beautypg.com

Routing table/interface association, The routing table selection process – Amer Networks E5Web GUI User Manual

Page 276

background image

The Forward and Return Routing Table can be Different

In most cases, the routing table for forward and return traffic will be the same. In some cases it
can be advantageous to have different values.

Take the example of a security gateway with two hypothetical interfaces wan1 and wan2
connected to two ISPs plus a protected network If1_net on the If1 interface. There are two
routing tables, the main routing table and an isp2 routing table which look like the following:

The main routing table

Index #

Interface

Network

Gateway

1

If1

If1_net

2

wan1

all-nets

isp1_ip

The isp2 routing table

Index #

Interface

Destination

Gateway

1

wan2

all-nets

isp2_ip

If traffic coming through wan2 is to have access to If1_net then a routing rule needs to
constructed as follows:

Source
Interface

Source
Network

Destination
Interface

Destination
Network

Forward
Routing Table

Return
Routing Table

wan2

all-nets

any

If1_net

main

isp2

This rule allows the forward traffic through the wan2 table to find the route for If1_net in the
main routing table. The return traffic will use the isp2 table so it can reach the initiator of the
connection.

This example should also have some address translation rules since If1_net will probably be a
private IP network. For simplicity, that has been omitted.

Routing Table/Interface Association

If a particular routing table is to be always used for traffic from a given source interface,
regardless of the service, it is possible to associate the source interface explicitly with a particular
table using the Group membership property of the interface. This is sometimes referred to as
Routing Table Membership.

The difference with this method of explicit association is that the administrator cannot specify
the service, such as HTTP, for which the lookup will apply. Routing rules allow a more
fine-grained approach to routing table selection by being able to also select a specific service
and interface/network filter.

The Routing Table Selection Process

When a packet corresponding to a new connection first arrives, the processing steps are as
follows to determine which routing table is chosen:

1.

The routing rules are first looked up but to do this the packet's destination interface must be
determined and this is always done by a lookup in the main routing table. It is therefore
important that a match for the destination network is found or at least a default all-nets
route exists which can catch anything not explicitly matched.

Chapter 4: Routing

276

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: