Association between IP-link and PBR on a USG2000&5000
Configure PBR on a USG2000&5000:
1. Networking requirements
The enterprise has two links (ISP1 and ISP2) to connect departments A and B to the Internet. The two links share the traffic and can back up each other to ensure service continuity.
The requirements are detailed as follows:
a. Department A resides on network segment 10.1.0.0/16 and its packets pass through link ISP1 in normal cases.
b. Department B resides on network segment 220.127.116.11/16 and its packets pass through link ISP2 in normal cases.
c. The links of departments A and B are mutually backed up. If the link (active link) of a department is faulty, traffic is switched to the link (standby link) of the other department.
2. Configuration roadmap
The roadmap for configuring PBR to associate with IP-link is as follows:
a. To balance traffic on different links, configure PBR based on source IP addresses, so that packets from department A pass through ISP1 and those from department B pass through ISP2.
b. To ensure the continuity and mutual backup of links at which departments A and B reside, perform the following:
(1) Configure PBR to interwork with IP-link. IP-link monitors the reachability of the active links of departments A and B. If an active link fails, PBR becomes invalid. The firewall searches for standby routes to ensure service continuity.(2) Configure static routes from department A to link ISP2 and from department B to link ISP1 as the backup routes of departments A and B. IP-link monitors the reachability of the standby links of departments A and B.