Chapter 13: IP Policy-Based Forwarding Configuration Guide
196
DIGITAL GIGAswitch/Router User Reference Manual
The following is the IP policy configuration for the Policy Router in
Figure 21
:
Firewall Load Balancing
The next hop gateway can be selected by the following information in the IP packet:
source IP, destination IP, or both the source and destination IP.
Figure 22
illustrates this
configuration.
Figure 22. Selecting Next Hop Gateway from IP Packet Information
One session should always go to a particular firewall for persistence.
interface create ip mls0 address-netmask 10.50.1.1/16 port et.1.1
acl contractors permit ip 10.50.1.0/24 any any any 0
acl full-timers permit ip 10.50.2.0/24 any any any 0
ip-policy access permit acl contractors next-hop-list 11.1.1.1 action
policy-only
ip-policy access permit acl full-timers next-hop-list 12.1.1.1 action
policy-first
ip-policy access apply interface mls0
Intranet
Internet
Policy
Router 1
Policy
Router 2
Firewalls
1
2
3
4
1.1.1.5
2.2.2.5
1.1.1.1
2.2.2.1
1.1.1.2
2.2.2.2
1.1.1.3
2.2.2.3
1.1.1.4
2.2.2.4
mls1
mls2
et
.1
.1
et.1.
2
et.1.3
et.
1.4
et.1
.1
et.1.2
et.1.
3
et
.1.
4