Patton SmartNodes are not just gateways. The SmartNode includes a very powerfull IP routing engine that includes features usually only found in much more expensive networking devices.
This post introduces the Policy Routing feature in some detail to underline the statement above.
A typical IP CPE router includes an IP routing table which can be populated with
- A default route
- Static routes
- Automatically learned routes from DHCP, ICMP and maybe some routing protocols (RIP, OSPF)
A Patton router goes beyond this. It allows you to configure multiple routing tables and to chose very specifically which traffic uses which routing table.
In this way it is possible to:
- Setup multiple virtual routers in one device
- Separate multiple IP networks routed through the same device
- Control in detail how different applications and traffic streams are handled on the network
Typical applications for this functionality include
- Separation of user-traffic and network-management-traffic
- Separation of voice and data networks and traffic
- Combination of VPN traffic routing and public internet traffic routing on one device
The configuration setup for this functionality is clearly structured and highly flexible.
Start by creating multiple routing tables.
Example:
routing-table PUBLIC
route 0.0.0.0/0 gateway 192.168.100.2 metric 0
routing-table MGMT
route 0.0.0.0/0 gateway 192.168.200.2 metric 0
Now assign incoming IP traffic to one of the tables. This can be done with three different levels of detail depending on your requirements:
- Simple and generic: Assign all traffic coming in on a given IP Interface to a routing table
Example:
local
route 1 dest-table MGMT
interface LAN
ipaddress LAN 10.10.10.1/24
route 1 dest-table PUBLIC
- More specific: Assign traffic to routing tables based on rules
Example:
local
route 1 protocol udp src-port 5060 dest-table VOICE
route 2 protocol tcp src-port 5060 dest-table VOICE
route 3 protocol udp src-port 4864..5375 dest-table VOICE
route 4 protocol tcp src-port 80 dest-table MGMT
route 5 protocol tcp src-port 23 dest-table MGMT
interface LAN
ipaddress LAN 10.10.10.1/24
route 1 protocol udp src-port 5060 dest-table VOICE
route 2 protocol tcp src-port 5060 dest-table VOICE
route 3 protocol udp src-port 4000..4099 dest-table VOICE
route 4 dest-table PUBLIC
- Very detailed: Assign traffic to routing tables based on traffic classes. This third option makes use of the powerful traffic classifier profiles which are also used for traffic management and quality of service functionalities.
Example:
profile classifier CL_MGMT
match 1 protocol tcp src-port 80 set traffic-class TC_MGMT
match 2 protocol tcp src-port 23 set traffic-class TC_MGMT
profile classifier CL_SIP_SIG
match 1 protocol udp src-port 5060 set traffic-class TC_SIP_SIG
match 2 protocol tcp src-port 5060 set traffic-class TC_SIP_SIG
context ip ROUTER
local
use profile classifier out 1 CL_SIP_SIG
use profile classifier out 2 CL_MGMT
route 1 traffic-class local-voice dest-table VOICE
route 2 traffic-class TC_SIP_SIG dest-table VOICE
route 3 traffic-class TC_MGMT dest-table MGMT
interface LAN
ipaddress LAN 10.10.10.1/24
use profile classifier in 1 CL_SIP_SIG
route 1 traffic-class TC_SIP_SIG dest-table VOICE
route 2 protocol udp src-port 4000..4099 dest-table VOICE
route 3 dest-table PUBLIC
The following figure provides an overview of the configuration elements used in this functionality:
For more detail please refer to the current version of the Trinity Command Line Reference Guide. We hope this small feature introduction provides you with a little insight into the power of Patton Products and helps you solve specific network problems you may encounter in your daily work.
Thanks for this Ramon. I look forward to future discussions on other key SmartNode features. What’s next?