Policy Routing on SmartNodes

Configuration ElementsPatton SmartNodes are not just gateways. The SmartNode includes a very powerfull IP routing engine that includes features usually only found in much more expensive networking devices.

This post introduces the Policy Routing feature in some detail to underline the statement above.

A typical IP CPE router includes an IP routing table which can be populated with

  • A default route
  • Static routes
  • Automatically learned routes from DHCP, ICMP and maybe some routing protocols (RIP, OSPF)

A Patton router goes beyond this. It allows you to configure multiple routing tables and to chose very specifically which traffic uses which routing table.

In this way it is possible to:

  • Setup multiple virtual routers in one device
  • Separate multiple IP networks routed through the same device
  • Control in detail how different applications and traffic streams are handled on the network

Typical applications for this functionality include

  • Separation of user-traffic and network-management-traffic
  • Separation of voice and data networks and traffic
  • Combination of VPN traffic routing and public internet traffic routing on one device

The configuration setup for this functionality is clearly structured and highly flexible.

Start by creating multiple routing tables.

Example:

routing-table PUBLIC
route 0.0.0.0/0 gateway 192.168.100.2 metric 0


routing-table MGMT
route 0.0.0.0/0 gateway 192.168.200.2 metric 0

Now assign incoming IP traffic to one of the tables. This can be done with three different levels of detail depending on your requirements:

  • Simple and generic: Assign all traffic coming in on a given IP Interface to a routing table

Example:

local
route 1 dest-table MGMT

interface LAN
ipaddress LAN 10.10.10.1/24
route 1 dest-table PUBLIC

  • More specific: Assign traffic to routing tables based on rules

Example:

local
route 1 protocol udp src-port 5060 dest-table VOICE
route 2 protocol tcp src-port 5060 dest-table VOICE
route 3 protocol udp src-port 4864..5375 dest-table VOICE
route 4 protocol tcp src-port 80 dest-table MGMT
route 5 protocol tcp src-port 23 dest-table MGMT


interface LAN
ipaddress LAN 10.10.10.1/24
route 1 protocol udp src-port 5060 dest-table VOICE
route 2 protocol tcp src-port 5060 dest-table VOICE
route 3 protocol udp src-port 4000..4099 dest-table VOICE
route 4 dest-table PUBLIC

  • Very detailed: Assign traffic to routing tables based on traffic classes. This third option makes use of the powerful traffic classifier profiles which are also used for traffic management and quality of service functionalities.

Example:

profile classifier CL_MGMT
match 1 protocol tcp src-port 80 set traffic-class TC_MGMT
match 2 protocol tcp src-port 23 set traffic-class TC_MGMT

profile classifier CL_SIP_SIG
match 1 protocol udp src-port 5060 set traffic-class TC_SIP_SIG
match 2 protocol tcp src-port 5060 set traffic-class TC_SIP_SIG

context ip ROUTER
local
use profile classifier out 1 CL_SIP_SIG
use profile classifier out 2 CL_MGMT
route 1 traffic-class local-voice dest-table VOICE
route 2 traffic-class TC_SIP_SIG dest-table VOICE
route 3 traffic-class TC_MGMT dest-table MGMT

interface LAN
ipaddress LAN 10.10.10.1/24
use profile classifier in 1 CL_SIP_SIG
route 1 traffic-class TC_SIP_SIG dest-table VOICE
route 2 protocol udp src-port 4000..4099 dest-table VOICE
route 3 dest-table PUBLIC

The following figure provides an overview of the configuration elements used in this functionality:

Policy Routing

For more detail please refer to the current version of the Trinity Command Line Reference Guide. We hope this small feature introduction provides you with a little insight into the power of Patton Products and helps you solve specific network problems you may encounter in your daily work.

Ramon Felder
Business Development ExecutivePatton-Inalp Networks
Ramon Felder is the business development executive for Patton-Inalp Networks in Switzerland. Previously he has served Patton-Inalp over 18 years in different roles as CEO, COO and product manager. Mr. Felder graduated in 1996 from the Swiss Federal Institute of Technology in Lausanne and holds an Master degree in Business Administration from the University of Rochester.


One comment

Leave a Reply