P-793H v 2 Support Notes
A traffic route is a path for sending or receiving date packets between two
Ethernet devices. Some companies have more than one alternate route to one
or more ISPs. If the LAN and ISP(s) are in the same subnet, the
“triangle route”
problem may occur. The steps below describe the
“triangle route” problem.
1. A computer on the LAN initiates a connection by sending out a SYN packet
to a receiving server on the WAN.
2. The P-793H v2 reroutes the SYN packet through Gateway B on the LAN to
the WAN.
3. The reply from WAN goes directly to the computer on the LAN without going
through the P-793H v2.
As a result, the P-793H v2 resets the connection, as the connection has not
been acknowledged.
“Triangle Route” Problem:
(2). How to avoid triangle route
1) IP Aliasing
The following network topology allows you to avoid triangle route security issues
when the backup gateway is connected to the LAN. Use IP alias to configure the
LAN into two or three logical networks with the P-793H v2 itself as the gateway
for each LAN network. Put the protected LAN in one subnet (Subnet 1 in the
following figure) and the backup gateway in another subnet (Subnet 2).
Configure filters that allow packets from the protected LAN (Subnet 1) to the
backup gateway (Subnet 2).
Traffic redirect LAN setup example 1:
83
All contents copy right © 2010 Zy XEL Communications Corporation.
