Static Routing; Basic Principles Of Routing - D-Link NetDefend DFL-210 User Manual
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
4.2. Static Routing
4.2. Static Routing
The most basic form of routing is known as Static Routing. The term static refers to the fact that
entries in the routing table are manually added and are therefore permanent (or static) by nature.
Due to this manual approach, static routing is most appropriate to use in smaller network
deployments where addresses are fairly fixed and where the amount of connected networks are
limited to a few. For larger networks however (or whenever the network topology is complex), the
work of manually maintaining static routing tables will be time-consuming and problematic. As a
consequence, dynamic routing should be used in those cases.
For more information about the dynamic routing capabilities of NetDefendOS, please see
Section 4.4, "Dynamic Routing". Note however, that even if you choose to implement dynamic
routing for your network, you will still need to understand the principles of static routing and how it
is implemented in NetDefendOS.
4.2.1. Basic Principles of Routing
IP routing is the mechanism used in TCP/IP based networks for delivering IP packets from their
source to their ultimate destination through a number of intermediary nodes, most often referred to
as routers or firewalls. In each router, a routing table is consulted to find out where to send the
packet next. A routing table usually consists of several routes, where each route in principle
contains a destination network, an interface to forward the packet on and optionally the IP address
of the next gateway in the path to the destination.
The images below illustrates a typical D-Link Firewall deployment and how the associated routing
table would look like.
Route #
1
2
3
4
The above routing table provides the following information:
•
Route #1: All packets going to hosts on the 192.168.0.0/24 network should be sent out on the lan
interface. As no gateway is specified for the route entry, the host is assumed to be located on the
network segment directly reachable from the lan interface.
•
Route #2: All packets going to hosts on the 10.4.0.0/16 network are to be sent out on the dmz
interface. Also for this route, no gateway is specified.
•
Route #3: All packets going to hosts on the 195.66.77.0/24 network will be sent out on the wan
interface. No gateway is required to reach the hosts.
•
Route #4: All packets going to any host (the all-nets network will match all hosts) will be sent
out on the wan interface and to the gateway with IP address 195.66.77.4. That gateway will then
consult its routing table to find out where to send the packets next. A route with destination
all-nets is often referred to as the Default Route as it will match all packets for which no specific
route has been configured.
When a routing table is evaluated, the ordering of the routes is important. In general, a routing table
is evaluated with the most specific routes first. In other words, if two routes have destination
networks that overlap, the more narrow network will be evaluated prior to the wider one. In the
above example, a packet with a destination IP address of 192.168.0.4 will theoretically match both
the first route and the last one. However, the first route entry is a more specific match, so the
evaluation will end there and the packet will be routed according to that entry.
Interface
Destination
lan
192.168.0.0/24
dmz
10.4.0.0/16
wan
195.66.77.0/24
wan
90
Chapter 4. Routing
Gateway
all-nets
195.66.77.4
Advertisement
Table of Contents
