IX. NAT Related Features

Policy Routing with Metrics - Load Balancing, Address Mapping and VPN Routing

Products:
Vigor 2620Ln
Vigor 2765
Vigor 2832
Vigor 2862
Show all

Keywords:
Address Mapping
Load Balancing
NAT
Policy Route
Show all

The Policy Route feature on DrayTek routers allows for far more control over the routing of out-bound traffic compared to the previous [WAN] > [Load Balance Policy] and [NAT] > [Address Mapping] menus.

Read this article for more information on what Policy Route can do and how it works.

Policy Routes make it possible to send traffic based on Destination or Source IP range, or port/service type through any available interface and specify failover routes should the original route be unavailable, which allows for routing specific traffic or specific local IPs through a VPN tunnel for instance, or traffic to a specified subnet through another gateway on the network. It also allows Address Mapping to fail over to other WAN interfaces and define specific traffic, so that address mapping could be used for just SMTP traffic.

With the 3.7.8 firmware, the Vigor 2860 and Vigor 2925 routers now have the ability to specify the Metric used by each Policy Route entry, so that these rules can be either higher or lower priority than the routing table, which simplifies the setup compared to the previous implementation, where Policy Route rules would over-ride the routing table in all cases.

The intention of this guide is to describe how Policy Route works and best practices with it to avoid pitfalls.
It is recommended to set the [Load Balance/Route Policy] page to “Advance Mode” so that the settings match the ones shown in the guide.

Metrics and Priority

The DrayTek routers that implement metrics for policy route using the metric to decide which of the matching rules or route entries should apply to a packet being routed.

The priority metric is a value between 0 - 250 and uses 0 as the highest priority and 250 as the lowest priority.

Pre-set metric values are used for different route types on the router:

  • 150 - Static Routes
  • 150 - Inter-LAN Routes
  • 150 - VPN Routes
  • 200 - Default priority for new Route Policy rules (configurable)
  • 250 - Default Route - This is the auto Load Balance pool on the router (configured by enabling "Load Balance" on a WAN under [WAN] > [General Setup])
Routing decisions on the router are based on the following:
1. The packets Destination IP matches a route entry or the packet matches a Router Policy Rule
2. If multiple rules/routes match then the rule or route with the highest priority is used.
3. If there are multiple rules/routes with the same priority, they are processed in the order that they appear in the Route Policy table.

Example 1: If a route policy rule to put all traffic through WAN2 has its priority set to 100, it would over-ride the routing table and any traffic, including traffic meant for Inter-LAN or VPN communication would also route through WAN2.


If that route policy rule was reconfigured with a priority of 200, it would have a lower priority than the routing table - internet traffic would go through WAN2 as expected and any Inter-LAN or VPN traffic would be routed through the correct interfaces.


Example 2: If there are multiple rules that could match a possible routing decision, they are processed in order of priority first of all:

With this setup if 192.168.1.10 accesses the internet, Rule 3 would be processed first because it has higher priority. If that rule was disabled, both Rule 1 and Rule 2 have the same priority so Rule 1 would be processed first, because of their ordering in the Route Policy table.

How do you rate this article?

1 1 1 1 1 1 1 1 1 1