Static routing firewall
Common Routing Protocol Overview
static routes, static routes multiple outlet
dynamic routing
Ø scope divided by
1) IGP routes: the RIP, the OSPF, the ISIS
2) EGP route: the BGP
Ø algorithm is divided by using
3) link state protocol: the OSPF, the ISIS
. 4 ) distance vector protocols: RIP, BGP
policy-based routing, ISP routing
Priority routing protocol
When there are multiple routing information sources, the route having the highest priority routing protocols will become the current route
Huawei in default, dynamic priority than static
The basic concept of static routing
configure static routes can be implemented in a very precise control of routing, but when the network changes or failures require administrator to manually configure
语法: ip route-static 目标地址 掩码 下一跳地址
出接口
出接口+下一跳(推荐) static routes can specify the output interface or the next hop address of the
outgoing interface scenario
. 1) the PPP Interface
2) the PPPoE interfaces
nexthop address scenario
1) NBMA Interface
2) Ethernet
3) Virtual-template
Static routing and multi-outlet
Refers to a multi-outlet USG via a plurality of interfaces connected to the Internet or other network, forming a plurality of interfaces between the primary backup or load sharing relationship, thereby improving the operational reliability
multiple outlet precondition is to take effect on the USG there are multiple equal-cost routes
mode multi outlet supported are
standby mode
load balancing mode
1) a balanced load balancing (the default mode)
2) load balancing overflow
Standby mode
in Master backup mode, the master interface supports up to three designated from the interface, at the same time but only one interface traffic flow, the specific process is as follows
1) from the main interface specifies the interface, and the interface from the set priority. Down state is automatically placed in the interface from the device will be
2) master interface to work, all traffic is transmitted through the primary interface. Even traffic overload, the flow rate is not transmitted from the interface
3) When the main interface failure, the device starts with the highest priority, the state of available interfaces assume master interface automatically all traffic. When the slave interface also fails, another available device starts the next highest priority and so on from the interface
4) When the failed active interface traffic will be switched back to normal when the primary interface. Down from the interface state is again in
the multiple-outlet primary backup mode can only detect direct link failure, when the primary interface of uplink direct link failure can not be detected, the device does not interface switching AMB
Load sharing mode
reach intetnet specified in the above two routes simultaneously firewall to forward data traffic is two things working links
Per-flow and per-packet messages balancing
by stream transfer (stream transfer by default)
1) by the stream forwarding flow units, the same data stream packets forwarded from the same interface, different data streams according to a certain algorithm selected by the interface can send flow guarantee packet sequence, but we can not guarantee bandwidth utilization
by packet forwarding
) for each packet is forwarded to a unit of packet, polling selection interface. The same data stream from the forwarding of packets is not necessarily the same interface. By-packet forwarding can guarantee bandwidth utilization, but does not guarantee the order of packet
2) by packet forwarding messages back and forth may cause inconsistent path, which affects the normal use will depend on the characteristic or state detection of the scene (such as NAT). When the case of the need to ensure consistent messages back and forth, do not choose the path of per-packet load balancing
A balanced load sharing
In a balanced load balancing mode, all the interfaces at the same time bear traffic. USG interface supports up to eight load balancing
a balanced sharing traffic load balancing in two ways
1) percentage load balancing: also known by the weight load balancing, load balancing on the interface provided higher the percentage, the interface is assumed the greater the flow rate of
2) by balancing load balancing: Hash load balancing manner according to choice, can select a source IP address, source port, destination IP address and destination port four elements or more of a Hash value calculation. And select a value according to the flow rate interface transmitting
Configuration Example
The overflow load balancing
Load balancing is the overflow binding standby mode
load balancing in the overflow mode, the master interface supports up to three specified interfaces from the specific process is as follows
1) from the main interface specifies the interface, and setting the priority from the interface level
2) when the primary interface flow rate exceeds the upper limit threshold value set in advance, the device will automatically start with the highest priority, available state is performed with the interface to the primary interface load balancing
3) if the primary interface traffic exceeds the threshold again, the device another useful promoter is the second highest priority from the interface, load balancing between these three interfaces. So
4) only if all of the interfaces between the load balancing interfaces are enabled, the primary interface exceeds the upper threshold even if the flow from all the main
5) when the primary interface flow is less than the lower threshold, the priority of a closing device lowest slave interface. And so on, until the remaining active interface undertakes flow 
Configuration Example
