Policy-based routing with multiple isps – Amer Networks E5Web GUI User Manual

The first two options can be regarded as combining the alternate table with the main table and
assigning one route if there is a match in both tables.

Important: Ensure all-nets appears in the main table

A common mistake when setting up policy-based routing is the absence of a default
route with a destination interface of all-nets in the default main routing table.

If there is no route that is an exact match then the absence of a default all-nets route
will mean that the connection will be dropped. The alternative of having interfaces
associated explicitly with alternate routing tables through the Group option will also
not function if the default all-nets route is missing.

Example 4.7. Policy-based Routing with Multiple ISPs

This example illustrates a multiple ISP scenario which is a common use of policy-based routing.
The following is assumed:

•

Each ISP will provide an IPv4 network from its network range. A 2 ISP scenario is assumed in
this case, with the network 10.10.10.0/24 belonging to ISP A and 20.20.20.0/24 belonging to
ISP B. The ISP provided gateways are 10.10.10.1 and 20.20.20.1 respectively.

•

All addresses in this scenario are public addresses for the sake of simplicity.

•

This is a "drop-in" design, where there are no explicit routing subnets between the ISP
gateways and the Clavister Security Gateway.

In a provider-independent network, clients will likely have a single IP address, belonging to one
of the ISPs. In a single-organization scenario, publicly accessible servers will be configured with
two separate IP addresses: one from each ISP. However, this difference does not matter for the
policy routing setup itself.

Note that, for a single organization, Internet connectivity through multiple ISPs is normally best
done with the BGP protocol, which means not worrying about different IP spans or about policy
routing. Unfortunately, this is not always possible, and this is where Policy Based Routing
becomes a necessity.

We will set up the main routing table to use ISP A and add a named routing table called r2 that
uses the default gateway of ISP B.

Interface

Network

Gateway

ProxyARP

lan1

10.10.10.0/24

wan1

lan1

20.20.20.0/24

wan2

wan1

10.10.10.1/32

lan1

wan2

20.20.20.1/32

lan1

wan1

all-nets

10.10.10.1

Contents of the named Policy-based Routing table r2:

Interface

Network

Gateway

wan2

all-nets

20.20.20.1

The table r2 has its Ordering parameter set to Default, which means that it will only be consulted
if the main routing table lookup matches the default route (all-nets).

Chapter 4: Routing

278