Enabling bandwidth statistics collection by interfaces

9. (Optional.) Configuring hot backup

10. (Optional.) Specifying an interface for sending gratuitous ARP packets and ND packets

11. Enabling a virtual server

Creating a virtual server

1. Enter system view.

system-view

2. Create a link-IP virtual server and enter virtual server view.

virtual-server virtual-server-name type link-ip

3. (Optional.) Configure a description for the virtual server.

description text

By default, no description is configured for the virtual server.

Specifying the VSIP and port number

1. Enter system view.

system-view

2. Enter link-IP virtual server view.

virtual-server virtual-server-name

3. Specify the VSIP for the virtual server.

IPv4:

virtual ip address ipv4-address [ mask-length | mask ]

IPv6:

virtual ipv6 address ipv6-address [ prefix-length ]

By default, no IPv4 or IPv6 address is specified for a virtual server.

4. Specify the port number for the virtual server.

port { port-number [ to port-number ] }

By default, the port number is 0 (meaning any port number) for a link-IP virtual server.

Specifying a VPN instance

1. Enter system view.

system-view

2. Enter virtual server view.

virtual-server virtual-server-name

3. Specify a VPN instance for the virtual server.

vpn-instance vpn-instance-name

By default, a virtual server belongs to the public network.

Specifying link groups

About this task

When the primary link group is available (contains available links), the virtual server forwards packets through the primary link group. When the primary link group is not available, the virtual server forwards packets through the backup link group.

Procedure

1. Enter system view.

system-view

2. Enter virtual server view.

virtual-server virtual-server-name

3. Specify link groups.

default link-group link-group-name [ backup backup-link-group-name ] [ sticky sticky-name ]

By default, no link group is specified for a virtual server.

Specifying an LB policy

About this task

By referencing an LB policy, the virtual server load balances matching packets based on the packet contents.

Procedure

1. Enter system view.

system-view

2. Enter virtual server view.

virtual-server virtual-server-name

3. Specify an LB policy for the virtual server.

lb-policy policy-name

By default, the virtual server does not reference any LB policies.

A virtual server can only reference a policy profile of the specified type. For example, a virtual server of the link-IP type can only reference a policy profile of the link-generic type.

Specifying a parameter profile

About this task

You can configure advanced parameters through a parameter profile. The virtual server references the parameter profile to analyze, process, and optimize service traffic.

Procedure

1. Enter system view.

system-view

2. Enter virtual server view.

virtual-server virtual-server-name

3. Specify a parameter profile for the virtual server.

parameter ip profile-name

By default, the virtual server does not reference any parameter profiles.

Configuring the bandwidth and connection parameters

1. Enter system view.

system-view

2. Enter virtual server view.

virtual-server virtual-server-name

3. Set the maximum bandwidth for the virtual server.

rate-limit bandwidth [ inbound | outbound ] bandwidth-value kbps

By default, the maximum bandwidth, inbound bandwidth, and outbound bandwidth for the virtual server are 0. The bandwidths are not limited.

4. Set the maximum number of connections for the virtual server.

connection-limit max max-number

By default, the maximum number of connections of the virtual server is 0. The number is not limited.

5. Set the maximum number of connections per second for the virtual server.

rate-limit connection connection-number

By default, the maximum number of connections per second for the virtual server is 0. The number is not limited.

Enabling the link protection feature

About this task

The outbound (or inbound) direction of a link is busy when its outbound (or inbound) bandwidth ratio is exceeded. Perform this task to prevent traffic from overwhelming a link when its outbound direction is busy. New traffic (not matching any sticky entries) is not distributed to the link when only its outbound direction is busy.

A link enters busy state when a minimum of one direction (outbound and inbound) is busy. The link recovers (active state) only when both its outbound and inbound directions are available.

Restrictions and guidelines

This feature takes effect only when bandwidth statistics collection by interfaces is enabled.

Procedure

1. Enter system view.

system-view

2. Enter virtual server view.

virtual-server virtual-server-name

3. Enable the link protection feature.

bandwidth busy-protection enable

By default, the link protection feature is disabled.

Enabling bandwidth statistics collection by interfaces

About this task

By default, the load balancing module automatically collects link bandwidth statistics. Perform this task to enable interfaces to collect bandwidth statistics.

Procedure

1. Enter system view.

system-view

2. Enter virtual server view.

virtual-server virtual-server-name

3. Enable bandwidth statistics collection by interfaces.

bandwidth interface statistics enable

By default, bandwidth statistics collection by interfaces is disabled.

Configuring hot backup

About this task

To implement hot backup for two LB devices, you must enable synchronization for session extension information and sticky entries to avoid service interruption.

Restrictions and guidelines

For successful sticky entry synchronization, if you want to specify a sticky group, enable sticky entry synchronization before specifying a sticky group on both LB devices. You can specify a sticky group by using the sticky sticky-name option when specifying link groups.

In an IRF fabirc, if you do not specify the global keyword when enabling sticky entry synchronization, failover group-based synchronization is performed. Sticky entries are synchronized between cards in the failover group. If you specify the global keyword, sticky entries are synchronized among all cards.

In a VRRP network, you must specify the global keyword for the sticky entry synchronization feature to take effect.

The device deletes existing sticky entries and generates new ones when the following events occur:

Sticky entry synchronization is disabled.

Sticky entry synchronization is changed from failover group-based synchronization to global synchronization.

Sticky entry synchronization is changed from global synchronization to failover group-based synchronization.

Procedure

1. Enter system view.

system-view

2. Enter virtual server view.

virtual-server virtual-server-name

3. Enable session extension information synchronization.

connection-sync enable

By default, session extension information synchronization is disabled.

4. Enable sticky entry synchronization.

sticky-sync enable [ global ]

By default, sticky entry synchronization is disabled.

Specifying an interface for sending gratuitous ARP packets and ND packets

About this task

Perform this task to specify an interface from which gratuitous ARP packets and ND packets are sent out. For information about gratuitous ARP, see ARP configuration in Layer 3—IP ServicesNetwork Connectivity Configuration Guide. For information about ND, see IPv6 basics configuration in Layer 3—IP ServicesNetwork Connectivity Configuration Guide.

Restrictions and guidelines

If the virtual server IP address is in the same network segment as the IP address of an interface connected to a client, you must perform the following tasks:

· Set the IPv4 subnet mask length to 32 or IPv6 prefix length to 128 for the virtual server IP address.

· Specify an interface for sending gratuitous ARP or ND packets.

Procedure

1. Enter system view.

system-view

2. Enter virtual server view.

virtual-server virtual-server-name

3. Specify an interface for sending gratuitous ARP packets and ND packets.

arp-nd interface interface-type interface-number

By default, no interface is specified for sending gratuitous ARP packets and ND packets.

Enabling a virtual server

About this task

After you configure a virtual server, you must enable the virtual server for it to work.

Procedure

1. Enter system view.

system-view

2. Enter virtual server view.

virtual-server virtual-server-name

3. Enable the virtual server.

service enable

By default, the virtual server is disabled.

Configuring an LB class

An LB class classifies packets by comparing packets against specific rules. Matching packets are further processed by LB actions. You can create a maximum of 65535 rules for an LB class.

LB class tasks at a glance

To configure an LB class, perform the following tasks:

1. Creating an LB class

2. Creating a match rule

Choose the following tasks as needed:

Creating a match rule that references an LB class

Creating a source IP address match rule

Creating a destination IP address match rule

Creating an ACL match rule

Creating an input interface match rule

Creating a user match rule

Creating a user group match rule

Creating a domain name match rule

Creating an ISP match rule

Creating an application group match rule

About match rules

The device supports the following match rules:

· Source IP address match rule

You can specify an IP address or subnet to match user source IP address. This rule is matched when the source IP address of user traffic matches the specified IP address or belongs to the specified subnet.

· Destination IP address match rule

You can specify an IP address or subnet to match user destination IP address. This rule is matched when the destination IP address of user traffic matches the specified IP address or belongs to the specified subnet.

· ACL match rule

You can specify an ACL to match user traffic. This rule is matched when user traffic matches the specified ACL. For more information about ACLs, see ACL configuration in ACL and QoS Configuration Guide.

· Input interface match rule

You can specify the input interface for traffic. This rule is matched when user traffic enters the device through the specified interface.

· User match rule

You can specify a user to match request traffic. This rule is matched when request traffic of the specified user enters the device. For more information about users, see user identification configuration in Security Configuration Guide.

· User group match rule

You can specify a user group to match request traffic. This rule is matched when request traffic of the specified user group enters the device. For more information about user groups, see user identification configuration in Security Configuration Guide.

· Domain name match rule

You can specify a domain name to match user traffic. This rule is matched when user traffic matches the specified domain name. If the specified domain name does not exist, the rule will not be used for matching.

· ISP match rule

You can specify an ISP to match user traffic. This rule is matched when user traffic matches the specified ISP.

· Application group match rule

You can specify an application group to match user traffic. This rule is matched when user traffic matches the specified application group. For more information about application groups, see APR configuration in Security Configuration Guide.

Creating an LB class

1. Enter system view.

system-view

2. Create a link-generic LB class, and enter LB class view.

loadbalance class class-name type link-generic [ match-all | match-any ]

When you create an LB class, you must specify the class type. You can enter an existing LB class view without specifying the class type. If you specify the class type when entering an existing LB class view, the class type must be the one specified when you create the LB class.

3. (Optional.) Configure a description for the LB class.

description text

By default, no description is configured for the LB class.

Creating a match rule that references an LB class

1. Enter system view.

system-view

2. Enter LB class view.

loadbalance class class-name

3. Create a match rule that references an LB class.

match [ match-id ] class class-name

Creating a source IP address match rule

1. Enter system view.

system-view

2. Enter LB class view.

loadbalance class class-name

3. Create a source IP address match rule.

match [ match-id ] source { ip address ipv4-address [ mask-length | mask ] | ipv6 address ipv6-address [ prefix-length ] }

Creating a destination IP address match rule

1. Enter system view.

system-view

2. Enter LB class view.

loadbalance class class-name

3. Create a destination IP address match rule.

match [ match-id ] destination { ip address ipv4-address [ mask-length | mask ] | ipv6 address ipv6-address [ prefix-length ] }

Creating an ACL match rule

1. Enter system view.

system-view

2. Enter LB class view.

loadbalance class class-name

3. Create an ACL match rule.

match [ match-id ] acl [ ipv6 ] { acl-number | name acl-name }

Creating an input interface match rule

1. Enter system view.

system-view

2. Enter LB class view.

loadbalance class class-name

3. Create an input interface match rule.

match [ match-id ] interface interface-type interface-number

Creating a user match rule

1. Enter system view.

system-view

2. Enter LB class view.

loadbalance class class-name

3. Create a user match rule.

match [ match-id ] [ identity-domain domain-name ] user user-name

Creating a user group match rule

1. Enter system view.

system-view

2. Enter LB class view.

loadbalance class class-name

3. Create a user group match rule.

match [ match-id ] [ identity-domain domain-name ] user-group user-group-name

Creating a domain name match rule

About this task

The LB device stores mappings between domain names and IP addresses in the DNS cache. If the destination IP address of an incoming packet matches an IP address in the DNS cache, the LB device queries the domain name for the IP address. If the queried domain name matches the domain name configured in a match rule, the LB device takes the LB action on the packet.

Procedure

1. Enter system view.

system-view

2. Enter LB class view.

loadbalance class class-name

3. Create a domain name match rule.

match [ match-id ] destination domain-name domain-name

By default, an LB class does not have any match rules.

4. Return to system view.

quit

5. Set the aging time for DNS cache entries.

loadbalance dns-cache aging-time aging-time

By default, the aging time for DNS cache entries is 60 minutes.

Creating an ISP match rule

1. Enter system view.

system-view

2. Enter LB class view.

loadbalance class class-name

3. Create an ISP match rule.

match [ match-id ] isp isp-name

Creating an application group match rule

1. Enter system view.

system-view

2. Enter LB class view.

loadbalance class class-name

3. Create an application group match rule.

match [ match-id ] app-group group-name

Configuring an LB action

About LB actions

LB actions include the following modes:

· Forwarding mode—Determines whether and how to forward packets. If no forwarding action is specified, packets are dropped.

· Modification mode—Modifies packets. To prevent the LB device from dropping the modified packets, the modification action must be used together with a forwarding action.

· If you create an LB action without specifying any of the previous action modes, packets are dropped.

Restrictions and guidelines

The "Configuring the forwarding mode" and "Specifying link groups" tasks are mutually exclusive. Configuring one task automatically cancels the other task that you have configured.

LB action tasks at a glance

To configure an LB action, perform the following tasks:

1. Creating an LB action

2. (Optional.) Configuring a forwarding LB action

Configuring the forwarding mode

Specifying link groups

(Optional.) Matching the next rule upon failure to find a link

(Optional.) Matching the next rule when all links are busy

3. (Optional.) Configuring a modification LB action

Configuring the ToS field in IP packets sent to the server

Creating an LB action

1. Enter system view.

system-view

2. Create a link-generic LB action and enter LB action view.

loadbalance action action-name type link-generic

When you create an LB action, you must specify the action type. You can enter an existing LB action view without specifying the action type. If you specify the action type when entering an existing LB action view, the action type must be the one specified when you create the LB action.

3. (Optional.) Configure a description for the LB action.

description text

By default, no description is configured for the LB action.

Configuring a forwarding LB action

About this task

Three forwarding LB action types are available:

· Forward—Forwards matching packets.

· Specify link groups—When the primary link group is available (contains available real servers), the primary link group is used to guide packet forwarding. When the primary link group is not available, the backup link group is used to guide packet forwarding.

· Match the next rule upon failure to find a link—If the device fails to find a link according to the LB action, it matches the packet with the next rule in the LB policy.

· Match the next rule when all links are busy.

Configuring the forwarding mode

1. Enter system view.

system-view

2. Enter LB action view.

loadbalance action action-name

3. Configure the forwarding mode.

forward all

By default, the forwarding mode is to discard packets.

Specifying link groups

1. Enter system view.

system-view

2. Enter LB action view.

loadbalance action action-name

3. Specify link groups.

link-group link-group-name [ backup backup-link-group-name ] [ sticky sticky-name ]

By default, no link group is specified.

Matching the next rule upon failure to find a link

1. Enter system view.

system-view

2. Enter LB action view.

loadbalance action action-name

3. Match the next rule upon failure to find a link.

fallback-action continue

By default, the next rule is not matched when no links are available for the current LB action.

SIP fragmented packets do not support the ALG feature.

Matching the next rule when all links are busy

1. Enter system view.

system-view

2. Enter LB action view.

loadbalance action action-name

3. Match the next rule when all links are busy.

busy-action continue

By default, the device assigns packets to links regardless of whether they are busy.

Configuring the ToS field in IP packets sent to the server

1. Enter system view.

system-view

2. Enter LB action view.

loadbalance action action-name

3. Configure the ToS field in IP packets sent to the server.

set ip tos tos-number

By default, the ToS field in IP packets sent to the server is not changed.

Configuring an LB policy

About LB policies

An LB policy associates an LB class with an LB action to guide packet forwarding. In an LB policy, you can configure an LB action for packets matching the specified LB class, and configure the default action for packets matching no LB class.

You can specify multiple LB classes for an LB policy. Packets match the LB classes in the order the LB classes are configured. If an LB class is matched, the specified LB action is performed. If no LB class is matched, the default LB action is performed.

LB policy tasks at a glance

To configure an LB policy, perform the following tasks:

1. Creating an LB policy

2. Specifying an LB action

3. Specifying the default LB action

Creating an LB policy

1. Enter system view.

system-view

2. Create a link-generic LB policy, and enter LB action view.

loadbalance policy policy-name type link-generic

When you create an LB policy, you must specify the policy type. You can enter an existing LB policy view without specifying the policy type. If you specify the policy type when entering an existing LB policy view, the policy type must be the one specified when you create the LB policy.

3. (Optional.) Configure a description for the LB policy.

description text

By default, no description is configured for an LB policy.

Specifying an LB action

Restrictions and guidelines

A link-generic LB policy can reference only link-generic LB classes and link-generic LB actions.

Procedure

1. Enter system view.

system-view

2. Enter LB policy view.

loadbalance policy policy-name

3. Specify an LB action for the specified LB class.

class class-name [ insert-before before-class-name | insert-after [ after-class-name ] ] action action-name

By default, no LB action is specified for any LB classes.

You can specify an LB action for different LB classes.

Specifying the default LB action

Restrictions and guidelines

A link-generic LB policy can only reference link-generic LB actions.

Procedure

1. Enter system view.

system-view

2. Enter LB policy view.

loadbalance policy policy-name

3. Specify the default LB action.

default-class action action-name

By default, no default LB action is specified.

Configuring a sticky group

A sticky group uses a sticky method to distribute similar sessions to the same link according to sticky entries. The sticky method applies to the first packet of a session. Other packets of the session are distributed to the same link.

Sticky group tasks at a glance

To configure a sticky group, perform the following tasks:

1. Creating a sticky group

2. Configuring the IP sticky method

3. (Optional.) Configuring the timeout time for sticky entries

4. (Optional.) Ignoring the limits for sessions that match sticky entries

5. (Optional.) Enabling stickiness-over-busyness

Creating a sticky group

1. Enter system view.

system-view

2. Create an address- and port-type sticky group and enter sticky group view.

sticky-group group-name type address-port

When you create a sticky group, you must specify the group type. You can enter an existing sticky group view without specifying the group type. If you specify the group type when entering an existing sticky group view, the group type must be the one specified when you create the sticky group.

3. (Optional.) Configure a description for the sticky group.

description text

By default, no description is configured for the sticky group.

Configuring the IP sticky method

1. Enter system view.

system-view

2. Enter sticky group view.

sticky-group group-name

3. Configure the IP sticky method.

IPv4:

ip [ port ] { both | destination | source } [ mask mask-length ]

IPv6:

ipv6 [ port ] { both | destination | source } [ prefix prefix-length ]

By default, no IP sticky method is configured.

Configuring the timeout time for sticky entries

1. Enter system view.

system-view

2. Enter sticky group view.

sticky-group group-name

3. Configure the timeout time for sticky entries.

timeout timeout-value

By default, the timeout time for sticky entries is 60 seconds.

Ignoring the limits for sessions that match sticky entries

About this task

Perform this task to ignore the following limits for sessions that match sticky entries:

Bandwidth and connection parameters on links.

LB connection limit policies on virtual servers.

Procedure

1. Enter system view.

system-view

2. Enter sticky group view.

sticky-group group-name

3. Ignore the limits for sessions that match sticky entries.

override-limit enable

By default, the session limits apply to sessions that match sticky entries.

Enabling stickiness-over-busyness

About stickiness-over-busyness

This feature enables the device to assign client requests to links based on sticky entries, regardless of whether the links are busy.

When this feature is disabled, the device assigns client requests to only links in normal state.

Procedure

1. Enter system view.

system-view

2. Enter sticky group view.

sticky-group group-name

3. Enable stickiness-over-busyness.

sticky-over-busy enable

By default, stickiness-over-busyness is disabled.

Configuring a parameter profile

About configuring a parameter profile

You can configure advanced parameters through a parameter profile. The virtual server references the parameter profile to analyze, process, and optimize service traffic.

Creating a parameter profile

1. Enter system view.

system-view

2. Create an IP-type parameter profile and enter parameter profile view.

parameter-profile profile-name type ip

By default, no parameter profiles exist.

When you create a parameter profile, you must specify the profile type. You can enter an existing parameter profile view without specifying the profile type. If you specify the profile type when entering an existing parameter profile view, the profile type must be the one specified when you create the parameter profile.

3. (Optional.) Configure a description for the parameter profile.

description text

By default, no description is configured for the parameter profile.

Configuring the ToS field in IP packets sent to the client

1. Enter system view.

system-view

2. Enter IP parameter profile view.

parameter-profile profile-name

3. Configure the ToS field in IP packets sent to the client.

set ip tos tos-number

By default, the ToS field in IP packets sent to the client is not changed.

Configuring ISP information

About configuring ISP information

Perform this task to configure IP address information for an ISP. The IP address information can be used by an ISP match rule. When the destination IP address of packets matches the ISP match rule of an LB class, the LB device takes the action associated with the class. The device supports the following methods to configure IP address information:

· Manual configuration—The administrator manually specifies IP address information.

· ISP auto update—With ISP auto update enabled, the device regularly queries IP address information from the whois server according to the whois maintainer object of the ISP.

· ISP file import—The administrator manually imports an ISP file in .tp format. The ISP file can be obtained from the official website.

Restrictions and guidelines

You can configure ISP information manually, by importing an ISP file, by auto update, or use the combination of these methods..

Configuring ISP information manually

1. Enter system view.

system-view

2. Create an ISP and enter ISP view.

loadbalance isp name isp-name

3. Specify the IP address for the ISP.

IPv4:

ip address ipv4-address { mask-length | mask }

IPv6:

ipv6 address ipv6-address prefix-length

By default, an ISP does not contain IPv4 or IPv6 addresses.

An ISP does not allow overlapping network segments.

4. (Optional.) Configure a description for the ISP.

description text

By default, no description is configured for the ISP.

Configuring ISP auto update

1. Enter system view.

system-view

2. Create an ISP and enter ISP view.

loadbalance isp name isp-name

3. Specify a whois maintainer object for the ISP.

whois-mntner mntner-name

By default, no whois maintainer object is specified.

You can specify a maximum of 10 whois maintainer objects for an ISP.

4. Return to system view.

quit

5. Enable ISP auto update.

loadbalance isp auto-update enable

By default, ISP auto update is disabled.

6. Configure the ISP auto update frequency.

loadbalance isp auto-update frequency { per-day | per-week | per-month }

By default, the ISP auto update is performed once per week.

7. Specify the whois server to be queried for ISP auto update.

loadbalance isp auto-update whois-server { domain domain-name | ip ip-address }

By default, no whois server is specified for ISP auto update.

Importing an ISP file

1. Enter system view.

system-view

2. Import an ISP file.

loadbalance isp file isp-file-name

Configuring the ALG feature

About this task

The Application Level Gateway (ALG) feature distributes parent and child sessions to the same link.

Procedure

1. Enter system view.

system-view

2. Enable ALG.

¡ Enable ALG for the specified protocol:

loadbalance alg { dns | ftp | h323 | icmp-error | ils | mgcp | nbt | pptp | rsh | rtsp | sccp | sip | sqlnet | tftp | xdmcp }

¡ Enable ALG for all protocols:

loadbalance alg all-enable

By default, ALG is enabled for the DNS, FTP, PPTP, and RTSP protocols and ICMP error packets.

Configuring recording of health monitoring failures

About this task

After you configure this feature, the device starts recording health monitoring failures of links. To display the records of health monitoring failures, execute the display loadbalance probe failed-record command.

Procedure

1. Enter system view.

system-view

2. Enable recording of health monitoring failures.

loadbalance probe failed-record enable

By default, recording of health monitoring failures is disabled.

3. Set the maximum number of health monitoring failures that can be recorded.

loadbalance probe failed-record max-number max-number

By default, the maximum number of health monitoring failures that can be recorded is 50000.

Performing a load balancing test

About performing a load balancing test

Perform this task in any view to test the load balancing result.

Performing an IPv4 load balancing test

To perform an IPv4 load balancing test, execute the following command in any view:

In standalone mode:‌

loadbalance schedule-test ip [ vpn-instance vpn-instance-name ] { application http { message-file file-name | method { get | post } url url [ header header ]&<1-10> [ content content-value ] } | protocol { protocol-number | icmp | tcp | udp } } destination destination-address destination-port destination-port source source-address source-port source-port [ slot slot-number ]

In IRF mode:

Performing an IPv6 load balancing test

To perform an IPv6 load balancing test, execute the following command in any view:

In standalone mode:‌

loadbalance schedule-test ipv6 [ vpn-instance vpn-instance-name ] { application http { message-file file-name | method { get | post } url url [ header header ]&<1-10> [ content content-value ] } | protocol { protocol-number | icmpv6 | tcp | udp } } destination destination-address destination-port destination-port source source-address source-port source-port [ slot slot-number ]

In IRF mode:

Enabling SNMP notifications

About this task

To report critical load balancing events to an NMS, enable SNMP notifications for load balancing. For load balancing event notifications to be sent correctly, you must also configure SNMP as described in Network Management and Monitoring Configuration Guide.

The SNMP notifications configuration tasks for Layer 4 and Layer 7 server load balancing are the same.

Procedure

1. Enter system view.

system-view

2. Enable SNMP notifications for load balancing.

snmp-agent trap enable loadbalance

By default, SNMP notifications are enabled for load balancing.

Enabling load balancing logging

About load balancing logging

For security auditing purposes, enable load balancing logging to record load balancing information. Load balancing logging includes the following types:

· Basic logging.

· Link flow logging.

· NAT logging.

· Link busy state logging.

Basic logging generates logs for the following events:

· The state of a link or link group changes.

· The health monitoring result of a link changes.

· The number of connections on a link or virtual server reaches or drops below the upper limit.

· The connection establishment rate on a link or virtual server reaches or drops below the upper limit.

· A primary/backup server farm switchover occurs between server farms specified for a virtual server.

· A primary/backup server farm switchover occurs between server farms specified for an LB action.

Link flow logging records flows forwarded through all links.

NAT logging records NAT session information, including IP address and port translation information and access information.

Link busy state logging records busy states for all links.

Enabling load balancing basic logging

1. Enter system view.

system-view

2. Enable load balancing basic logging.

loadbalance log enable link-flow

By default, load balancing basic logging is enabled.

Enabling load balancing link flow logging

1. Enter system view.

system-view

2. Enable load balancing link flow logging.

loadbalance log enable link-flow

By default, load balancing link flow logging is enabled.

Enabling load balancing NAT logging

1. Enter system view.

system-view

2. Enable load balancing NAT logging.

loadbalance log enable nat

By default, load balancing NAT logging is disabled.

Enabling load balancing link busy state logging

1. Enter system view.

system-view

2. Enable load balancing link busy state logging.

loadbalance log enable bandwidth-busy

By default, load balancing link busy state logging is disabled.

Displaying and maintaining outbound link load balancing

Execute display commands in any view and reset commands in user view.

Task	Command
Display LB action information.	display loadbalance action [ name action-name ]
Display LB class information.	display loadbalance class [ name class-name ]
Display LB hot backup statistics.	In standalone mode:‌ display loadbalance hot-backup statistics [ slot slot-number ] In IRF mode: display loadbalance hot-backup statistics [ chassis chassis-number slot slot-number ]
Display ISP information.	display loadbalance isp [ ip ipv4-address \| ipv6 ipv6-address \| name isp-name ]
Display LB policy information.	display loadbalance policy [ name policy-name ]
Clear the recorded link health monitoring failures.	display loadbalance probe failed-record link [ name name ]
Display proximity entry information.	In standalone mode:‌ display loadbalance proximity [ vpn-instance vpn-instance-name ] [ ip [ ipv4-address ] \| ipv6 [ ipv6-address ] ] [ traffic-group traffic-group-id ] [ slot slot-number ] In IRF mode: display loadbalance proximity [ vpn-instance vpn-instance-name ] [ ip [ ipv4-address ] \| ipv6 [ ipv6-address ] ] [ traffic-group traffic-group-id ] [ chassis chassis-number slot slot-number ]
Display parameter profile information.	display parameter-profile [ name parameter-name ]
Display link information.	display loadbalance link [ brief \| name link-name ]
Display link group member information.	display loadbalance link link-group link-group-name [ name link-name ]
Display link statistics.	In standalone mode:‌ display loadbalance link statistics [ name link-name ] [ slot slot-number ] In IRF mode: display loadbalance link statistics [ name link-name] [ chassis chassis-number slot slot-number ]
Display link group member statistics.	In standalone mode:‌ display loadbalance link statistics link-group link-group-name [ name link-name ] [ slot slot-number ] In IRF mode: display loadbalance link statistics link-group link-group-name [ name link-name ] [ chassis chassis-number slot slot-number ]
Display link outbound interface statistics.	display loadbalance link out-interface statistics [ name link-name ]
Display link group information.	display loadbalance link-group [ brief \| name link-group-name ]
Display sticky entry information.	In standalone mode:‌ display sticky virtual-server [ virtual-server-name ] [ class class-name \| default-class \| default-link-group ] [ traffic-group traffic-group-id ] [ slot slot-number ] In IRF mode: display sticky virtual-server [ virtual-server-name ] [ class class-name \| default-class \| default-link-group ] [ traffic-group traffic-group-id ] [ chassis chassis-number slot slot-number ]
Display sticky group information.	display sticky-group [ name group-name ]
Display virtual server information.	display virtual-server [ brief \| name virtual-server-name ]
Display virtual server statistics.	In standalone mode:‌ display virtual-server statistics [ name virtual-server-name ] [ slot slot-number ] In IRF mode: display virtual-server statistics [ name virtual-server-name ] [ chassis chassis-number slot slot-number ]
Display the ALG status for all protocols.	display loadbalance alg
Display DNS cache information.	In standalone mode:‌ display loadbalance dns-cache [ vpn-instance vpn-instance-name ] [ domain-name domain-name ] [ traffic-group traffic-group-id ] [ slot slot-number ] In IRF mode: display loadbalance dns-cache [ vpn-instance vpn-instance-name ] [ domain-name domain-name ] [ traffic-group traffic-group-id ] [ chassis chassis-number slot slot-number ]
Clear LB hot backup statistics.	reset loadbalance hot-backup statistics
Clear proximity entry information.	reset loadbalance proximity [ vpn-instance vpn-instance-name ] [ ip [ ipv4-address ] \| ipv6 [ ipv6-address ] ]
Clear the recorded health monitoring failures.	reset loadbalance probe failed-record link [ name name ]
Clear all Layer 7 connections.	reset loadbalance connections
Clear link statistics.	reset loadbalance link statistics [ link-name ]
Clear link group member statistics.	reset loadbalance link statistics link-group link-group-name [ name link-name ]
Clear virtual server statistics.	reset virtual-server statistics [ virtual-server-name ]
Clear DNS cache information.	reset loadbalance dns-cache [ vpn-instance vpn-instance-name ] [ domain-name domain-name ] [ traffic-group traffic-group-id ]

Outbound link load balancing configuration examples‌

Example: Configuring outbound link load balancing

Network configuration

In Figure 4, ISP 1 and ISP 2 provide two links, Link 1 and Link 2, with the same router hop count, bandwidth, and cost. Link 1 has lower network delay.

Configure link load balancing for the device to select an optimal link for traffic from the client host to the server.

Figure 4 Network diagram

‌

Procedure

1. Assign IP addresses to interfaces:

# Assign an IP address to interface GigabitEthernet 1/0/1.

<Device> system-view

[Device] interface gigabitethernet 1/0/1

[Device-GigabitEthernet1/0/1] ip address 10.1.1.1 255.255.255.0

[Device-GigabitEthernet1/0/1] quit

# Assign IP addresses to other interfaces in the same way. (Details not shown.)

2. Add interfaces to security zones.

[Device] security-zone name untrust

[Device-security-zone-Untrust] import interface gigabitethernet 1/0/1

[Device-security-zone-Untrust] import interface gigabitethernet 1/0/2

[Device-security-zone-Untrust] quit

[Device] security-zone name trust

[Device-security-zone-Trust] import interface gigabitethernet 1/0/3

[Device-security-zone-Trust] quit

3. Configure a security policy:

Configure rules to permit traffic from the Trust security zone to the Untrust security zone and traffic from the Local security zone to the Untrust security zone, so the users can access the server:

# Configure a rule named lbrule1 to allow the users to access the server.

[Device] security-policy ip

[Device-security-policy-ip] rule name lbrule1

[Device-security-policy-ip-1-lbrule1] source-zone trust

[Device-security-policy-ip-1-lbrule1] destination-zone untrust

[Device-security-policy-ip-1-lbrule1] source-ip-subnet 192.168.1.0 255.255.255.0

[Device-security-policy-ip-1-lbrule1] action pass

[Device-security-policy-ip-1-lbrule1] quit

# Configure a rule named lblocalout to allow the device to send probe packets to the next hop.

[Device-security-policy-ip] rule name lblocalout

[Device-security-policy-ip-2-lblocalout] source-zone local

[Device-security-policy-ip-2-lblocalout] destination-zone untrust

[Device-security-policy-ip-2-lblocalout] destination-ip-subnet 10.1.1.0 255.255.255.0

[Device-security-policy-ip-2-lblocalout] destination-ip-subnet 20.1.1.0 255.255.255.0

[Device-security-policy-ip-2-lblocalout] action pass

[Device-security-policy-ip-2-lblocalout] quit

[Device-security-policy-ip] quit

4. Configure a link group:

# Create the ICMP-type NQA template t1, and configure the NQA client to send the probe result to the feature that uses the template on a per-probe basis.

[Device] nqa template icmp t1

[Device-nqatplt-icmp-t1] reaction trigger per-probe

[Device-nqatplt-icmp-t1] quit

# Specify the default proximity probe method as t1, and set the network delay weight for proximity calculation to 200.

[Device] loadbalance proximity

[Device-lb-proximity] match default probe t1

[Device-lb-proximity] rtt weight 200

[Device-lb-proximity] quit

# Create the link group lg, and enable the proximity feature.

[Device] loadbalance link-group lg

[Device-lb-lgroup-lg] proximity enable

# Disable the NAT feature.

[Device-lb-lgroup-lg] transparent enable

[Device-lb-lgroup-lg] quit

5. Configure links:

# Create the link link1 with next hop address 10.1.1.2, and add it to the link group lg.

[Device] loadbalance link link1

[Device-lb-link-link1] router ip 10.1.1.2

[Device-lb-link-link1] link-group lg

[Device-lb-link-link1] quit

# Create the link link2 with next hop address 20.1.1.2, and add it to link group lg.

[Device] loadbalance link link2

[Device-lb-link-link2] router ip 20.1.1.2

[Device-lb-link-link2] link-group lg

[Device-lb-link-link2] quit

6. Create the link-IP virtual server vs with VSIP 0.0.0.0/0, specify its default master link group lg, and enable the virtual server.

[Device] virtual-server vs type link-ip

[Device-vs-link-ip-vs] virtual ip address 0.0.0.0 0

[Device-vs-link-ip-vs] default link-group lg

[Device-vs-link-ip-vs] service enable

[Device-vs-link-ip-vs] quit

Verifying the configuration

# Display brief information about all links.

[Device] display loadbalance link brief

Link Router IP/Interface State VPN instance Link group

link1 10.1.1.2 Active lg

link2 20.1.1.2 Active lg

# Display detailed information about all link groups.

[Device] display loadbalance link-group

Link group: lg

Description:

Predictor: Round robin

Proximity: Enabled

NAT: Disabled

SNAT pool:

Failed action: Keep

Active threshold: Disabled

Slow-online: Disabled

Selected link: Disabled

Probe information:

Probe success criteria: All

Probe method:

Total link: 2

Active link: 2

Link list:

Name State VPN instance Router IP/Interface Weight Priority

link1 Active 10.1.1.2 100 4

link2 Active 20.1.1.2 100 4

# Display detailed information about all virtual servers.

[Device] display virtual-server

Virtual server: vs

Description:

Type: LINK-IP

State: Active

VPN instance:

Virtual IPv4 address: 0.0.0.0/0

Virtual IPv6 address: --

Port: 0 (any port)

Primary link group: lg (in use)

Backup link group:

Sticky:

LB policy:

LB limit-policy:

Connection limit: --

Rate limit:

Connections: --

Bandwidth: --

Inbound bandwidth: --

Outbound bandwidth: --

Connection synchronization: Disabled

Sticky synchronization: Disabled

Bandwidth busy protection: Disabled

Interface bandwidth statistics: Disabled

Route advertisement: Disabled

# Display brief information about all IPv4 proximity entries.

[Device] display loadbalance proximity ip

IPv4 entries in total: 1

IPv4 address/Mask length Timeout Best link

------------------------------------------------------------

10.1.0.0/24 50 link1

06-Load Balancing Configuration Guide

LB classes

LB actions

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

Setting the bandwidth ratio and maximum expected bandwidth

About this task

Procedure

About this task

Procedure

Specifying a VPN instance

Specifying link groups

About this task

Procedure

About this task

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Procedure

Specifying link groups