Uplink and downlink definitions in traffic policies of the USG6000 series

2

Because traffic profiles are referenced by traffic policies, the uplink and downlink in traffic profiles are mapped to directions in traffic policies. It is determined as uplink in a traffic profile if traffic is in the same direction as the traffic policy, and determined as downlink if traffic is in the opposite direction. Before configuring a traffic profile, confirm the uplink and downlink directions based on the actual situation, for example, the traffic of an internal user accessing the external network is uplink traffic, and then map the traffic profile to a traffic policy (source address: user; destination address: external resource address).

For example, to restrict the traffic from the trust zone to the untrust zone, configure traffic control as follows:
�?In the traffic policy, if the source zone is the trust zone and the destination zone is the untrust zone, configure uplink traffic control in the traffic profile (same direction as the traffic policy).
�?In the traffic policy, if the source zone is the untrust zone and the destination zone is the trust zone, configure downlink traffic control in the traffic profile (opposite direction to the traffic policy).

Other related questions:
Downlink traffic fails to be forwarded after an active/standby switchover of the uplink devices of S series switches
For an S series switch (except the S1700 switch�?, when an active/standby switchover is performed on its uplink devices, the IP address of the uplink device does not change, but the MAC address of the uplink device changes. The switch cannot detect this change in traffic, and does not update the ARP entry. Therefore, the downlink traffic fails to be forwarded. On the switch, the default aging time of ARP entries is 20 minutes. After ARP entries age, the switch relearns the ARP entry of the uplink devices, and the traffic path is restored. You can set a shorter ARP aging time to shorten the traffic interruption time. In V100R006 or later versions, you can run the mac-address update arp command to rapidly associate MAC address entries with ARP entries. (This function is not supported by S1720, S2720, S275x, or S5700LI fixed switches.) After the configuration, APR entries are updated when MAC address entries change, shortening traffic interruption time within seconds.

How do CE series switches implement association between uplink and downlink interfaces
CE series switches can enable uplink and downlink interface association using the Monitor Link function. The configuration is as follows:
<HUAWEI> system-view
[~HUAWEI] monitor-link group 2
[*HUAWEI-mtlk-group2] port 10ge 1/0/1 uplink
[*HUAWEI-mtlk-group2] port 10ge 2/0/1 downlink 1
[*HUAWEI-mtlk-group2] commit

Whether traffic policy-based traffic reports on the USG6000 series rely on hard disks
Traffic policy-based traffic reports on the USG6000 series do not rely on hard disks.

Whether a parent policy and its sub-policy can reference the same traffic profile on the USG6000 series
A parent policy and its sub-policy cannot reference the same traffic profile.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top