In order to properly utilize static routes, it is vital to understand the role that they play. The following list provides situations in which overriding the default outbound load-balancing behavior is recommended and sometimes necessary.
- Destinations and/or end point hosts require specific paths. For example a secure website that can open multiple TCP sessions, yet requires all packets to come from a specific IP address or that the TCP session is “sticky” to the initial session characteristics.
- Bandwidth or latency requirements for an application or service make a particular WAN line more suitable as the primary connection.
- It is necessary to create a failover precedence. Such methods to fail into VPN’s or Site-to-Site Line Bonding from a private MPLS or dedicated circuit can be defined.
Types of Static Routes
1) Fixed – only go over the WAN(s) specified, if those WAN(s) are down, drop the traffic.
2) Failover – use that WAN while it’s up, if it goes down fail over to another WAN.
3) Failback – similar to failover except when the preferred WAN comes back up, fail back to that WAN.
4) Hostname Failback – failback using a hostname (resolved via DNS) to set which WANs to fail over to, and fail back preference.
5) Priority Failback – failback with a higher priority (this will supersede all routing with the exception of VPNs – DANGEROUS).
6) VPN Static Route (only available for Static Routes) – this will force outbound and inbound VPN traffic relating to this static route to use the selected WAN.
Static Routes vs. Static Policy Routes
The difference here is only in classifying what traffic will follow this Static Route.
1) Static Routes route by source subnet (LAN or Next Hop Route) and destination subnet.
2) Static Policy Routes route by source subnet (again, LAN or Next Hop Route), destination subnet, and protocol.
Static Route NAT
Static Routes generally NAT by default. If you want the traffic to go out with no NAT, the LAN or Next Hop Route (NHR) in question should have the correct WAN to Route Via selected in the LAN or NHR configuration sections.
Scenarios (Common Usage of Static Routes)
1) The traffic can only traverse your MPLS, because it’s routed, create a Fixed Static Route with your MPLS as the WAN line.
2) Mail traffic has to correspond to is rDNS Resource Record, in the case create a Fixed Static Route that appropriately classifies mail traffic for the WAN lines that corresponds to the rDNS record. A common way to classify mail traffic to use a Static Policy Route with TCP and SMTP port 25.
3) VPN’s may have a preferred WAN to use first, in this case create a Basic Static Route with Failback type selected and VPN checked. This will make sure the VPN is forced to connect on the preferred WAN line. If that WAN line is down we will force it to use the line that was failed over to. When the preferred WAN comes back up we will fail back and force the use of the preferred WAN for the VPN’s path.