Wechseln zu:Navigation, Suche
Wiki

Howto-Multipath Routing english

Aus Securepoint Wiki

Howto-Multipath Routing

Multipath Routing

The coupling of two or more internet connections with a Securepoint appliance is also called "Multipath Routing". With mutlipath-routing you are able to get a higher bandwith. Also multipath routing will improve the redundancy of your network, especially if you are using different internet-providers. With multipath-routing the data traffic will be weighted and split to the different internet connections.

At failure of one of the internet connections, the securepoint appliance will switch to an other acitve internet connection. Thereby the usage of the other internet connections increased, but you are able to use all the services furthermore, without any restrictions. If the interrupted internet connection will be restored, the services will be switched back.

Additional to the multipath routing the Securepoint appliance will adopt the "Load Balancing" whereby the load will distributed to the different internet connections.

Source Routing

When using more than one internet connection, the data traffic will be devided to the internet connections.

For certain applications (Mailserver, VPN, ...) it's possible to use the same internet connection any time. In this case you have to assign an unambiguously route to the client. This function is called "Source Routing". The route is dependent to the application.

Checklist for Multipath Routing

If you don't need an elaborate instruduction, you can use this Checklist to set up your multipath routing. This checklist can also be used at troubleshooting.

Szenarien

The binding of the firewall to two internet connections can be happen in different ways.

In this howto, two of the possible methods will be presented. Both scenarios assume, that the internet connection is an ADSL connection. It's possible to use ISDN or VDSL or a mix of these.

<<<BILD>>>

In scenario 2 the Firewall will be connected to a Modem direclty. The secound internet connection will be connected via a router.

Multipath Routing with two direclty connected internet connections

For this configuration the appliance has to be connected directly to the DSL-Modems, so that the internet connections are directly managed by the firewall.

add provider

In order to build a multipath with two DSL connections, you have to add two DSL provider first.

  • In the navigation bar you have to move on "Network" and click the entry "Network Configuration" in the drop down menu.
  • Change to the tab "DSL provider".
  • Click on "add DSL provider".
  • Assign a name for the provider.
  • In the field "Login" you have to assign your provider-username.
  • In the field "Password" you have to assign your provider-password.

Repeat your password in the field "repeat password".

  • Deactivate the checkbox "standard route".
  • If the provider schedules a forced seperation chose a time.
  • Click on "save".
  • repeat this process for the secound DSL provider. At this process, pay attention to deactivate the checkbox "standard route".

<<<BILD>>> <<<BILD>>>

add DSL interfaces

For the appliance to establish the connection to the internet provider, you have to set up the two DSL interfaces. Depending on the protocol, that is used by the provider, you have to set up two PPPoE or two PPTP interfaces (or in case only one).

  • In the dialog "Networkconfiguration" you have to change to the tab "interfaces"-
  • Click on the button "add interface"

The interface wizard will be shown.

  • Chose the required interface-type by marking the accordingly radiobutton.
  • Click on "continue".
  • The DSL interfaces will be direclty assigned to the physical interface. Choose this in the field "interface". Don't use the interface eth1, because it's sheduled for the internal network. You can use eth0 (external network) and eth2 (DMZ) if you use an appliance with only three interfaces.
  • The field PPP-interface is already preassigned. The interfaces will be designated with ppp and a sequential number.
  • In the field "DSL-provider" you have to choose a previously created internet service provider.
  • Click on finish.
  • Click on refresh interfaces.

If you are using a PPTP interface you have to set more settings.

  • In the interface wizard you have to choose the interface type PPTP.
  • Click on continue.
  • In the field "interface" you have to choose an interface of your appliance. Note, that eth1 is scheduled for the internal network.
  • In the field "local ethernet IP-Address" you have to enter the external ip-address of your appliance.

If you are using an ATM modem, the default is 10.0.0.140.

  • Set the Subnetmask in the field "mask".
  • The deault ip-address of an ATM modem is 10.0.0.138.
  • The field PPP-interface is already preassigned. The interfaces will be designated with ppp and a sequential number.
  • In the field "DSL-provider" you have to choose a previously created internet service provider.
  • Click on finish.
  • Click on refresh interfaces.

If you are using two PPTP connections, following settings will be possible.

ppp0 local ethernet IP-address 10.0.0.140 mask 255.255.255.128/25

ppp1 local ethernet IP-address 10.0.0.120 mask 255.255.255.128/25

add network objects

If you are using two PPTP connections, following settings will be possible. To establish seperated rules for both DSL connections, you have to add another network object for the internet and one network object for the secound external interface. Inasmuch as zones can be assigned only one time, you have to use zones, that are not used (e.g. DMZ2). Another possibility is to add a new zone.

add secound network object

  • In the navigation bar you have to move to the entry "Firewall" and click on "network objects" in the dropdown menu.

The window "network objects" will be shown. In the list you can find all network objects, which are either created by default or added by an administrator.

  • To add another network object, click on the button "add host/network".
  • In the pop-up window you have to type a name for the network object in the field "name".
  • For "type" you have to choose network.
  • In the field ip-address you have to type 0.0.0.0 and 0.0.0.0/0 for mask.
  • In the field "zone" you have to choose dmz2.
  • Leave the "NAT-IP"-option to "off".
  • Click on "save"

add external network object

Now you have to add another network object for the secound interface. For the first interface, an network object is already created by default. Set the zone to an other than "firewall-external", because it's already used by the first external interface (e.g. firewall-dmz2). Another possibility is to add a new zone.


  • Click on "add interface" in the window "network objects".
  • In the following windows you have to type a name for the external interface.
  • The field "type"
          * Choose "dynamic address", if you get a new ip-address from your ISP, each time you connect.
          * Choose "static address", if you got a fixed ip-address from your ISP. Type your ip-address(es) in the field "ip-address".
  • Choose the zone "DMZ2-external".
  • Click on save.
Abgerufen von „https://wiki.securepoint.de/index.php?title=Howto-Multipath_Routing_english&oldid=3774