4.3. Policy-based Routing
4.3.1. Overview
Policy-based Routing (PBR) is an extension to the standard routing described previously. It offers
administrators significant flexibility in implementing routing decision policies by being able to
define rules so alternative routing tables are used.
Normal routing forwards packets according to destination IP address information derived from static
routes or from a dynamic routing protocol. For example, using OSPF, the route chosen for packets
will be the least-cost (shortest) path derived from an SPF calculation. Policy-based Routing means
that routes chosen for traffic can be based on specific traffic parameters.
Policy-based Routing can allow:
Source based routing
A different routing table may need to be chosen based on the
source of traffic. When more than one ISP is used to provide
Internet
services,
Policy-based
Routing
can
route
traffic
originating from different sets of users through different routes.
For example, traffic from one address range might be routed
through one ISP, whilst traffic from another address range might
be through a second ISP.
Service-based Routing
A different routing table might need to be chosen based on the
service. Policy-based Routing can route a given protocol such as
HTTP, through proxies such as Web caches. Specific services
might also be routed to a specific ISP so that one ISP handles all
HTTP traffic.
User based Routing
A different routing table might need to be chosen based on the
user identity or the group to which the user belongs. This is
particularly useful in provider-independent metropolitan area
networks where all users share a common active backbone, but
each can use different ISPs, subscribing to different providers.
Policy-based Routing implementation in NetDefendOS is based on two building blocks:
•
One or more user-defined alternate Policy-based Routing Tables in addition to the standard
default main routing table.
•
One or more Policy-based routing rules which determines which routing table to use for which
traffic.
4.3.2. Policy-based Routing Tables
NetDefendOS, as standard, has one default routing table called main. In addition to the main table,
it is possible to define one or more, additional alternate routing tables (this section will sometimes
refer to these Policy-based Routing Tables as alternate routing tables).
Alternate routing tables contain the same information for describing routes as main, except that
there is an extra parameter ordering defined for each of them. This parameter decides how route
lookup is done using alternate tables in conjunction with the main table. This is described further in
Section 4.3.5, “The Ordering parameter”.
4.3.3. Policy-based Routing Rules
A rule in the Policy-based Routing rule set can decide which routing table is selected. A
Policy-based Routing rule can be triggered by the type of Service (HTTP for example) in
combination with the Source/Destination Interface and Source/Destination Network.
4.3. Policy-based Routing
Chapter 4. Routing
137
Summary of Contents for 800 - DFL 800 - Security Appliance
Page 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Page 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Page 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Page 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Page 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Page 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Page 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Page 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Page 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Page 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Page 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Page 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Page 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Page 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Page 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...