D-Link DFL-1600 User Manual page 112

92
This is a "drop-in" design, where there are no explicit routing subnets
between the ISP gateways and the firewall.
In a provider-independent metropolitan area network, clients will likely
have a single IP address, belonging to either one or the other ISP. In a
single-organization scenario, publicly accessible servers will be configured
with two separate IP addresses: one from each ISP. However, this difference
does not matter for the policy routing setup itself.
Note that, for a single organization, Internet connectivity through multiple
ISPs is normally best done through BGP, where you do not need to worry
about different IP spans or policy routing. Unfortunately, this is not always
possible, and this is where policy based routing becomes a necessity.
We will set up the main routing table to use ISP A, and add a named
routing table, "r2" that uses the default gateway of ISP B.
Contents of the main routing table:
Interface Network Gateway ProxyARP
LAN1 1.2.3.0/24
LAN1 2.3.4.0/24
WAN1 1.2.3.1/32
WAN2 2.3.4.1/32
WAN1 0.0.0.0/0
Contents of the named policy routing table r2:
Interface Network Gateway
WAN2 0.0.0.0/0
The table r2 has its Ordering parameter set to Default, which means that it
will only be consulted if the main routing table lookup matches the default
route (0.0.0.0/0).
Contents of the Policy-based Routing Policy:
Source Source
Interface Range
LAN1 2.3.4.0/24
WAN2 0.0.0.0/0
WAN1
WAN1
LAN1
LAN1
1.2.3.1
2.3.4.1
Dest. Dest.
Interface Range
WAN2 0.0.0.0/0
LAN1 2.3.4.0/24
D-Link Firewalls User's Guide
Chapter 10. Routing
Service Forward
PBR
ALL r2
ALL main
Return
PBR
main
r2