Follow

What are the routing priorities for outbound traffic?


Welcome to Ecessa Support, we have a variety of technical information and tools for a variety of solutions. If you aren't finding a solution, or would like to talk to a technical support team member, please call 800-669-6242.
Please note that as of Jan 3rd, 2025, support tickets will be handled by OneNet Global Support team. Please see OneNet Global Support Portal - End User Instructions for guided information on how to use the OneNet Global ticketing system.

See Ecessa's full line of products and solutions

As traffic reaches the Ecessa appliance, intelligent decisions need to be made regarding how to route it. Additionally, the Ecessa listens on certain ports in order to route traffic for specific services - such as Site-to-Site Line Bonding (WAN Virtualization) or VPN – and may “intercept” traffic intended for other services due to this. The following diagram shows the routing priorities attached to features and rules:

 

For Static Routes: The Ecessa appliance uses two different types of Static Routes – Static Policy Routes and Static Routes. The difference between the two types is how each identifies traffic with Static Policy Routes being more specific (including protocol and port information). The Ecessa will route by the most-to-least specific rule set, giving a Static Policy Route precedence over a Static Route. The order of the static routes also affects which rule is used for matching traffic.

The example below illustrates how this can affect the network.

Assumptions for this example:

  1. The Ecessa device does not have VPN or Site-to-Site Line Bonding (WAN Virtualization) features enabled
  2. The destination networks included in the routing tables are remote (not directly connected to the Ecessa appliance)

Static Policy Route Configuration

#

Destination Network

Source Network

Protocol

Source Port(s)

Destination Port(s)

Source WAN IP or Hostname

Type

1a

0.0.0.0/0

192.168.50.10

TCP

1-65535

25

WAN1

Fixed

2a

0.0.0.0/0

192.168.50.35

TCP

1-65535

20-21

WAN2

Fixed

3a

0.0.0.0/0

192.168.50.100

TCP

1-65535

443

WAN2

Fixed

 

Static Route Configuration

#

Destination Network

Source Network

Source WAN IP or Hostname

Type

1b

0.0.0.0/0

192.168.50.10

WAN2

Fixed

2b

203.0.113.24

192.168.50.16

WAN2

Fixed

3b

0.0.0.0/0

192.168.50.100

WAN1

Priority Failback

4b

203.0.113.24

192.168.50.16

WAN1

Fixed

 

What effect does this routing table have on traffic?

  1. When SMTP (TCP port 25) traffic comes from 192.168.50.10: the Ecessa appliance will route the traffic over WAN1 (via rule #1a). Any traffic that is not destined for TCP port 25 from 192.168.50.10 will be routed over WAN2, as according to the matching Static Route (rule #1b).
  2. When SSL (TCP port 443) traffic comes from 192.168.50.100: the Ecessa appliance will route the traffic over WAN1 (via rule #3b). This is due to the “Priority Failback” type set for the Static Route, making this a high-priority route taking precedence over the configured Static Policy route (rule #3a).
  3. Traffic coming from 192.168.50.16: the Ecessa appliance will route traffic over WAN2 (via rule #2b). There are two Static Routes configured for 192.168.50.16 (rules #2b and 4b). The routing table is read from top-to-bottom in each section (in this case Static Route Configuration) and uses the first rule that matches. The duplicate rule will never be used so if traffic coming from 192.168.50.16 needs to route over WAN1 the incorrect rule should be removed from the table.

The load-balancing algorithm used by the Ecessa appliance to intelligently load-balance traffic across the various WAN lines is “over-ruled” by static routes. Creating a “default” route, such as the one below, is not typically recommended as it prevents the Ecessa appliance from load-balancing.  

Example assumes the LAN subnet is 192.168.50.0/24:

Destination Network

Source Network

Source WAN IP or Hostname

Type

0.0.0.0/0

192.168.50.0/24

WAN1

Fixed

 

In conclusion, here is a review of issues that may be caused by route prioritization:

  1. Traffic going out of the wrong WAN line: Check the static route configuration – is there a rule that may be affecting the traffic and routing it incorrectly?
  2. Improper load-balancing (or no load-balancing): Check the static route configuration – is there a “default” route that may be causing all traffic to be routed over a single WAN line? Please keep in mind that a static route isolating one kind of traffic (such as HTTP – TCP port 80) can cause imbalances depending on how much of that traffic is generated in the environment (high use of web applications, for example).

 

Was this article helpful?
2 out of 2 found this helpful

0 Comments

Please sign in to leave a comment.