Command used on the USG6000 to detect the accessibility of the next hop


The commands used on the USG6000 to detect the accessibility of the next hop are as follows:
1. IP-Link definition
IP-Link indicates the link accessibility check. The NGFW periodically sends ICMP echo requests or ARP requests to the specified destination IP address and waits for responses. If no response is received with the specified period of time (3s by default), the firewall considers that the current link is faulty and performs subsequent link-related operations. If the firewall receives three consecutive responses over the original link within the subsequently-specified period of time, the firewall considers that the link fault is eliminated and performs subsequent link recovery-related operations.
a. Purposes
IP-Link is mainly used to automatically detect whether a service link is normal. It can be used to detect the status of a link that is not directly connected to the NGFW to ensure service continuity.

b. Command format
[NGFW] ip-link check enable
[NGFW] ip-link 1 destination mode icmp
[NGFW] ip-link 2 destination mode icmp
[NGFW] ip route-static track ip-link 1
[NGFW] ip route-static preference 70 track ip-link 2

For details about IP-Link, click link url="">USG6000 Series Cases for Interworking Between IP-Link and the Hot Standby Devices.

2. Bidirectional forwarding detection (BFD) definition
The BFD is used to fast detect communication faults between systems and report the faults to the upper layer protocol in a timely manner.
a. Purposes
To minimize impacts caused by device faults on services and improve network availability, network devices need to detect faults in communication with adjacent devices in a timely manner to avoid service interruption.
The BFD has the following functions:
(1) Provide a light-load and fast fault detection mechanism for links between adjacent forwarding engines. The faults include interface faults, data link faults, or even forwarding engine faults.
(2) Provide a single mechanism used to detect any media or protocol layer in real time, with wide detection time and overhead ranges.
b. Command format
(1) The commands used to configure the BFD session are as follows:
[NGFW_A] bfd
[NGFW_A-bfd] quit
[NGFW_A] bfd ab bind peer-ip
[NGFW_A-bfd-session-ab] discriminator local 10
[NGFW_A-bfd-session-ab] discriminator remote 20
[NGFW_A-bfd-session-ab] commit
(2) The command used to configure the interworking between the static route and BFD session is as follows:
[NGFW_A] ip route-static track bfd-session ab

Other related questions:
Does an AR router support redirection to a next hop
The ARs support redirection to a next hop.

Configure next-hop backup through policy-based routing on an AR router
If multiple carriers are available on a network, configure next-hop backup to keep network connectivity for intranet users and improve network robustness. Run the redirect backup-nexthop ip-address command in the traffic behavior. For details about the configuration of specific policy-based routing, see the URL: Example for Configuring Interface PBR. Configuring Interface PBR.

Intranet access fails after redirection to a next hop is configured on an AR router
Intranet access does not need redirection. Supposed that the intranet is composed of two network segments 1.0 and 2.0, and traffic transmitted over 1.0 is redirected to A Telecom Carrier and traffic transmitted over 2.0 is redirected to B Telecom Carrier, mutual access between 1.0 and 2.0 fails. How to solve this problem? # acl number 3000 rule 5 permit ip source destination acl number 3001 rule 5 permit ip source acl number 3002 rule 5 permit ip source # traffic classifier no-redircet operator or if-match acl 3000 traffic classifier redirect-dx operator or if-match acl 3001 traffic classifier redirect-lt operator or if-match acl 3002 # traffic behavior no-redirect traffic behavior redirect-dx redirect ip-nexthop traffic behavior redirect-lt redirect ip-nexthop # traffic policy celvluyou classifier no-redircet behavior no-redirect classifier redirect-dx behavior redirect-dx classifier redirect-lt behavior redirect-lt # interface GigabitEthernet0/0/1 traffic-policy celvluyou inbound #

Can the next hop address be not specified in a static route
You must specify the next hop address in a static route, but you can choose not to specify the outbound interface. The ip route-static ip-address mask Vlanif vlan-id command specifies the VLANIF interface as the outbound interface in a static route and does not specify the next hop address. This command is not recommended because it does not take effect and lowers device performance.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top