The Static Routes feature allows for particular types of outbound sessions to be identified and directed out a specified WAN interface or multiple WAN interfaces. Traffic may be classified based on several criteria, including Destination IP address or (sub)network, Source IP address or (sub)network, and protocol information. This overrides the default behavior of the Ecessa, which applies its intelligent load-balancing algorithm to outbound sessions, selecting the best link for that session. There are two types of Static Route entries that may be used, depending on the desired effect: Static Routes and Static Policy Routes.
Static Routes: Advanced Static Routes identify traffic based on destination IP address/(sub)network and a source (LAN) IP address/(net)network on an Ecessa LAN interface.
Static Policy Routes: This type of Static Route identifies traffic based on the destination IP address/(sub)network, source (LAN) IP address/(sub)network, and protocol information.
Each static route requires three pieces of information:
- Classification Criteria: Defines what traffic should be affected by the static route.
- Source WAN IP or Hostname: Defines one or more WAN addresses that should be used by identified outbound sessions as they leave the Ecessa
- Failover Behavior: Defines how a static route behaves in the event of a line failure.
Classification Criteria
Outbound sessions are classified using the following criteria:
Destination Network: This field is the specific destination IP or network address of sessions that the static route should be applied to. If this field is left blank; this will result in 0.0.0.0/0 (default) as the destination subnet.
Source Network (LAN): This specifies the IP address or network address on the Ecessa LAN or Next Hop Route (NHR) interface to which the Static Route should be applied.
Protocol:Static Policy Routes are used to identify traffic based on specific protocol information which is selected from the drop down list.
- The options available for protocols are: IP, ICMP, TCP, UDP, GRE, ESP, AH, and ALL.
- For TCP and UDP protocols, you may further classify traffic based on a Source and/or Destination Port range. The port range fields are can be either a single port or a port range of the form 1:65535 (a full range) or 80:82 (classifies only ports 80, 81, and 82).
- For the IP protocol, the Source Port field is used for DSCP (0-63).
Source WAN IP or Hostname
This field is required for all Static Routes and specifies the IP address(es) that should be used by all outbound sessions that match the specified classification parameters. Valid input for this field is either an IP address on a configured WAN interface or a load-balanced host record configured in the Authoritative DNS of the Ecessa.
WAN Priority (Version 9.2 and above)
Firmware version 9.2 introduced the WAN Priority setting which allows each identified Source WAN to be prioritized for load balancing or failover. The WAN line with the lowest priority number (1 being the lowest) will be used first while the WAN line with the highest priority number (max. 999) will be the last ordered WAN used. If two WAN lines have identical priority, the traffic will be load balanced between them. Any WAN lines not included in the Source WAN list will be used if the Type is set to Failover or Failback and all specified WAN lines are down. If the Type is set to Fixed, only WAN lines included in the Source WAN list will be used.
Failover Behavior
Fixed: Only go over the specified WAN(s). If those WAN(s) are down, drop the traffic. Traffic will be fixed to the specified IP address/WAN and will not failover. It should be used for types of traffic that can only use a specific WAN, where connections would be rejected or fail if another line is used. Checking fixed with hostname-based routes will fix the route to only those referred to by the load-balanced host record and will not use any additional WAN links which are not specified in the record.
Failover: Use the specified WAN while it’s up. If it goes down, fail over to another WAN. In the event that the specified WAN link is inaccessible, static routes will fail-over and use the next available WAN link. When the specified WAN becomes operational again the Ecessa will not fail-back to the originally specified WAN link. This is appropriate for applications that do not require the use of a particular WAN, but should use the same WAN consistently. When in default failover mode with hostname-based static routes, the Ecessa will fail over to the next available WAN if none of the IP addresses/WAN links referred to by the load-balanced host record are available (e.g., if two WAN links specified by a load-balanced host record are DOWN and a third WAN link is available, the Ecessa will use the third link).
Failback: Use the specified WAN while it’s up. If it goes down, fail over to another WAN. When the preferred WAN comes back up, revert to that WAN. Traffic identified by these static routes will failover to the next available WAN link, in the event that the specified WAN becomes inaccessible; failing back to the specified WAN link when that line returns to an operational state. When a static route is in a fail-over state, the Ecessa will use the base WAN IP address for identified outbound sessions.
Hostname Failback: Failback using a hostname (resolved via DNS) to set which order WANs fail over to, and fail back preference. The order of the DNS answers sets the preference. This is valid for hostname-based static routes. After the event that the first address in the host record fails and then returns to service, it will revert back to using the first address.
Priority Failback: Failback with a higher priority (this will supersede all routing with the exception of VPNs – DANGEROUS). Used to override Site-to-Site Line Bonding and have the traffic sent over a WAN instead. This operates like Hostname Failback except when the WAN(s) go down the Ecessa performs a failover (does not drop the traffic).
0 Comments