Shulou(Shulou.com)06/01 Report--

Areas and interfaces

1. Interface

The physical interface corresponds to the interface on the panel one by one, and eth0 port is the management port. According to the different forwarding characteristics of the network port, it can be divided into four interface types: routing port, transparent interface, virtual network line and bypass mirror. the first three can set WAN attribute or non-WAN attribute.

Routing interface: IP address can be configured with routing forwarding function, and the routing port can be set to obtain addresses through static IP,DHCP,ADSL and other ways. (some functions require the output interface to be WAN attribute, such as traffic control, × ×, policy routing, etc.)

Transparent interface: transparent interface is equivalent to ordinary layer 2 interface. It does not need to be configured with IP address and does not support routing forwarding. It is forwarded according to MAC address table. (when configured with transparent WAN attribute, you need to pay attention to the direction of the wiring. The connection between internal and external networks will cause some functions to fail.)

1.3 Virtual network cable interface: that is, the concept of interface pair, which does not need to configure IP addresses and does not forward according to the MAC address table. For example, if eth2 and eth3 ports are set as virtual network cable interfaces, the data received from the eth2 port will be forwarded directly from the eth3 port. Layer 2 isolation from other interfaces can be achieved.

1.4 aggregation interface: aggregates multiple network ports into a single logical interface

Subinterfaces: subinterfaces are logical interfaces. You can only add subinterfaces to routed interfaces. Multiple subinterfaces can be configured under one interface as gateways for multiple VLAN.

1.6VLAN interface: configuring an IP address for VLAN produces the VLAN interface as the gateway for VLAN.

two。 Region

Used to define and classify interfaces for calling by modules such as firewall, content security, server protection, and so on. An area can have multiple interfaces, and an interface can only belong to one area.

3. Policy routing

Used for routing

3.1 static routes: you can add your own static route entries and the device will not automatically generate a default route.

Policy routing: when there are multiple egress lines, the interface or line is selected according to the source IP/ destination IP, source port / destination port, protocol and application, so as to realize the automatic routing function of different data taking different external network lines.

4. Considerations for static routing and Policy routin

4.1 routing priority: × × × route > static route > policy route > default route

4.2 each external network line must have a policy route corresponding to it

4.3 when a source address policy routes an interface, only the routing interface with the WAN attribute can be selected

4.4 Source address policy routing can forward data from the device's non-WAN attribute interface by filling in the startled IP address directly.

4.5 the multi-line load routing interface must be a routing interface with WAN attributes, and the link fault detection function must be turned on in order to realize automatic line fault switching.

More than 4.6 policy routes are matched in the order from top to bottom, and once a policy route is matched, it will not match downward.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.