Load-Balance/Route Policy Advanced Routing. Outline How does it Work – When matching criteria, send via the route What does it Do – 2 real usage examples.

Load-Balance/Route Policy

Advanced Routing

Outline

• How does it Work– When matching criteria, send via the route

• What does it Do– 2 real usage examples

• Trouble Shooting– Ping / Trace Route

• Application Note

How does it Work (1/3)

• Set criteria– Protocol– Source IP– Destination IP– Destination Port

• Set the route – Interface– Gateway– NAT or Routing

How does it Work (2/3)

• Protocol– TCP– UDP– ICMP

• Source IP• Destination IP• Destination Port

• Interface– WAN/Virtual WAN– LAN– VPN

• Gateway– Default– Specified

• Do NAT or Routing– NAT is not applicable for LAN and VPN

How does it Work (3/3)

What does it Do

• Choose VPN tunnel for certain destinations(Jump)– Surf facebook– Watch Netflix

• Choose WAN interface for certain destinations– WAN1 for Public VoIP and data, NAT– WAN5 for Private VoIP, Routing

VPN to Remote Server

• Scenario• Find the Destination IP Range• Configuration• Confirm the Routing

Scenario

• Go via VPN tunnel for Netflix and facebook

Find the Destination IP Range

• ping / nslookup

• whois

Configuration

• Dest IP• Interface

Confirm the Routing

• Use tracert / traceroute to confirm routing

– First hop: LAN gateway– Second hop: VPN gateway

WAN5 for Private VoIP

• Scenario• Rules Overview• Configuration

– Public server via WAN1– DNS via WAN1– Private server via WAN5

• Confirm the Routing

Scenario

• LAN1 for PC• LAN2 for IP Phones• Data via WAN1• VoIP to public server

via WAN1– DNS lookup may be

required

• VoIP to private server via WAN5

Rules Overview

• VoIP to public server via WAN1, NAT• DNS lookup via WAN1• VoIP to private server via WAN5, routing• Unspecified traffics go via WAN1 (data)

External Server via WAN1

• Source IP– IP phones

• Dest IP– Iptel.org

• Interface– WAN1

• Force NAT

DNS via WAN1

• DNS – UDP 53

• Interface– WAN1

• Force NAT

Private Server via WAN5

• Source IP– IP phones

• Dest IP– Any except

iptel

• Interface– WAN5

• Routing

Confirm the Routing

• LAN1 PC tracert / traceroute to 8.8.8.8

• LAN2 IP phone tracert / traceroute to 8.8.8.8

• LAN2 IP phone traceroute to another IP phone

Trouble Shooting

• Use ping / tracert to confirm the routing• Respect the first matched rule

Ignore the rests• Firewall > Inter-LAN routing >

Load-Balance/Route Policy > Static Route

Application Note

• How to use Load-Balance/Route Policy?– http://www.draytek.com.tw/index.php?option=com_k2&view=item&id=5181&Itemid=293&lang=en