Static Routing - D-Link NetDefend DFL-210 User Manual

4.2.2. Static Routing

4.2.2. Static Routing
This section describes how routing is implemented in NetDefendOS, and how to configure static
routing.
NetDefendOS supports multiple routing tables. A default table called main is pre-defined and is
always present in NetDefendOS. However, additional and completely separate routing tables can be
defined by the administrator to provide alternate routing.
These user-defined extra routing toubles can be used to implement Policy Based Routing which
means the administrator can set up rules in the IP rule set which decide which of the routing tables
will handle certain types of traffic. (see Section 4.3, "Policy-based Routing").
The Route Lookup Mechanism
The NetDefendOS route lookup mechanism has some slight differences to how some other router
products work. In many routers, where the IP packets are forwarded without context (in other words,
the forwarding is stateless), the routing table is scanned for each and every IP packet received by the
router. In NetDefendOS, packets are forwarded with state-awareness, so the route lookup process is
tightly integrated into NetDefendOS's stateful inspection mechanism.
When an IP packet is received on any of the interfaces, the connection table is consulted to see if
there is an already open connection for which the received packet belongs. If an existing connection
is found, the connection table entry includes information on where to route the packet so there is no
need for lookups in the routing table. This is far more efficient than traditional routing table
lookups, and is one reason for the high forwarding performance of NetDefendOS.
If an established connection cannot be found, then the routing table is consulted. It is important to
understand that the route lookup is performed before the various rules sections get evaluated. As a
result, the destination interface is known at the time NetDefendOS decides if the connection should
be allowed or dropped. This design allows for a more fine-grained control in security policies.
NetDefendOS Route Notation
NetDefendOS uses a slightly different way of describing routes compared to most other systems but
this way is easier to understand, making errors less likely.
Many other products do not use the specific interface in the routing table, but specify the IP address
of the interface instead. The routing table below is from a Microsoft Windows XP workstation:
====================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 13 d4 51 8d dd ...... Intel(R) PRO/1000 CT Network
0x20004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
====================================================================
====================================================================
Active Routes:
Network Destination
10.4.2.143
10.255.255.255
85.11.194.33
127.0.0.0
192.168.0.0
192.168.0.10
192.168.0.255
224.0.0.0
224.0.0.0
255.255.255.255
255.255.255.255
Default Gateway:
====================================================================
0.0.0.0
10.0.0.0 255.0.0.0
255.255.255.255
255.255.255.255
255.255.255.255
255.0.0.0
255.255.255.0 192.168.0.10
255.255.255.255
255.255.255.255 192.168.0.10
240.0.0.0
240.0.0.0 192.168.0.10
255.255.255.255
255.255.255.255 192.168.0.10
192.168.0.1
Netmask Gateway
0.0.0.0 192.168.0.1
10.4.2.143
127.0.0.1
10.4.2.143
192.168.0.1
127.0.0.1
127.0.0.1
10.4.2.143
10.4.2.143
91
Chapter 4. Routing
Interface Metric
192.168.0.10
10.4.2.143
127.0.0.1
10.4.2.143
192.168.0.10
127.0.0.1
192.168.0.10
127.0.0.1
192.168.0.10
10.4.2.143
192.168.0.10
10.4.2.143
192.168.0.10
20
1
50
50
20
1
20
20
20
50
20
1
1