What is the command used on a USG6000 to check whether the next hop is reachable?
The command for the USG6000 to detect whether the next hop is reachable is described as follows:
1. Definition of IP-link
With IP-link, the firewall periodically transmits ICMP echo requests or ARP requests to a specific destination IP address and waits for the response. If no response packet is received within a specific period of time (3 seconds by default), the firewall considers the link faulty. If three consecutive response packets are received within the specified period after the link is faulty, the firewall considers the link recovered.
IP-link automatically checks the status of service links. It can detect the status of the links indirectly connected to a firewall for service continuity.
b. Command syntax
[NGFW] ip-link check enable
[NGFW] ip-link 1 destination X.X.1.2 mode icmp
[NGFW] ip-link 2 destination X.X.1.3 mode icmp
[NGFW] ip route-static 0.0.0.0 0.0.0.0 X.X.1.2 track ip-link 1
[NGFW] ip route-static 0.0.0.0 0.0.0.0 X.X.1.3 preference 70 track ip-link 2
For more details about IP-link, see the case of association between IP-link and hot standby on a USG6000.
2. BFD definition
Bidirectional Forwarding Detection (BFD) quickly detects communication faults between systems and reports the faults to upper-layer protocols.
To minimize the impact of failures on services and improve network availability, network devices need to rapidly detect communication failures to take early remedial actions for service continuity.
BFD provides the following functions:
(1) Low-overhead and quick fault detection for links between adjacent forwarding engines. The faults may occur on interfaces, data links, or even forwarding engines.
(2) A single mechanism to detect any media and protocol layers in real time. In addition, the detection duration and overhead range are variable.
b. Command syntax
(1) Configure a BFD session.
[NGFW_A] bfd ab bind peer-ip X.X.1.2
[NGFW_A-bfd-session-ab] discriminator local 10
[NGFW_A-bfd-session-ab] discriminator remote 20
(2) Associate static routes with BFD.[NGFW_A] ip route-static 192.168.1.0 255.255.255.0 X.X.X.2 track bfd-session ab