< Home

Limitations and Precautions for IP-Link

Read this section carefully to learn the limitations and precautions before you configure IP-Link.

Hardware Requirements

The IP-link function is supported by all models.

License Requirements

The IP-link function is not license-controlled.

Limitations

The VT interface used by L2TP VPN does not support the sending of IP-Link detection packets. That is, the FW cannot use the L2TP VPN VT interface as the outbound interface to detect the connectivity of the link to the destination. Therefore, do not configure the IP-Link function that uses the L2TP VPN VT interface (including the interface specified with the destination command or queried based on the next hop in the routing table) as the outbound interface.

Precautions

  • To prevent IP-Link and health check detection packets from being discarded due to a high CPU usage or overloaded interface, the device preferentially processes detection packets of the first 10 detection items of IP-Link and health check in a non-virtual system scenario. The device processes detection packets of the excess detection items according to the normal process. However, in a virtual system scenario, the public system and virtual systems share the specification of 10 detection items whose detection packets are preferentially processed. To prevent IP-Link and health check status flapping in virtual systems, for detection packets forwarded across the public system, configure a traffic diversion table (using the firewall import-flow public or firewall ipv6 import-flow public command) in the public system to divert packets destined for the IP address in a virtual system to the corresponding virtual system. This delivers the same effect as in a non-virtual system scenario; for detection packets forwarded across a non-public virtual system, the device does not preferentially process the detection packets of the first 10 detection items but process them according to the normal process.
  • You are advised to set an interval to 5s or longer for sending IP-link detection packets and set the maximum number of allowed IP-link detection timeout failures to 3 or more. A smaller value may cause IP-link flapping, and services may be affected.
  • IP-link detection packets are not controlled by security policies and are permitted by default. Therefore, no security policy needs to be configured.
  • After configuring IP-Link, ensure that the probe packets and response packets can be properly routed.
Parent Topic: IP-Link
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >