Cipafilter Documentation - Routing
Posted by Jim Giseburt, Last modified by Jim Giseburt on 11 April 2017 05:16 PM
The Cipafilter is a fully featured router capable of replacing the functionality of your existing routers.
Most customers will not need to reconfigure any features on this page, since the filter will automatically route between any subnets specified on the IP Settings page. If it is necessary to route to any additional subnets, they can be added here by specifying the destination subnet itself and the gateway to route through.
Multi-gateway routing provides advanced routing functionality which is useful for organizations with multiple Internet connections or complex network set-ups. These features provide several benefits, including load balancing and fail-over, as well as the ability to specify static routes based on the source rather than the destination (as with the Routing tab).
The Multi-Gateway Routing Mode indicates the type of routing to perform: Destination Based or Source Based. In Destination Based mode, the filter will distribute requests amongst the specified gateways according to their destination (external) IPs; in Source Based mode, the requests will be distributed according to their source (internal) IPs. The distribution is weighted according to the values specified, but is otherwise arbitrary.
Beneath the mode setting is the table of gateways and interfaces to use for routing. The Gateway field indicates the default gateway for the associated Out-Interface. The Watchdog Target specifies an IP address to watch for which indicates the availability of the gateway; if this target fails to respond, the filter will stop routing to the associated Gateway and fail over to one of the others. The Weight field specifies the distribution weighting; in general, the higher the Weight value, the more traffic will be routed through that Gateway.
As an example: Two gateways (Gateway A and Gateway B) are specified with equal weights using the Source Based method. Behind the filter are Clients A, B, C, and D. As each client passes a request through the filter, the client is "assigned" a route to one of these gateways. All subsequent requests from the clients are then passed through their associated gateways.
Ideally, given equal weights, the clients will be equally distributed — e.g., Clients A and C to Gateway A and Clients B and D to Gateway B — although this is not guaranteed. This functionality is referred to as load balancing.
If the Watchdog Target for Gateway B were to go down, the filter would then re-"assign" Clients B and D back to Gateway A to ensure connectivity. The exact settings the filter uses to detect this scenario can be changed under Ping Watchdog Settings. This functionality is called fail-over.
Note: Multi-gateway routing currently does not integrate well with the filter's DHCP-client functionality, and using the two features together is not supported. (DHCP-server functionality is unaffected.)
Ping Watchdog Settings
To ensure connectivity through a gateway, the filter must periodically ping its Watchdog Target. The number and frequency of pings can be set here.
Specific Connection Routing
This section is the source-based equivalent to the destination-based routes specified on the Routing tab.