Mailing List
Mailing List
Sign Up Here
Like, follow & share: visit DrayTek UK's Facebook page visit DrayTek UK's Twitter page visit DrayTek UK's Linkedin page
DrayTek

Policy Routing - Load Balancing and Address Mapping

Products:
Vigor 300B
Vigor 2960
Vigor 3900
Keywords:
Address Mapping
Load Balancing
NAT
Policy Route
Show all

The Policy Route feature on DrayTek routers allows for far more control over the routing of traffic compared to the previous WAN - Load Balance and NAT – Address Mapping menus.

Read this article for more information on what Policy Route can do and how it works.

It makes it possible to send traffic based on Destination or Source IP range, or port/service type through any available interface and specify failover routes should the original route be unavailable, which allows for routing specific traffic or specific local IPs through a VPN tunnel for instance, or traffic to a specified subnet through another gateway on the network. It also allows Address Mapping to fail over to other WAN interfaces and define specific traffic, so that address mapping could be used for just SMTP traffic.

The intention of this guide is to describe how Policy Route works and best practices with it to avoid problems. The processing of Policy Routes is sequential, such that it checks for matches from the first policy route rule to the last, and if there are no matches it then processes the routing table to make the routing decision. If a match is found then it will immediately take that action for the routing decision.


On these routers, the load balancing facility load balance pools which are then applied to clients using either the Routing > Default Route or Routing > Policy Route to configure which WANs are in the load balance pool. The Default Route affects all NAT clients by default, the Policy Routes over-ride this so that specified IP ranges / traffic types can use either specified WAN interfaces or load balance pools.

The load balancing on the router is not used by default, this requires configuring the Routing > Load Balance Pool to include the WAN interfaces that will be used. On that page, click Add:

In this window, set the Profile name, which must not use spaces, it's recommended to use underscores "_" instead.

The mode can be set for either Load Balance or Failover, select Load Balance and click Add to select the WAN interfaces that will be used. Each of the WAN interfaces will need to have a Weight value set, this is a ratio and can be set to any number between 1 and 255, in this example we've used 1 as the weight for each WAN interface, which will balance load between the WAN interfaces equally.

Where the speeds or usage ratios vary, for instance WAN1 has 80Mbps of bandwidth while WAN2 has 20Mbps of bandwidth, the Weight for WAN1 could be set to 8 and the WAN2 weight could be set to 2.


 

Once a Load Balance Pool has been configured, it can be configured as the default route for NAT traffic, from the Routing > Default Route section. On there, select the WAN Profile/Loadbalance Pool Name from the list. Enable Auto Failover to Active WANs so that the router can use the remaining WAN interfaces if the selected default route interface is unavailable.


 

To set the Load Balance Pool to be used for specific traffic such as a single subnet on the router, it's necessary to create a rule under Routing > Policy Route, on that page click Add to create a new rule:

In this example, LAN1's subnet is set as the Source address, which is entered as a Subnet so the IP Address used here is the Network Address. The Out-going Rule is set to the Load Balance pool that was created to load balance traffic for WAN1 and WAN2.

This could be used to set up different load balance pools so that different LAN subnets would use different WAN interfaces or load balancing ratios for load balancing.


 

To set up a rule so that SMTP traffic only goes through a specific WAN interface instead of going through the default route / load balance pool, create another rule and set the Protocol setting to TCP first to see the port settings for the policy route rule.

Set the Source IP address as needed, in this case, it applies only to one server, 192.168.1.254; that IP address is specified and the Subnet Mask is set to 255.255.255.255 so that the rule only applies to that IP address.

The Destination Type can be left as Any, but set the Destination Port Start and Destination Port End to 25 so that the rule only applies to SMTP traffic.

The Out-going Rule should be set to Load Balance Pool and the WAN interface is specified in the Load Balance Rule drop down box.

 

This facility was previously located under the NAT > Address Mapping menu on the router but is now integrated into the Policy Route feature; this does give more control over how it works because it can specify address mapping for only specific destinations, or can be set to use an IP object rather than an IP address and subnet mask and it can specify which port is used if required.

To set up an Address Mapping entry, go to Routing > Policy Route and click Add, in that rule, specify the Source Address to be used along with the Destination if required, in this case, the IP address 192.168.1.254 needs to use a specific IP Alias.

The Use IP Alias option will only appear if a single WAN interface with IP Aliases already specified is selected, set that to Enable and select the required IP from the drop down box.

This can be set to Failover if the IP Alias WAN interface is unavailable using the Failover to Next Rule and Failback options, the latter will drop sessions on the failover WAN and start using the original WAN as soon as the specified WAN interface comes back online.

 

 

How do you rate this article?

1 1 1 1 1 1 1 1 1 1




Add a comment to this article

In the below box, you can add comments which you consider might be helpful to other users reading this article:

(As you'd like it to appear on the comment)


NOTE : All comments are reviewed before publication and may not be posted or may be redacted if the editors do not consider them helpful. The use of offensive or obscene language, copyrighted material, or advertising or promotion or linking to any other product or service is prohibited. By submitting your comment, you confirm that you are the original author and assign copyright of the content to DrayTek indefinitely and irrevocably.