In Figure 1, ISP 1 and ISP 2 provide two links, Link 1 and Link 2, with the same router hop count, bandwidth, and cost. Link 1 has lower network delay.
Configure link load balancing for the device to select an optimal link for traffic from the client host to the server.
This configuration example was created and verified on F9900 of the F5000-AI120 device.
1. Assign IP addresses to interfaces:
# Assign an IP address to interface GigabitEthernet 1/0/1.
<Device> system-view
[Device] interface gigabitethernet 1/0/1
[Device-GigabitEthernet1/0/1] ip address 10.1.1.1 255.255.255.0
[Device-GigabitEthernet1/0/1] quit
# Assign IP addresses to other interfaces in the same way. (Details not shown.)
2. Add interfaces to security zones.
[Device] security-zone name untrust
[Device-security-zone-Untrust] import interface gigabitethernet 1/0/1
[Device-security-zone-Untrust] import interface gigabitethernet 1/0/2
[Device-security-zone-Untrust] quit
[Device] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/3
[Device-security-zone-Trust] quit
3. Configure a security policy:
Configure rules to permit traffic from the Trust security zone to the Untrust security zone and traffic from the Local security zone to the Untrust security zone, so the users can access the server:
# Configure a rule named lbrule1 to allow the users to access the server.
[Device] security-policy ip
[Device-security-policy-ip] rule name lbrule1
[Device-security-policy-ip-1-lbrule1] source-zone trust
[Device-security-policy-ip-1-lbrule1] destination-zone untrust
[Device-security-policy-ip-1-lbrule1] source-ip-subnet 192.168.1.0 255.255.255.0
[Device-security-policy-ip-1-lbrule1] action pass
[Device-security-policy-ip-1-lbrule1] quit
# Configure a rule named lblocalout to allow the device to send probe packets to the next hop.
[Device-security-policy-ip] rule name lblocalout
[Device-security-policy-ip-2-lblocalout] source-zone local
[Device-security-policy-ip-2-lblocalout] destination-zone untrust
[Device-security-policy-ip-2-lblocalout] destination-ip-subnet 10.1.1.0 255.255.255.0
[Device-security-policy-ip-2-lblocalout] destination-ip-subnet 20.1.1.0 255.255.255.0
[Device-security-policy-ip-2-lblocalout] action pass
[Device-security-policy-ip-2-lblocalout] quit
[Device-security-policy-ip] quit
4. Configure a link group:
# Create the ICMP-type NQA template t1, and configure the NQA client to send the probe result to the feature that uses the template on a per-probe basis.
[Device] nqa template icmp t1
[Device-nqatplt-icmp-t1] reaction trigger per-probe
[Device-nqatplt-icmp-t1] quit
# Specify the default proximity probe method as t1, and set the network delay weight for proximity calculation to 200.
[Device] loadbalance proximity
[Device-lb-proximity] match default probe t1
[Device-lb-proximity] rtt weight 200
[Device-lb-proximity] quit
# Create the link group lg, and enable the proximity feature.
[Device] loadbalance link-group lg
[Device-lb-lgroup-lg] proximity enable
# Disable the NAT feature.
[Device-lb-lgroup-lg] transparent enable
[Device-lb-lgroup-lg] quit
5. Configure links:
# Create the link link1 with next hop address 10.1.1.2, and add it to the link group lg.
[Device] loadbalance link link1
[Device-lb-link-link1] router ip 10.1.1.2
[Device-lb-link-link1] link-group lg
[Device-lb-link-link1] quit
# Create the link link2 with next hop address 20.1.1.2, and add it to link group lg.
[Device] loadbalance link link2
[Device-lb-link-link2] router ip 20.1.1.2
[Device-lb-link-link2] link-group lg
[Device-lb-link-link2] quit
6. Create the link-IP virtual server vs with VSIP 0.0.0.0/0, specify its default master link group lg, and enable the virtual server.
[Device] virtual-server vs type link-ip
[Device-vs-link-ip-vs] virtual ip address 0.0.0.0 0
[Device-vs-link-ip-vs] default link-group lg
[Device-vs-link-ip-vs] service enable
[Device-vs-link-ip-vs] quit
# Display brief information about all links.
[Device] display loadbalance link brief
Link Route IP State VPN instance Link group
link1 10.1.1.2 Active lg
link2 20.1.1.2 Active lg
# Display detailed information about all link groups.
[Device] display loadbalance link-group
Link group: lg
Description:
Predictor: Round robin
Proximity: Enabled
NAT: Disabled
SNAT pool:
Failed action: Keep
Active threshold: Disabled
Slow-online: Disabled
Selected link: Disabled
Probe information:
Probe success criteria: All
Probe method:
t1
Total link: 2
Active link: 2
Link list:
Name State VPN instance Router IP Weight Priority
link1 Active 10.1.1.2 100 4
link2 Active 20.1.1.2 100 4
# Display detailed information about all virtual servers.
[Device] display virtual-server
Virtual server: vs
Description:
Type: LINK-IP
State: Active
VPN instance:
Virtual IPv4 address: 0.0.0.0/0
Virtual IPv6 address: --
Port: 0
Primary link group: lg (in use)
Backup link group:
Sticky:
LB policy:
LB limit-policy:
Connection limit: --
Rate limit:
Connections: --
Bandwidth: --
Inbound bandwidth: --
Outbound bandwidth: --
Connection synchronization: Disabled
Sticky synchronization: Disabled
Bandwidth busy protection: Disabled
Interface bandwidth statistics: Disabled
Route advertisement: Disabled
# Display brief information about all IPv4 proximity entries.
[Device] display loadbalance proximity ip
IPv4 entries in total: 1
IPv4 address/Mask length Timeout Best link
------------------------------------------------------------
10.1.0.0/24 50 link1
#
interface GigabitEthernet1/0/1
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
ip address 20.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/3
ip address 192.168.1.1 255.255.255.0
#
security-zone name Untrust
import interface GigabitEthernet1/0/1
import interface GigabitEthernet1/0/2
#
security-zone name Trust
import interface GigabitEthernet1/0/3
#
security-policy ip
rule 1 name lbrule1
action pass
source-zone trust
destination-zone untrust
source-ip-subnet 192.168.1.0 255.255.255.0
rule 2 name lblocalout
action pass
source-zone local
destination-zone untrust
destination-ip-subnet 10.1.1.0 255.255.255.0
destination-ip-subnet 20.1.1.0 255.255.255.0
#
nqa template icmp t1
reaction trigger per-probe
#
loadbalance proximity
rtt weight 200
match default probe t1
#
loadbalance link-group lg
proximity enable
transparent enable
#
loadbalance link link1
router ip 10.1.1.2
link-group lg
#
loadbalance link link2
router ip 20.1.1.2
link-group lg
#
virtual-server vs type link-ip
virtual ip address 0.0.0.0 0
default link-group lg
service enable