D-Link DFL-860E User Manual for DFL-260E - Page 188
Important: Ensure all-nets appears in the main table, will mean that the connection will be dropped.
View all D-Link DFL-860E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 188 highlights
4.3. Policy-based Routing Chapter 4. Routing Important: Ensure all-nets appears in the main table A common mistake when setting up policy-based routing is the absence of a default route with a destination interface of all-nets in the default main routing table. If there is no route that is an exact match then the absence of a default all-nets route will mean that the connection will be dropped. Example 4.7. Policy-based Routing with Multiple ISPs This example illustrates a multiple ISP scenario which is a common use of policy-based routing. The following is assumed: • Each ISP will provide an IPv4 network from its network range. A 2 ISP scenario is assumed in this case, with the network 10.10.10.0/24 belonging to ISP A and 20.20.20.0/24 belonging to ISP B. The ISP provided gateways are 10.10.10.1 and 20.20.20.1 respectively. • All addresses in this scenario are public addresses for the sake of simplicity. • This is a "drop-in" design, where there are no explicit routing subnets between the ISP gateways and the NetDefend Firewall. In a provider-independent network, clients will likely have a single IP address, belonging to one of the ISPs. In a single-organization scenario, publicly accessible servers will be configured with two separate IP addresses: one from each ISP. However, this difference does not matter for the policy routing setup itself. Note that, for a single organization, Internet connectivity through multiple ISPs is normally best done with the BGP protocol, which means not worrying about different IP spans or about policy routing. Unfortunately, this is not always possible, and this is where Policy Based Routing becomes a necessity. We will set up the main routing table to use ISP A and add a named routing table called r2 that uses the default gateway of ISP B. Interface lan1 lan1 wan1 wan2 wan1 Network 10.10.10.0/24 20.20.20.0/24 10.10.10.1/32 20.20.20.1/32 all-nets Gateway 10.10.10.1 ProxyARP wan1 wan2 lan1 lan1 Contents of the named Policy-based Routing table r2: Interface wan2 Network all-nets Gateway 20.20.20.1 The table r2 has its Ordering parameter set to Default, which means that it will only be consulted if the main routing table lookup matches the default route (all-nets). Contents of the Policy-based Routing Policy: Source Interface lan1 wan2 Source Range 10.10.10.0/24 all-nets Destination Interface wan2 lan1 Destination Range all-nets 20.20.20.0/24 Selected/ Service ALL ALL Forward VR table r2 r2 Return VR table r2 r2 To configure this example scenario: Web Interface 1. Add the routes found in the list of routes in the main routing table, as shown earlier. 188