The policy-based routing remains in effect when double outlet has single link failure

Publication Date:  2012-09-12 Views:  178 Downloads:  0
Issue Description
USG5300 as the device of export, there are two exports to the operators isp1 and isp2 respectively. Two internal network segments through policy-based routing access to the external network from different exports .Using the default route to the routing of the two operators. When one link fails, want to be able to access the external network from another exit. However, an outbound interface isp1 failure, internal segment can not access to external network, policy-based routing is still in force, the configuration is as follows:
#
ip-link check enable
ip-link 1 destination 221.214.164.97 mode icmp
ip-link 2 destination 60.212.47.1 mode icmp
#
traffic classifier class2
if-match acl 3002
traffic classifier class1
if-match acl 3001
#
traffic behavior behavior1
  remark ip-nexthop 221.214.164.97 output-interface GigabitEthernet0/0/1
traffic behavior behavior2
  remark ip-nexthop 60.212.47.1 output-interface GigabitEthernet0/0/2
#
qos policy mypolicy
classifier class1 behavior behavior1
classifier class2 behavior behavior2
#
ip route-static 0.0.0.0 0.0.0.0 221.214.164.97
ip route-static 0.0.0.0 0.0.0.0 60.212.47.1
Alarm Information
None
Handling Process
1.Check the configuration.
2.The user configure the ip-link detection , check the ip-link state:
[USG5320] disp ip-link
20:00:15 2012/06/01
num state timer mode vpn-instance ip-address interface-name
1 up 3 icmp 221.214.164.97
Although ips1 interface have been down, but the state of the ip-link still up , policy-based routing is still in force.
3. Modify the configuration of ip-link:
ip-link 1 destination 221.214.164.97 interface GigabitEthernet0/0/1 mode icmp
ip-link 2 destination 60.212.47.1 interface GigabitEthernet0/0/2 mode icmp
Check the ip-link state again:
[USG5320] disp ip-link
20:00:15 2012/06/01
num state timer mode vpn-instance ip-address interface-name
1 down 3 icmp 221.214.164.97
ip-link state is normal, policy-based routing is not in effect, internal network can access to external network from another interface.
Root Cause
1.The configuration issue
2.The version issue
3.Other
Suggestions
Policy-based routing and ip-link state associated , the ip-link state decide whether the policy–based routing in force. 

END