Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
ar router dual isp load b...

ar router dual isp load balancing setup with persistance

Created: May 24, 2019 08:13:02Latest reply: May 28, 2019 09:42:24 2393 5 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

i have 2 isp providers,like in the picture below, and want to setup a load balancing with persistance.


the problem is that i need persistance, because each pc is loged on different sites(let's say 3 sites), and sometimes site 1 works better on isp1 and site 2 and 3 is better on isp 2, and other times it's the other way around. once someone loged on a site if the trafic to that site is sent on a different isp it will give a error and log out that user, that is why it needs to be persistent until 5-10 minutes of inactivity from that pc or until that pc restarts or the user closes the browser.

160422d1qdeei0qtuz12zi.jpg?network.JPG

i am a newbie at networks, can someone please help me with the config?

Like (0) Dislike (0) Favorite(0) Share Report
Previous: How to view the card models of S12700?
Next: How to backup configured file of dslam MA5303 and restore ?
Featured Answers

Recommended answer

(1) (0)
chenhui
Admin Created May 24, 2019 08:30:08

@luciaan123 hi!


You can configure the source-base PBR to adjust the traffic which comes from the specific user to the specific ISP.

To configure PBR, please refer to PBR configuration.

Beware of the route-policy (PBR), which can only be used on the inward directional interface.
View more
  • x
  • convention:
All Answers
(1) (0)
2#
chenhui
chenhui Admin Created May 24, 2019 08:30:08

@luciaan123 hi!


You can configure the source-base PBR to adjust the traffic which comes from the specific user to the specific ISP.

To configure PBR, please refer to PBR configuration.

Beware of the route-policy (PBR), which can only be used on the inward directional interface.
View more
  • x
  • convention:
(0) (0)
3#
luciaan123
luciaan123 Created May 25, 2019 05:41:11

this is my config so far, it kinda works, most of the times, but sometimes it does not, especially if i use firefox. chrome works, but it still needs some refinament.

@chenhui , that link does not work, i do not have permission to acces it.



[V200R009C00SPC500]
#
ipv6
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name portal_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name multi_authen_profile
#
dns resolve
dns server 8.8.8.8
dns server 8.8.4.4
dns proxy enable
#
dhcp enable
#
radius-server template default
#
pki realm default
#
ssl policy default_policy type server
pki-realm default
version tls1.0 tls1.1
ciphersuite rsa_aes_128_cbc_sha
#
acl name GigabitEthernet0/0/0 2997
rule 5 permit
acl name GigabitEthernet0/0/4 2999
rule 5 permit
#
ike proposal default
encryption-algorithm aes-256
dh group14
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
authentication-scheme default
domain default_admin
authentication-scheme default
local-user admin password irreversible-cipher $$$$$$$$$$$$$$$$$
local-user admin privilege level 15
local-user admin service-type http
#
web
set fast-configuration state disable
#
firewall zone Local
#
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
#
nat alg dns enable
nat alg ftp enable
nat alg rtsp enable
nat alg sip enable
nat alg pptp enable
#
interface Vlanif1
ip address 10.10.10.1 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 10.10.10.2 10.10.10.22
dhcp server dns-list 10.10.10.1
#
interface Eth-Trunk1
mode manual load-balance
load-balance src-dst-mac
#
interface Ethernet0/0/0
#
interface GigabitEthernet0/0/0
undo portswitch
description isp1-169
tcp adjust-mss 1200
nat outbound 2997
qos car inbound cir 600000 cbs 112800000 pbs 187800000 green pass yellow pass red discard
qos car outbound cir 400000 cbs 75200000 pbs 125200000 green pass yellow pass red discard
ip address dhcp-alloc
#
interface GigabitEthernet0/0/1
eth-trunk 1
#
interface GigabitEthernet0/0/2
eth-trunk 1
#
interface GigabitEthernet0/0/3
port hybrid untagged vlan 1
#
interface GigabitEthernet0/0/4
description isp2-168
tcp adjust-mss 1200
nat outbound 2999
qos car inbound cir 500000 cbs 94000000 pbs 156500000 green pass yellow pass red discard
qos car outbound cir 300000 cbs 56400000 pbs 93900000 green pass yellow pass red discard
ip address dhcp-alloc
#
interface GigabitEthernet0/0/5
description VirtualPort
#
interface Cellular0/0/0
#
interface Cellular0/0/1
#
interface NULL0
#
snmp-agent local-engineid $$$$$$$$$$$$$
#
set web login-style simple
http secure-server ssl-policy default_policy
http server enable
http secure-server enable
#
ip route-static 0.0.0.0 255.255.255.0 GigabitEthernet0/0/0 192.169.1.1 description to-isp1
ip route-static 0.0.0.0 255.255.255.0 GigabitEthernet0/0/4 192.168.1.1 preference 80 description to-isp2
#
fib regularly-refresh disable
#
user-interface con 0
user-interface vty 0
authentication-mode aaa
user privilege level 15
user-interface vty 1 4
#
wlan
wmm-profile name wmmf id 0
traffic-profile name traf id 0
security-profile name secf id 0
radio-profile name radiof id 0
wmm-profile id 0
radio-profile name arwebradio id 1
wmm-profile id 0
#
interface Wlan-Radio0/0/0
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
autostart
#
secelog
#
return
View more
  • x
  • convention:
(0) (0)
4#
chenhui
chenhui Admin Created May 25, 2019 06:03:09

Posted by luciaan123 at 2019-05-25 05:41 this is my config so far, it kinda works, most of the times, but sometimes it does not, especially i ...
@luciaan123 hi,
I reviewed your configuration. I found that you configured two static routes towards to the two ISPs, and the static route which towards ISP1 has a lower preference(60 by default) than another one, so, theoretically all the traffic will be transfered to the ISP1, rather than load-balance between the two ISP links.
you said the delay for different sites on different links are not same, so you would like to transfer the traffic on the lower latency links, right?
View more
  • x
  • convention:
(0) (0)
5#
luciaan123
luciaan123 Created May 25, 2019 20:50:42

yes, ideally that would be the case, when a pc will first try to acces the site, it should be bound to the isp with the lower latency.

teoretically all the trafil will be send to that isp, but in practice that is not the case in reality about 60% of the traffic is sent to isp1, actually isp 1 has 80% of the total download traffic and 30% upload, and isp 2 has 20% download and 70% upload of the total traffic. i tryed without the preferance 80, and it was about the same, but in that case the upload/download ratios ware almost identical on both isp
View more
  • x
  • convention:
(0) (0)
6#
chenhui
chenhui Admin Created May 28, 2019 09:42:24

emm... that's really strange. you can try to configure the traffic policy or capture packets to inspect which packets are sent to the ISP2.
anyway, if you want to configure PBR to adjust the traffic, please refer to https://support.huawei.com/hedex/hdx.do?docid=EDOC1000163385&id=dc_cfg_pbr_0001_2&text=PBR%252520Configuration&lang=en
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.