Amer Networks E5Web GUI User Manual

2.

A search is now made for a routing rule that matches the packet's source/destination
interface/network as well as service. If a matching rule is found then this determines the
routing table to use.

3.

If no matching routing rule is found, a check is made to see if the source interface has an
alternate routing table explicitly associated with it through its Group property. In other
words, to see if the interface has Routing Table Membership of a particular routing table. If
there is no membership then the main table will be used.

4.

Once the correct routing table has been located, a check is made to make sure that the
source IP address in fact belongs on the receiving interface. The Access Rules are firstly
examined to see if they can provide this check (see Section 6.1, “Access Rules” for more details
of this feature). If there are no Access Rules or a match with the rules cannot be found, a
reverse lookup in the previously selected routing table is done using the source IP address. If
the check fails then a Default access rule log error message is generated.

5.

At this point, using the routing table selected, the actual route lookup is done to find the
packet's destination interface. At this point the ordering parameter is used to determine how
the actual lookup is done and the options for this are described in the next section. To
implement virtual systems, the Only ordering option should be used.

6.

The connection is then subject to the normal IP rule set. If a SAT rule is encountered, address
translation will be performed. The decision of which routing table to use is made before
carrying out address translation but the actual route lookup is performed on the altered
address. Note that the original route lookup to find the destination interface used for all rule
look-ups was done with the original, untranslated address.

7.

If allowed by the IP rule set, the new connection is opened in the cOS Core state table and
the packet forwarded through this connection.

The Ordering parameter

Once the routing table for a new connection is chosen and that table is an alternate routing
table, the Ordering parameter associated with the table is used to decide how the alternate table
is combined with the main table to lookup the appropriate route. The three available options
are:

1.

Default

The default behavior is to first look up the route in the main table. If no matching route is
found, or the default route is found (the route with the destination all-nets), a lookup for a
matching route in the alternate table is done. If no match is found in the alternate table then
the default route in the main table will be used.

2.

First

This behavior is to first look up the connection's route in the alternate table. If no matching
route is found there then the main table is used for the lookup. The default all-nets route
will be counted as a match in the alternate table if it exists there.

3.

Only

This option ignores the existence of any other table except the alternate table so that is the
only one used for the lookup.

One application of this option is to give the administrator a way to dedicate a single routing
table to one set of interfaces. The Only option should be used when creating virtual systems
since it can dedicate a routing table to a set of interfaces.

Chapter 4: Routing

277