config link-load-balance : config link-load-balance flow-policy
config link-load-balance flow-policy
Use this command to configure link load balancing policy rules.
A link load balancing policy matches traffic to rules that select a link group or virtual tunnel.
The policy uses a matching tuple: source, destination, service, and schedule. All must match for the rule to be applied.
The policy table is consulted from top to bottom. The first rule to match is applied.
The FortiADC system evaluates traffic to determine the routing rules to apply. With regard to link load balancing, the system evaluates rules in the following order and applies the first match:
1. LLB link policy
2. Policy route
3. Static/Dynamic route
4. LLB default link group
Before you begin:
You must have configured any address, service, and schedule objects that you want to use as match criteria for your policy.
You must have configured a link group or virtual tunnel group.
You must have read-write permission for link load balancing settings.
config link-load-balance flow-policy
set default-link-group <datasource>
config rule
edit <name>
set group-type {link-group | virtual-tunnel}
set link-group <datasource>
set virtual-tunnel <datasource>
set destination-address <datasource>
set in-interface <datasource>
set schedule <datasource>
set service <datasource>
set source-address <datasource>
Specify a link group configuration object that is used as the default when traffic does not match policy rules.
config rule
link-group: Policy uses a link group.
virtual-tunnel: Policy uses a virtual tunnel.
If you specify the link group type, specify a link group configuration object.
If you specify the virtual tunnel group type, specify a virtual tunnel configuration object.
Specify an address object to match destination addresses. If you do not specify a destination address, the rule matches any destination.
Network interface to which the policy applies.
Specify the schedule object that determines the times the system uses the logic of this configuration. The link policy is active when the current time falls in a time period specified by one or more schedules in the schedule group. If you do not specify a schedule, the rule applies at all times.
Specify a service object to match destination services. If you do not specify a service, the rule matches any service.
Specify an address object to match source addresses. If you do not specify a source address, the rule matches any source address.
FortiADC-VM # config link-load-balance flow-policy
FortiADC-VM (flow-policy) # set default-link-group llb-lg1
FortiADC-VM (flow-policy) # config rule
FortiADC-VM (rule) # edit 1
Add new entry '1' for node 634
FortiADC-VM (1) # get
in-interface :
source-address :
destination-address :
service :
schedule :
group-type : link-group
link-group :
FortiADC-VM (1) # set in-interface port4
FortiADC-VM (1) # set source-address llb-source-addr1
FortiADC-VM (1) # set destination-address llb-dest-addr1
FortiADC-VM (1) # set service llb-http
FortiADC-VM (1) # set link-group llb-lg2
FortiADC-VM (1) # end
FortiADC-VM (flow-policy) # get
default-link-group : llb-lg1
== [ 1 ]
FortiADC-VM (flow-policy) # show
config link-load-balance flow-policy
set default-link-group llb-lg1
config rule
edit "1"
set in-interface port4
set source-address llb-source-addr1
set destination-address llb-dest-addr1
set service llb-http
set link-group llb-lg2