Static Routing - D-Link NetDefend DFL-210 User Manual

Network security firewall ver. 1.05
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

4.2. Static Routing

4.2. Static Routing
The most basic form of routing is known as Static Routing. The term static refers to the fact that
entries in the routing table are manually added and are therefore permanent (or static) by nature.
Due to this manual approach, static routing is most appropriate to use in smaller network deploy-
ments where addresses are fairly fixed and where the amount of connected networks are limited to a
few. For larger networks however (or whenever the network topology is complex), the work of
manually maintaining static routing tables will be time-consuming and problematic. As a con-
sequence, dynamic routing should be used in those cases.
For more information about the dynamic routing capabilities of NetDefendOS, please see Sec-
tion 4.4, "Dynamic Routing". Note however, that even if you choose to implement dynamic routing
for your network, you will still need to understand the principles of static routing and how it is im-
plemented in NetDefendOS.
The Principles of Routing
IP routing is essentially the mechanism in TCP/IP networks used for delivering IP packets from
their source to their ultimate destination through a number of intermediary nodes, most often re-
ferred to as routers or firewalls. In each router, a routing table is consulted to find out where to send
the packet next. A routing table usually consists of several routes, where each route in principle con-
tains a destination network, an interface to forward the packet on and optionally the IP address of
the next gateway in the path to the destination.
The images below illustrates a typical D-Link Firewall deployment and how the associated routing
table would look like.
Route #
1
2
3
4
Basically, this routing table provides the following information:
Route #1: All packets going to hosts on the 192.168.0.0/24 network should be sent out on the lan
interface. As no gateway is specified for the route entry, the host is assumed to be located on the
network segment directly reachable from the lan interface.
Route #2: All packets going to hosts on the 10.4.0.0/16 network are to be sent out on the dmz in-
terface. Also for this route, no gateway is specified.
Route #3: All packets going to hosts on the 195.66.77.0/24 network will be sent out on the wan
interface. No gateway is required to reach the hosts.
Route #4: All packets going to any host (the 0.0.0.0/0 network will match all hosts) will be sent
out on the wan interface and to the gateway with IP address 195.66.77.4. That gateway will then
consult its routing table to find out where to send the packets next. A route with destination
0.0.0.0/0 is often referred to as the Default Route as it will match all packets for which no specif-
ic route has been configured.
When a routing table is evaluated, the ordering of the routes is important. In general, a routing table
is evaluated with the most specific routes first. In other words, if two routes have destination net-
works that overlap, the more narrow network will be evaluated prior to the wider one. In the above
example, a packet with a destination IP address of 192.168.0.4 will theoretically match both the first
route and the last one. However, the first route entry is a more specific match, so the evaluation will
end there and the packet will be routed according to that entry.
Interface
Destination
lan
192.168.0.0/24
dmz
10.4.0.0/16
wan
195.66.77.0/24
wan
67
Chapter 4. Routing
0.0.0.0/0
195.66.77.4
Gateway

Advertisement

Table of Contents
loading

Table of Contents