Routing

Introduction to network routing

Zentyal uses the Linux kernel subsystem for the routing, configured using the tool iproute2 [1].

[1]http://www.policyrouting.org/iproute2.doc.html

Configuring routing with Zentyal

Gateway

The gateway is the default router for the connections associated with a destination that is not in the local network. This means, if the system does not have static routes defined or if none of these match with the desired transmission, the gateway will be used by default.

To configure a gateway in Zentyal use Network ‣ Gateway, which contains the following parameters.

_images/11-routing-gateways.png

Adding a Gateway

Enabled:
Indicates whether this gateway is effectively working or if it is disabled.
Name:
Name used to identify the Gateway.
IP Address:
IP Address of the gateway. This address has to be directly accessible from the host Zentyal is installed on, this means, without other routers in the middle.
Interface:
Network interface connected to the gateway. The packets sent to this gateway will be sent using this interface.
Weight
The higher the weight, more packets will be sent using this gateway if you have traffic balancing enabled.
Default
If this option is enabled, this will be the default gateway.

If you have configured interfaces as DHCP or PPPoE [2] you cannot add a gateway explicitly for these, because they are automatically managed. Nevertheless, you can still enable or disable them by editing the Weight or choosing whether one of them is the Default, but it is not possible to edit any other attributes.

_images/dynamic-gateways.png

Gateways list with DHCP and PPoE

Additionally Zentyal may need a proxy in order to access the Internet, for example, for software and antivirus updates, or for HTTP proxy re-direction.

In order to configure this external proxy, go to Network ‣ Gateways. Here you can specify the address for the Proxy server and also the Proxy port. A User and Password can be specified if the proxy requires them.

[2]http://en.wikipedia.org/wiki/PPPoE

Static route table

If all the traffic directed to a network must go through a specific gateway, a static gateway is added. This can be used, for example, to interconnect two local networks via their default gateways.

For making a manual configuration of a static route, you have to use Network ‣ Static Routes.

_images/Zentyal_static_route.png

Static route configuration

These routes can be overwritten if the DHCP protocol is in use.

Configuring traffic balancing with Zentyal

As mentioned previously, a single host can have more than one configured gateway, which leads to a situation where new parameters need to be taken into account during the configuration of a Zentyal server.

_images/01-gateways.png

List of gateways

The routing rules for more than one gateway, also known as multigateway rules, allow the network to use multiple connections to the Internet, in a transparent way. This can be very useful for organisations that require more bandwidth than can be offered by a single ADSL line - or that can not tolerate interruptions to Internet access, which is very common nowadays.

Traffic balancing shares the outgoing connections to the Internet in a equitable way, allowing complete use of the available bandwidth. The simplest configuration is to establish the different weights for each gateway - so if the connections have different capacities, you can specify optimal use.

_images/02-gateway-rules.png

Traffic balancing

Additionally, Zentyal can be configured to always send given types of traffic through a specific router as needed. A common example is to always send e-mail traffic or all the traffic from a pre-determined subnet, through a specific router.

Multigateway rules and balancing can be established in the section Network ‣ Traffic balancing. In this section rules can be added to ensure certain connections to a specific gateway, depending on the Interface, the Source (it can be an IP address, one Object, the Zentyal server itself or Any), the destination (an IP address or an Object), the Service to which you want to associate this rule and the Gateway to where the specified traffic should be routed.

Configuring fault-tolerance in Zentyal

If performing traffic balancing between two or more gateways, it is recommended to enable the fault-tolerance feature. In case you are balancing traffic between two routers and one of them suffers a failure, if this feature is not enabled, part of the traffic will still try to use the non-functioning router, causing connectivity problems for the network users.

By using failover configuration, it is possible to define sets of tests for each gateway to check whether it is operating or if there are problems and should no longer be used as an outgoing route to the Internet. These tests can consist of a ping to the gateway, to an external host, DNS resolution or an HTTP request. It is also possible to define how many tests are to be executed and the percentage of acceptance required. If any test fails, not reaching acceptance rate, the associated gateway will be disabled. These tests will continue running, so when the acceptance rates are satisfied again, the gateway will be activated once again.

Disabling a gateway ensures that all the traffic will use the other enabled gateways. The multigateway rules associated with this gateway will be deactivated and the quality of service rules will be consolidated. This way, the network users will not suffer any problems with their Internet connection. Once Zentyal detects that the disabled gateway is operative again, it will restore normal behaviour of the traffic balancing, multigateway rules and quality of service.

Failover is implemented as a Zentyal event. In order to use it, you first need to have the module Events enabled, and after this enable the event WAN Failover.

_images/failover.png

WAN failover

To configure the options and test for the failover you need to go to the menu Network ‣ WAN Failover. It is possible to specify the event period by modifying the value of the option Time between tests. To add a rule click on the option Add new and a form with the following fields will be displayed:

Enabled:
Indicates if the rule is to be applied during the connectivity checks of the routers. It is possible to add different rules and enable or disable them depending of your needs, without having to delete and add them.
Gateway:
Here, select the gateway from the lists of previously configured gateways.
Type of test:
It can take one of the following values:
Ping to gateway:
A control packet is sent from the Zentyal server to the gateway and awaits for a response. This checks that there is connectivity between both hosts and that the gateway is active. This doesn’t check whether the gateway has an Internet connection or not.
Ping to host:
Like the last type, this test sends a control packet and waits for a response. This time it is sent to an external host, so not only is the gateway connection tested - the Internet connection is tested too.
DNS Resolution:
Obtain the IP address for the specified host name, which requires not only connectivity between the server and the gateway and from the to there Internet - but also, that the DNS servers are still accessible.
HTTP Request:
This could be the most complete test, considering that it tries to download the content of an specific web site, which requires all of the former tests to be satisfactory.
Host:
The server that is going to be used for the destination in tests. Not applicable to Ping to gateway.
Number of tests:
Number of times you are going to repeat the test.
Required success rate:
Indicates the rate of successful attempts which will be render a test as ‘passed’.

By using the default configuration, if any of these rules are activated, after disabling a gateway, the event is only registered in the log file /var/log/ebox/ebox.log, if the receipt of notifications using other methods is required, configure an event emitter, as described in the chapter Events and alerts or acquire a Zentyal Professional Subscription [3] which includes automatic event sending.

[3]http://store.zentyal.com/serversubscriptions/subscription-professional.html