IP Policy Routing. ZyXEL Communications 623ME-T, Prestige 623ME-T
Advertisement
Advertisement
Prestige 623ME-T User’s Guide
Chapter 24
IP Policy Routing
This chapter covers setting and applying policies used for IP routing.
24.1 IP Policy Routing Overview
Traditionally, routing is based on the destination address only and the IAD takes the shortest path to forward a packet. IP Routing Policy (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. Policy-based routing is applied to incoming packets on a per interface basis, prior to the normal routing.
24.2 Benefits of IP Policy Routing
• Source-Based Routing – Network administrators can use policy-based routing to direct traffic from different users through different connections.
• Quality of Service (QoS) – Organizations can differentiate traffic by setting the precedence or TOS
(Type of Service) values in the IP header at the periphery of the network to enable the backbone to prioritize traffic.
• Cost Savings – IPPR allows organizations to distribute interactive traffic on high-bandwidth, high-cost paths while using low-cost paths for batch traffic.
• Load Sharing – Network administrators can use IPPR to distribute traffic among multiple paths.
24.3 Routing Policy
Individual routing policies are used as part of the overall IPPR process. A policy defines the matching criteria and the action to take when a packet meets the criteria. The action is taken only when all the criteria are met. The criteria includes the source address and port, IP protocol (ICMP, UDP, TCP, etc.), destination address and port, TOS and precedence (fields in the IP header) and length. The inclusion of length criterion is to differentiate between interactive and bulk traffic. Interactive applications, for example, telnet, tend to have short packets, while bulk traffic, for example, file transfer, tends to have large packets.
The actions that can be taken include:
• routing the packet to a different gateway (and hence the outgoing interface).
• setting the TOS and precedence fields in the IP header.
IP Policy Routing 24-1
Prestige 623ME-T User’s Guide
IPPR follows the existing packet filtering facility of RAS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A user defines the policies before applying them to an interface or a remote node, in the same fashion as the filters. There are 12 policy sets with six policies in each set.
24.4 IP Routing Policy Setup
Menu 25 shows all the policies defined.
Menu 25 - IP Routing Policy Setup
Policy Policy
Set # Name Set # Name
------ ----------------- ------ -----------------
1 test 7 _______________
2 _______________ 8 _______________
3 _______________ 9 _______________
4 _______________ 10 _______________
5 _______________ 11 _______________
6 _______________ 12 _______________
Enter Policy Set Number to Configure= 0
Edit Name= N/A
Press ENTER to Confirm or ESC to Cancel:
Figure 24-1 Menu 25 IP Routing Policy Setup
To setup a routing policy, perform the following procedures:
Step 1. Type 25 in the main menu to open Menu 25 – IP Routing Policy Setup.
Step 2. Type the index of the policy set you want to configure to open Menu 25.1 – IP Routing Policy
Setup.
Menu 25.1 shows the summary of a policy set, including the criteria and the action of a single policy, and whether a policy is active or not. Each policy contains two lines. The former part is the criteria of the incoming packet and the latter is the action. Between these two parts, separator “|” means the action is taken on criteria matched and separator “=” means the action is taken on criteria not matched.
24-2 IP Policy Routing
Prestige 623ME-T User’s Guide
Menu 25.1 - IP Routing Policy Setup
# A Criteria/Action
- - --------------------------------------------------------------------------
1 Y SA=1.1.1.1-1.1.1.1,DA=2.2.2.2-2.2.2.5
SP=20-25,DP=20-25,P=6,T=NM,PR=0 |GW=192.168.1.1,T=MT,PR=0
2 N __________________________________________________________________________
__________________________________________________________________________
3 N __________________________________________________________________________
__________________________________________________________________________
4 N __________________________________________________________________________
__________________________________________________________________________
5 N __________________________________________________________________________
__________________________________________________________________________
6 N __________________________________________________________________________
__________________________________________________________________________
Enter Policy Rule Number (1-6) to Configure:
Figure 24-2 Menu 25.1 IP Routing Policy Setup
Table 24-1 Menu 25.1 IP Routing Policy Setup
ABBREVIATION MEANING
Criterion SA Source IP Address
SP Source Port
DA Destination IP Address
DP Destination Port
P IP layer 4 protocol number (TCP=6, UDP=17…)
T Type of service of incoming packet
PR Precedence of incoming packet
Action GW Gateway IP address
T Outgoing Type of service
P Outgoing Precedence
Service NM Normal
MD Minimum Delay
MT Maximum Throughput
MR Maximum Reliability
MC Minimum Cost
IP Policy Routing 24-3
Prestige 623ME-T User’s Guide
Type a number from 1 to 6 to display Menu 25.1.1 – IP Routing Policy (see the next figure). This menu allows you to configure a policy rule.
Menu 25.1.1 - IP Routing Policy
Policy Set Name= test
Active= Yes
Criteria:
IP Protocol = 6
Type of Service= Normal
Precedence = 0
Source:
addr start= 1.1.1.1
port start= 20
Destination:
addr start= 2.2.2.2
port start= 20
Action= Matched
Gateway addr = 192.168.1.1
Len Comp= N/A end= 1.1.1.1 end= 20 end= 2.2.2.2 end= 20
Log= No
Type of Service= Max Thruput
Precedence = 0
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Packet length= 40
Figure 24-3 Menu 25.1.1 IP Routing Policy
The following table describes the fields in this menu.
Table 24-2 Menu 25.1.1 IP Routing Policy
FIELD DESCRIPTION
Policy Set Name This is the policy set name assigned in Menu 25 – IP Routing Policy Setup.
Active Press [SPACE BAR] and then [ENTER] to select Yes to activate or No to deactivate the policy. Inactive policies are displayed with a minus sign “-“ in
SMT menu 25.
Criteria :
IP Protocol
Type of Service
Precedence
Packet Length
IP layer 4 protocol, for example, UDP, TCP, ICMP, etc.
Prioritize incoming network traffic by choosing from Don’t Care, Normal, Min
Delay, Max Thruput, Min Cost or Max Reliable.
Precedence value of the incoming packet. Press [SPACE BAR] and then
[ENTER] to select a value from 0 to 7 or Don’t Care.
Type the length of incoming packets (in bytes). The operators in the Len
Comp (next field) apply to packets of this length.
24-4 IP Policy Routing
Prestige 623ME-T User’s Guide
Table 24-2 Menu 25.1.1 IP Routing Policy
FIELD DESCRIPTION
Len Comp Press [SPACE BAR] and then [ENTER] to choose from Equal, Not Equal,
Less, Greater, Less or Equal or Greater or Equal.
Source: addr start / end Source IP address range from start to end. port start / end Source port number range from start to end; applicable only for TCP/UDP.
Destination: addr start / end Destination IP address range from start to end.
Action port start / end Destination port number range from start to end; applicable only for TCP/UDP.
Specifies whether action should be taken on criteria Matched or Not
Matched.
Gateway addr
Type of Service
Defines the outgoing gateway address. The gateway must be on the same subnet as the Prestige if it is on the LAN, otherwise, the gateway must be the
IP address of a remote node. The default gateway is specified as 0.0.0.0.
Set the new TOS value of the outgoing packet. Prioritize incoming network traffic by choosing No Change, Normal, Min Delay, Max Thruput, Max
Reliable or Min Cost.
Precedence
Log
Set the new outgoing packet precedence value. Values are 0 to 7 or No
Change.
Press [SPACE BAR] and then [ENTER] to select Yes to make an entry in the system log when a policy is executed.
When you have completed this menu, press [ENTER] at the prompt “Press ENTER to confirm or ESC to cancel” to save your configuration or press [ESC] to cancel and go back to the previous screen.
24.5 Applying an IP Policy
This section shows you where to apply the IP policies after you design them.
24.5.1 Ethernet IP Policies
From Menu 3 — Ethernet Setup, type 2 to go to Menu 3.2 — TCP/IP and DHCP Ethernet Setup.
You can choose up to four IP policy sets (from 12) by typing their numbers separated by commas, for example, 2, 4, 7, 9.
IP Policy Routing 24-5
Prestige 623ME-T User’s Guide
Menu 3.2 - TCP/IP and DHCP Ethernet Setup
DHCP Setup:
DHCP= None
Client IP Pool Starting Address= N/A
Size of Client IP Pool= N/A
Primary DNS Server= N/A
Secondary DNS Server= N/A
Remote DHCP Server= N/A
TCP/IP Setup:
IP Address= 192.168.1.1
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-2B
Multicast= IGMP-v2
IP Policies= 2,4,7,9
Edit IP Alias= No
Press ENTER to Confirm or ESC to Cancel:
Type IP
Policy sets here.
Figure 24-4 Menu 3.2 TCP/IP and DHCP Ethernet Setup
Go to menu 11.3 (shown next) and type the number(s) of the IP Routing Policy set(s) as appropriate. You can cascade up to four policy sets by typing their numbers separated by commas.
Menu 11.3 - Remote Node Network Layer Options
IP Options: Bridge Options:
IP Address Assignment= Static Ethernet Addr Timeout (min)= 0
Rem IP Addr: 0.0.0.0
Rem Subnet Mask= 0.0.0.0
My WAN Addr= 0.0.0.0
NAT= Full Feature
Address Mapping Set= 2
Metric= 2
Private= No
RIP Direction= Both
Version= RIP-2B
Multicast= IGMP-v2
IP Policies= 2,4,7,9
Type IP
Policy sets here.
Press ENTER to Confirm or ESC to Cancel:
Figure 24-5 Menu 11.3 Remote Node Network Layer Options
24-6 IP Policy Routing
Prestige 623ME-T User’s Guide
24.6 IP Policy Routing Example
If a network has both Internet and remote node connections, you can route Web packets to the Internet using one policy and route FTP packets to a remote network using another policy. See the next figure.
Route 1 represents the default IP route and route 2 represents the configured IP route.
Figure 24-6 Example of IP Policy Routing
To force Web packets coming from clients with IP addresses of 192.168.1.33 to 192.168.1.64 to be routed to the Internet via the WAN port of the Prestige, follow the steps as shown next.
Step 1. Create a routing policy set in menu 25.
Step 2. Create a rule for this set in Menu 25.1.1 — IP Routing Policy as shown next.
IP Policy Routing 24-7
Prestige 623ME-T User’s Guide
Menu 25.1.1 - IP Routing Policy
Policy Set Name= set1
Active= Yes
Criteria:
IP Protocol = 6
Type of Service= Don't Care
Precedence = Don't Care
Source:
Packet length= 10
Len Comp= N/A
addr start= 192.168.1.33 end= 192.168.1.64
port start= 0 end= N/A
Destination:
addr start= 0.0.0.0 end= N/A
port start= 80 end= 80
Action= Matched
Gateway addr = 192.168.1.1 Log= No
Type of Service= No Change
Precedence = No Change
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 24-7 IP Routing Policy Example
Step 3. Check Menu 25.1 — IP Routing Policy Setup to see if the rule is added correctly.
Step 4. Create another policy set in menu 25.
Step 5. Create a rule in menu 25.1 for this set to route packets from any host (IP=0.0.0.0 means any host) with protocol TCP and port FTP access through another gateway (192.168.1.100).
24-8 IP Policy Routing
Prestige 623ME-T User’s Guide
Menu 25.1.1 - IP Routing Policy
Policy Set Name= set2
Active= Yes
Criteria:
IP Protocol = 6
Type of Service= Don't Care Packet length= 10
Precedence = Don't Care
Source:
Len Comp= N/A
addr start= 0.0.0.0 end= N/A
port start= 0 end= N/A
Destination:
addr start= 0.0.0.0 end= N/A
port start= 20 end= 21
Action= Matched
Gateway addr =192.168.1.100 Log= No
Type of Service= No Change
Precedence = No Change
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 24-8 IP Routing Policy Example
Step 6. Check Menu 25.1 — IP Routing Policy Setup to see if the rule is added correctly.
Step 7. Apply both policy sets in menu 3.2 as shown next.
Menu 3.2 - TCP/IP and DHCP Ethernet Setup
DHCP Setup
DHCP= Server
Client IP Pool Starting Address= 192.168.1.33
Size of Client IP Pool= 64
Primary DNS Server= 0.0.0.0
Secondary DNS Server= 0.0.0.0
Remote DHCP Server= N/A
TCP/IP Setup:
IP Address= 192.168.1.1
IP Subnet Mask= 255.255.255.0
RIP Direction= Both
Version= RIP-1
Multicast= None
IP Policies= 1,2
Edit IP Alias= No
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
Figure 24-9 Applying IP Policies Example
IP Policy Routing 24-9

Public link updated
The public link to your chat has been updated.
Advertisement