Table of Contents
Advertisement
This example illustrates a multiple ISP scenario which is a common use of policy-based routing.
The following is assumed:
•
Each ISP will provide an IPv4 network from its network range. A 2 ISP scenario is assumed in
this case, with the network 10.10.10.0/24 belonging to ISP A and 20.20.20.0/24 belonging to
ISP B. The ISP provided gateways are 10.10.10.1 and 20.20.20.1 respectively.
•
All addresses in this scenario are public addresses for the sake of simplicity.
•
This is a "drop-in" design, where there are no explicit routing subnets between the ISP
gateways and the NetDefend Firewall.
In a provider-independent network, clients will likely have a single IP address, belonging to one
of the ISPs. In a single-organization scenario, publicly accessible servers will be configured with
two separate IP addresses: one from each ISP. However, this difference does not matter for the
policy routing setup itself.
Note that, for a single organization, Internet connectivity through multiple ISPs is normally best
done with the BGP protocol, which means not worrying about different IP spans or about policy
routing. Unfortunately, this is not always possible, and this is where Policy Based Routing
becomes a necessity.
We will set up the main routing table to use ISP A and add a named routing table called r2 that
uses the default gateway of ISP B.
Interface
lan1
lan1
wan1
wan2
wan1
Contents of the named Policy-based Routing table r2:
Interface
wan2
The table r2 has its Ordering parameter set to Default, which means that it will only be consulted
if the main routing table lookup matches the default route (all-nets).
Contents of the Policy-based Routing Policy:
Source
Source
Interface
Range
lan1
10.10.10.0/24
wan2
all-nets
To configure this example scenario:
Web Interface
1.
Add the routes in the list to the main routing table, as shown above.
2.
Create a routing table called r2 and make sure the ordering is set to Default.
3.
Add the routes found in the list above for the routing table r2.
Network
10.10.10.0/24
20.20.20.0/24
10.10.10.1/32
20.20.20.1/32
all-nets
Network
all-nets
Destination
Destination
Interface
Range
wan1
all-nets
lan1
20.20.20.0/24
314
Gateway
10.10.10.1
Gateway
20.20.20.1
Selected/
Forward
Service
VR table
all_services
r2
all_services
r2
Chapter 4: Routing
ProxyARP
wan1
wan2
lan1
lan1
Return
VR table
r2
r2
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the NetDefendOS and is the answer not in the manual?