D-Link DFL-800-AV-12 User Manual - Page 90
Static Routing, 4.2.1. Basic Principles of Routing
View all D-Link DFL-800-AV-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 90 highlights
4.2. Static Routing Chapter 4. Routing 4.2. Static Routing The most basic form of routing is known as Static Routing. The term static refers to the fact that entries in the routing table are manually added and are therefore permanent (or static) by nature. Due to this manual approach, static routing is most appropriate to use in smaller network deployments where addresses are fairly fixed and where the amount of connected networks are limited to a few. For larger networks however (or whenever the network topology is complex), the work of manually maintaining static routing tables will be time-consuming and problematic. As a consequence, dynamic routing should be used in those cases. For more information about the dynamic routing capabilities of NetDefendOS, please see Section 4.4, "Dynamic Routing". Note however, that even if you choose to implement dynamic routing for your network, you will still need to understand the principles of static routing and how it is implemented in NetDefendOS. 4.2.1. Basic Principles of Routing IP routing is the mechanism used in TCP/IP based networks for delivering IP packets from their source to their ultimate destination through a number of intermediary nodes, most often referred to as routers or firewalls. In each router, a routing table is consulted to find out where to send the packet next. A routing table usually consists of several routes, where each route in principle contains a destination network, an interface to forward the packet on and optionally the IP address of the next gateway in the path to the destination. The images below illustrates a typical D-Link Firewall deployment and how the associated routing table would look like. Route # 1 2 3 4 Interface lan dmz wan wan Destination 192.168.0.0/24 10.4.0.0/16 195.66.77.0/24 all-nets Gateway 195.66.77.4 The above routing table provides the following information: • Route #1: All packets going to hosts on the 192.168.0.0/24 network should be sent out on the lan interface. As no gateway is specified for the route entry, the host is assumed to be located on the network segment directly reachable from the lan interface. • Route #2: All packets going to hosts on the 10.4.0.0/16 network are to be sent out on the dmz interface. Also for this route, no gateway is specified. • Route #3: All packets going to hosts on the 195.66.77.0/24 network will be sent out on the wan interface. No gateway is required to reach the hosts. • Route #4: All packets going to any host (the all-nets network will match all hosts) will be sent out on the wan interface and to the gateway with IP address 195.66.77.4. That gateway will then consult its routing table to find out where to send the packets next. A route with destination all-nets is often referred to as the Default Route as it will match all packets for which no specific route has been configured. When a routing table is evaluated, the ordering of the routes is important. In general, a routing table is evaluated with the most specific routes first. In other words, if two routes have destination networks that overlap, the more narrow network will be evaluated prior to the wider one. In the above example, a packet with a destination IP address of 192.168.0.4 will theoretically match both the first route and the last one. However, the first route entry is a more specific match, so the evaluation will end there and the packet will be routed according to that entry. 90