Policy-Based Routing Configuration - D-Link DFL-260E User Manual
Network security firewall netdefendos version 2.27.03
Hide thumbs
Also See for DFL-260E:
- Reference manual (948 pages) ,
- Log reference manual (652 pages) ,
- User manual (589 pages)
Table of Contents
Advertisement
4.3.5. The Ordering parameter
Example 4.5. Policy-based Routing Configuration
This example illustrates a multiple ISP scenario which is a common use of Policy-based Routing. The following is
assumed:
•
Each ISP will provide an IP network from its network range. A 2 ISP scenario is assumed in this case, with the
network 10.10.10.0/24 belonging to ISP A and 20.20.20.0/24 belonging to ISP B. The ISP provided gateways
are 10.10.10.1 and 20.20.20.1 respectively.
•
All addresses in this scenario are public addresses for the sake of simplicity.
•
This is a "drop-in" design, where there are no explicit routing subnets between the ISP gateways and the
NetDefend Firewall.
In a provider-independent network, clients will likely have a single IP address, belonging to one of the ISPs. In a
single-organization scenario, publicly accessible servers will be configured with two separate IP addresses: one
from each ISP. However, this difference does not matter for the policy routing setup itself.
Note that, for a single organization, Internet connectivity through multiple ISPs is normally best done with the BGP
protocol, which means not worrying about different IP spans or about policy routing. Unfortunately, this is not
always possible, and this is where Policy Based Routing becomes a necessity.
We will set up the main routing table to use ISP A and add a named routing table called r2 that uses the default
gateway of ISP B.
Interface
lan1
lan1
wan1
wan2
wan1
Contents of the named Policy-based Routing table r2:
Interface
The table r2 has its Ordering parameter set to Default, which means that it will only be consulted if the main
routing table lookup matches the default route (all-nets).
Contents of the Policy-based Routing Policy:
Source
Interface
lan1
wan2
To configure this example scenario:
Web Interface
1.
Add the routes found in the list of routes in the main routing table, as shown earlier.
2.
Create a routing table called "r2" and make sure the ordering is set to "Default".
3.
Add the route found in the list of routes in the routing table "r2", as shown earlier.
4.
Add two VR policies according to the list of policies shown earlier.
•
Go to Routing > Routing Rules > Add > Routing Rule
•
Enter the information found in the list of policies displayed earlier
•
Repeat the above to add the second rule
Network
10.10.10.0/24
20.20.20.0/24
10.10.10.1/32
20.20.20.1/32
all-nets
wan2
Source
Destination
Range
Interface
10.10.10.0/24
wan2
all-nets
lan1
Gateway
10.10.10.1
Network
all-nets
Destination
Selected/
Range
Service
all-nets
ALL
20.20.20.0/24
ALL
168
Chapter 4. Routing
ProxyARP
wan1
wan2
lan1
lan1
Gateway
20.20.20.1
Forward
Return
VR table
VR table
r2
r2
r2
r2
- Quick Links:
- The Web Interface
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
