1

2
3
• A VSwitch interface is a Layer 3 interface. It represents the collection of all
interfaces on the VSwitch. The VSwtich interface is equivalent to the
upstream interface of the actual switch, which can realize the forwarding
of data packets between Layer 2 and Layer 3.
• VLAN interface: A logical interface with Layer 3 features. By configuring a
VLAN interface, mutual access between VLANs can be realized.
• Sub-interface: It can be an Ethernet sub-interface, or a redundant or
aggregated sub-interface.
• The tunnel interface acts as the entry point for the VPN tunnel. Traffic
flows in and out of the VPN tunnel through the tunnel interface. A tunnel
interface can only be a Layer 3 interface.
• Redundant interfaces enable the backup of two physical interfaces. A
physical interface handles traffic to the redundant interface as the primary
interface. The other interface acts as a backup interface and continues to
handle traffic if the primary interface fails.
• An aggregate interface is a collection of physical interfaces. An aggregate
can contain 1 to 16 physical interfaces. These physical interfaces equally
share the traffic load flowing to the IP address of the aggregated
interface. Aggregated interfaces can therefore increase the available

4
 bandwidth of a single IP address. If one of the physical interfaces in the
aggregation interface fails and cannot work, the other interfaces can
continue to process traffic, but the available bandwidth is reduced.
• The PPPoE interface is a logical interface that uses the PPPoE protocol to
connect to the PPPoE server. It is created based on the Ethernet port.
• PPPoE sub-interface: The Hillstone device supports multiple PPPoE
interface functions. The function of multiple PPPoE interfaces means that
after creating multiple PPPoE sub-interfaces based on an Ethernet port,
one physical Ethernet port can connect to multiple ISPs through multiple
PPPoE sub-interfaces.
• Virtual Forward interface. In the HA environment, the Virtual Forward
interface is the interface of the HA group and is used to transmit traffic.

4
5
6
The upper-layer device needs to be configured with the dhcp server function.

7
The account password is provided by the operator. It is recommended to fill in a
value other than 0 for the replay interval, which can be 1 or 3.

8
9
Routing is the process of forwarding packets from one network to a destination
address in another network.
Hillstone devices are designed with Layer 3 routing. This function allows you to
configure routing options and forward various packets via VRouter.
The routings supported by the Hillstone devices include Destination
Routing, Source-Based Routing (SBR), Source-Interface-Based Routing
(SIBR), Dynamic Routing (including RIP, OSPF and BGP), and Policy-
Based Routing (PBR)
In a multi-link environment, PBR could be used to lead traffic of different
protocols to different paths
We support LLB by using destination route or PBR

If there are several types of routes at a device, the device selects a route in
the following sequence: PBR > SIBR > SBR > Destination Routing
To configure the L3 interface, you should bind the interface to L3 zone. Under
same VR, interface IP addresses must within different subnet. You can choose the
IP type to be Static IP, DHCP Auto-obtain, or PPPoE. If the IP type is selected as
DHCP or PPPoE, the device will automatically create a default route. When you
enable the management function for L3 interface, this interface can be used to
manage your device, such as configuring DNS-proxy, configuring the DHCP-
pool ect.

Note: If the egress and ingress interface of the reverse route are not in
the same zone, packets will be discarded.
12
13
14
16
17
18
19
20
21
Let’s take this picture as an example for distance value:
Ø Hillstone device is placed between LAN and WAN as egress gateway. There
are 2 ISP links, GW 122.1.1.1 and GW 133.1.1.2. Internet sever with IP address
100.1.1.1 is our destination.
Ø Normally, we can create 2 default routes for these 2 GWs with default distance
value 1. For such case, all these 2 routes are active and able to forward
packets in load balance.
Ø But if we manually configure the distance vale for these 2 routes, one is 10 and
another is 1. Based on what we have learnt from previous slide, the smaller the
distance value is, the higher the priority is. We can find that the route for
Egress interface E0/3 is valid because the distance value is 1 which is smaller
than 10. Therefore, only the second route is activated.

Distance value is valid for equivalent multipath routes, if you only have 1 route
available, the value is invalid for comparison.
In CLI, You can add a destination routing entry to VRouter. However, before adding
the routing entry, you need to enter the VRouter configuration mode. In the global
configuration mode, use the following command: ip vrouter trust-vr. To add a
destination route, in the VRouter configuration mode, use the command: ip route.
There are 2 parameters need to be understood - Distance and Weight:
• distance-value - Specifies the administration distance of the route. This parameter
is used to determine the precedence of the route. The smaller the value is, the
higher the precedence is. The value range is 1 to 255. The default value is 1.
• weight-value - Specifies the weight of traffic forwarding in load balance. The value
range is 1 to 255. The default value is 1.
24
25