Key Points for Configuring the Global Route Selection Policy

This section describes how to configure a global route selection policy.

Context

In the multi-egress scenario, when there are multiple equal-cost routes or default routes to the destination network, the global route selection policy enables the FW to dynamically select an outbound interface for traffic matching equal-cost routes or default routes based on the intelligent uplink selection mode.

By default, intelligent uplink selection based on default routes is enabled. You can run the undo default-route enable command to disable this function. After this function is disabled, if a packet matches the default route (except the equal-cost default route), the device does not perform intelligent uplink selection and selects an outbound interface according to the load balancing mode configured using the firewall_load-balance command.

After the link selection mode is configured, subsequent traffic that passes through the FW will be forwarded on the basis of link selection policies. For earlier traffic, the session is not aged. Therefore, such traffic is not immediately forwarded on the basis of link selection policies. You can run the reset firewall session table command to manually clear the session entry or wait until the session ages.

The service will be interrupted after you clear the session entry. Therefore, exercise caution when you perform this operation. You can clear the session entry only after you confirm that services will not be affected.

Procedure

Configure an intelligent uplink selection member interface.
1. Complete basic interface settings, such as setting the IP address and subnet mask and assigning the interface to a security zone.
2. Set a gateway address for the interface.
3. (Optional) Apply health check to the interface and check the connectivity of the interface link.
4. (Optional) Set link bandwidth and overload protection threshold for the interface.
(Optional) Configure a common interface group. For details on how to configure an ISP interface group, see Key Points for Configuring ISP Link Selection.
An interface group is a group of intelligent uplink selection member interfaces. Adding an interface group equals to adding member interfaces in a batch.
Configure a global route selection policy.
1. Set the intelligent uplink selection mode.
2. Add intelligent uplink selection member interfaces.
3. (Optional) Enable the overload protection function.
4. (Optional) Specify the health check and link quality indicator, and check whether the quality of the link for the outbound interface meets the link quality requirements.
5. (Optional) Configure the sticky session function.
6. (Optional) Set the parameter for intelligent uplink selection hashing.
7. (Optional) When the intelligent uplink selection mode is the active/standby backup based on the link priority, Enable the function of automatically disabling the backup interface.

Configuring an Intelligent Uplink Selection Member Interface

Operation	Command	Description
Access the system view	system-view	-
Access the interface view	interface interface-type { interface-number \| interface-number.subinterface-number }	The interface is an intelligent uplink selection member interface. Before you add a member interface for intelligent uplink selection, you need to complete basic interface settings, such as setting the IP address and subnet mask and assigning the interface to a security zone first. The details are omitted.
Set a gateway address for the interface	gateway gateway-address [ route { enable \| disable } ]	By default, after you configure a gateway address for an intelligent uplink selection member interface, a specific default route will be delivered. You do not need to configure the gateway address for the PPPoE interface, Dialer interface, Tunnel interface.
(Optional) Apply health check to the interface	healthcheck healthcheck-name	Health check must have been configured. After health check is applied to the interface, the FW performs intelligent uplink selection only on healthy links. If health check is not configured, all links are normal by default. NOTE: Only one health check can be applied to an interface.
(Optional) Set link bandwidth and overload protection threshold for the interface	bandwidth { egress \| ingress } bandwidth-value [ threshold threshold ]	If the overload protection threshold is not specified, excess traffic will be discarded after the traffic exceeds the interface processing capability. If the interface is an intelligent uplink selection member interface, you are advised to specify the overload protection threshold for the link of the interface. If the link is overloaded (the bandwidth usage reaches the value specified in threshold), the member interface is no longer available for intelligent uplink selection, and the FW selects an outbound interface only from the member interfaces that are not overloaded. If the bandwidth usage of an overloaded link becomes smaller than threshold, the member interface participates in the intelligent uplink selection again. When all member interfaces are overloaded, the FW forwards traffic in intelligent uplink selection mode regardless of the overload. NOTE: When you set the intelligent uplink selection mode to load balancing by link bandwidth, you must set bandwidth for the member interfaces, and you are advised to set overload protection threshold. When you set the intelligent uplink selection mode to other modes, you are advised to set link bandwidth and overload protection threshold to achieve the best effects.

(Optional) Configure a Common Interface Group

Operation	Command	Description
Create a common interface group	interface-group [ interface-group-id ] name interface-group-name	-
Add member interfaces to the interface group	add interface interface-type interface-number	-

Configure a Global Route Selection Policy

Access the global multi-egress view.
multi-interface

Set the intelligent uplink selection mode of the global route selection policy.

mode { priority-of-link-quality | priority-of-userdefine | proportion-of-bandwidth | proportion-of-weight }

The intelligent uplink selection mode determines the standard of link selection. The global route selection policy supports four link selection modes:

Intelligent Uplink Selection Mode	Command	Description
Load balancing by link bandwidth	mode proportion-of-bandwidth	The FW forwards traffic to each link based on the link bandwidth ratio.
Load balancing by link quality	mode priority-of-link-quality	The FW tunes traffic distribution dynamically based on real-time traffic transmission quality. You can use packet loss ratio, delay, and/or jitter to evaluate the traffic transmission quality of a link to select the link with the best quality for traffic forwarding.
Load balancing by link weight	mode proportion-of-weight	The FW forwards traffic to each link based on the link weight ratio. Load balancing by link weight is the default intelligent uplink selection mode.
Active/Standby backup by link priority	mode priority-of-userdefine	The FW preferentially use the link with the highest priority to transmit traffic and all the other links as backup links or load balancing links.

Perform the following configurations when the link selection mode is load balancing by link quality:

Operation	Command	Description
Set a protocol type for link quality detection packets	priority-of-link-quality protocol { icmp \| tcp-simple }	The default protocol type of link quality detection packets is tcp-simple.
Set quality parameters for link quality probing	priority-of-link-quality parameter { delay \| jitter \| loss } ^*	The default quality parameter for link quality probing is packet loss ratio (loss).
Set the number of probes and interval of link quality detection	priority-of-link-quality { interval interval \| times times } ^*	By default, the detection interval (interval) is 5 seconds, and the number of probes (times) is 3.
Set the mask length for link quality detection	priority-of-link-quality mask mask-length	By default, the mask length is 16. After you run the mode command to set the mode of intelligent uplink selection to load balancing by link quality, you can run the priority-of-link-quality mask command sets the mask length. The configuration takes effect globally. That is, intelligent uplink selection for all policy-based routes uses this mask length. After completing link quality detection for a certain destination IP address, the device considers the detection result as the link quality of the destination subnet. The destination subnet is determined by the destination IP address and the mask length specified in the command. You can run the display priority-of-link-quality table command to display the destination IP address and mask length. In link quality detection, a destination IP address can represent all IP addresses in the destination subnet. You can expand or narrow down the subnet range based on the actual condition. The default value is recommended.
Set the aging time of link quality detection entries	priority-of-link-quality table aging-time aging-time	By default, the aging time is 1800 seconds.

Add intelligent uplink selection member interfaces.

add { interface interface-type interface-number | interface-group { interface-group-name | isp isp-name } } [ priority priority | weight weight ] ^*

The FW selects outbound interfaces from only intelligent uplink selection member interfaces. You need to set related parameters for the member interfaces based on the specified intelligent uplink selection mode.

Operation	Command	Description
Bandwidth and overload protection threshold for the member interfaces	The interface bandwidth and overload protection threshold have been configured during interface configuration.	When you set the intelligent uplink selection mode to load balancing by link bandwidth, you need to set bandwidth for the member interfaces. To implement interface overload protection, you also need to set the overload protection threshold. When the link bandwidth usage reaches the threshold, the FW will no longer use the link for traffic transmission, but uses a link that is not overloaded.
Member interface weight	add { interface interface-type interface-number \| interface-group { interface-group-name \| isp isp-name } } weight weight	When you set the intelligent uplink selection mode to load balancing by link weight, you need to set weight for the member interfaces. If you do not set the weight, the default weight is 1.
Member interface priority	add { interface interface-type interface-number \| interface-group { interface-group-name \| isp isp-name } } priority priority	When you set the intelligent uplink selection mode to active/standby backup by link priority, you need to set priority for the member interface. If you do not set the priority, the default priority is 1.

(Optional) Enable the overload protection function.
overload protection enable

By default, overload protection is enabled for intelligent uplink selection.

When the bandwidth usage and overload protection threshold are specified on an intelligent uplink selection member interface, if the bandwidth usage of a link reaches the overload protection threshold, the FW excludes the overloaded link and selects routes from unoverloaded links. When a link is overloaded, new sessions need to be switched to another link, affecting service experience. The FW supports the use of the undo overload protection enable command to disable the link overload protection function. In this case, the link is not switched even if it is overloaded.
(Optional) Specify the health check and link quality indicator.
healthcheck healthcheck-name sla sla-name

A health check object is created using the healthcheck name command. A link quality indicator is created using the sla name command.

Link quality detection depends on the health check. If more intelligent route selection is required based on the link delay, jitter, and packet loss rate, you need to reference a health check object and link quality indicator in the route selection policy. Referencing the health check on a route selection member interface can detect only the connectivity of the interface link.

After health check and link quality indicator objects are referenced in a global routing policy or multi-ISP policy-based route, the FW checks whether the link quality (delay, jitter, and packet loss rate) meets the quality requirements of link quality indicators in real time. The links that do not meet the requirements are not allowed to participate in intelligent uplink selection until their link quality meets the requirements.

(Optional) Configure the sticky session function.

Operation	Command	Description
Enable the sticky session function	session persistence enable	By default, the sticky session function is disabled for intelligent uplink selection. NOTICE: After the sticky session function is disabled, the FW immediately deletes all sticky session entries of the corresponding intelligent route selection policy, which may cause link switchover for some users. Therefore, exercise with caution. When a link involved in intelligent uplink selection is down, the sticky session entry of the link is immediately aged out, and the FW selects a normal link for subsequent traffic.
Configure the sticky session mode	session persistence mode { source-ip \| destination-ip } ^*	The default sticky session mode is source-ip. NOTICE: After the sticky session mode is changed, the FW immediately deletes all sticky session entries of the intelligent uplink selection policy. which may cause link switchover for some users. Therefore, exercise with caution.
Set the source or destination subnet mask length	session persistence source-ip mask mask-length session persistence destination-ip mask mask-length	The default source subnet mask length is 32 bits, and default destination subnet mask length is 16 bits. NOTICE: After you modify the source or destination subnet mask length, the FW deletes all existing sticky session entries, which may cause link switchover for some users. Therefore, exercise with caution.
Set the aging time of sticky session entries	session persistence table aging-time aging-time	The default aging time of sticky session entries is 300 seconds. If a sticky session entry is not matched by any session during the aging time period, the entry is aged out.

(Optional) When the intelligent uplink selection mode is load balancing based on link bandwidth or link weight, set the parameter for intelligent uplink selection hashing.
load-balance flow hash { destination-ip | destination-port | source-ip | source-port } ^*

The default hash input for intelligent uplink selection is source IP address (source-ip). If traffic on the outbound interface is uneven, adjust the hash mode.

When the intelligent uplink selection mode is load balancing based on link bandwidth or link weight, and multiple outbound interfaces are available for intelligent uplink selection, the FW will select one of the interfaces as the outbound interface based on the hash result. For example, when the intelligent uplink selection mode is load balancing by link bandwidth and the links of the two interfaces have the same bandwidth and are both not overloaded, the FW will select one of the interfaces as the outbound interface based on the hash result.
(Optional) When the intelligent uplink selection mode is the active/standby backup based on the link priority, Enable the function of automatically disabling the backup interface.
standby-interface status down

When the intelligent uplink selection mode is active/standby backup by link priority, the member interface with the highest priority is the active interface, and all the other member interfaces are standby interfaces. After you run this command, the status of all standby interfaces become Down. When the active interface is overloaded (interface overload protection must be configured) or becomes Down, the standby interface with the highest priority becomes Up, but all the other standby interfaces remain Down. When the active interface and the standby interface with the highest priority are both overloaded or become Down, the standby interface with the second highest priority becomes Up.

Do not enable this function if both an interface (Eth-trunk1) and a subinterface (Eth-trunk1.1) are configured as the standby interfaces and the priority of the subinterface is higher. Otherwise, both the interface and subinterface are to switch between the Up and Down states.