Command used on the USG6000 to detect the accessibility of the next hop

The commands used on the USG6000 to detect the accessibility of the next hop are as follows:
1. IP-Link definition
IP-Link indicates the link accessibility check. The NGFW periodically sends ICMP echo requests or ARP requests to the specified destination IP address and waits for responses. If no response is received with the specified period of time (3s by default), the firewall considers that the current link is faulty and performs subsequent link-related operations. If the firewall receives three consecutive responses over the original link within the subsequently-specified period of time, the firewall considers that the link fault is eliminated and performs subsequent link recovery-related operations.
a. Purposes
IP-Link is mainly used to automatically detect whether a service link is normal. It can be used to detect the status of a link that is not directly connected to the NGFW to ensure service continuity.

b. Command format
[NGFW] ip-link check enable
[NGFW] ip-link 1 destination 10.10.1.2 mode icmp
[NGFW] ip-link 2 destination 10.10.1.3 mode icmp
[NGFW] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 track ip-link 1
[NGFW] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 preference 70 track ip-link 2

For details about IP-Link, click link url="http://support.huawei.com/ecommunity/bbs/10248185.html">USG6000 Series Cases for Interworking Between IP-Link and the Hot Standby Devices.

2. Bidirectional forwarding detection (BFD) definition
The BFD is used to fast detect communication faults between systems and report the faults to the upper layer protocol in a timely manner.
a. Purposes
To minimize impacts caused by device faults on services and improve network availability, network devices need to detect faults in communication with adjacent devices in a timely manner to avoid service interruption.
The BFD has the following functions:
(1) Provide a light-load and fast fault detection mechanism for links between adjacent forwarding engines. The faults include interface faults, data link faults, or even forwarding engine faults.
(2) Provide a single mechanism used to detect any media or protocol layer in real time, with wide detection time and overhead ranges.
b. Command format
(1) The commands used to configure the BFD session are as follows:
[NGFW_A] bfd
[NGFW_A-bfd] quit
[NGFW_A] bfd ab bind peer-ip 10.1.1.2
[NGFW_A-bfd-session-ab] discriminator local 10
[NGFW_A-bfd-session-ab] discriminator remote 20
[NGFW_A-bfd-session-ab] commit
(2) The command used to configure the interworking between the static route and BFD session is as follows:
[NGFW_A] ip route-static 192.168.1.0 255.255.255.0 10.1.1.2 track bfd-session ab

Scroll to top