IP-link can be configured to work with PBR on a USG6000.
Configure IP-link to work with PBR on a USG6000:
1. Networking requirements
An enterprise has two service departments: A and B. Departments A and B have heavy traffic and require different links for traffic balancing. High stability and service continuity are required.
To meet these requirements, the enterprise has two links (ISP1 and ISP2) to access the Internet. The two links share the traffic and can back up each other to ensure service continuity.
The requirements are detailed as follows:
a. Department A resides on network segment 10.1.0.0/16 and its packets pass through link ISP1 in normal cases.
b. Department B resides on network segment 10.2.0.0/16 and its packets pass through link ISP2 in normal cases.
c. The links of departments A and B are mutually backed up. If the link (active link) of a department is faulty, traffic is switched to the link (standby link) of the other department.
2. Configuration roadmap
a. To balance traffic on different links, configure PBR based on source IP addresses, so that packets from department A pass through ISP1 and those from department B pass through ISP2.
b. To ensure the continuity and mutual backup of links at which departments A and B reside, perform the following:
(1) Configure PBR to interwork with IP-link. IP-link monitors the reachability of the active links of departments A and B. If an active link fails, PBR becomes invalid. The firewall searches for standby routes to ensure service continuity.(2) Configure static routes from department A to link ISP2 and from department B to link ISP1 as the backup routes of departments A and B. IP-link monitors the reachability of the standby links of departments A and B.