Routing¶
Zentyal uses the Linux kernel subsystem for the routing, configured using the tool iproute2 [1].
[1] | http://www.policyrouting.org/iproute2.doc.html |
Configuring routing with Zentyal¶
Gateway¶
The gateway is the host used to start the route for the connections associated with a destination that is not in the local network. This means that if the system does not have static routes defined or if none of these match with the desired transmission, the default gateway will receive the traffic.
To configure a gateway in Zentyal go to Network ‣ Gateways, which contains the following parameters.
- Enabled:
- Indicates whether this gateway is effectively working or if it is disabled.
- Name:
- Name used to identify the Gateway.
- IP Address:
- IP Address of the gateway. This address has to be directly accessible from the host Zentyal is installed on, this means, without other routers in the middle.
- Weight:
- The heavier the weight, more traffic will be sent using this gateway if you have traffic balancing enabled. For example, if the first gateway has a weight of ‘7’ and the second one has a weight of ‘3’, 7 bandwidth units will go through the first one per each 3 bandwidth units that go through the second one, in other words, 70% of the traffic will use the first gateway and the remaining 30% will use the other one.
- Default:
- If this option is enabled, this will be the default gateway.
If you have configured interfaces as DHCP or PPPoE [2] you can not add a gateway explicitly for these, because they are automatically managed. Nevertheless, you can still enable or disable them by editing the Weight or choosing whether one of them is the Default, but it is not possible to edit any other attributes.
Additionally Zentyal may need a proxy in order to access the Internet, for example, for software and antivirus updates, or for HTTP proxy re-direction.
In order to configure this external proxy, go to Network ‣ Gateways. Here you can specify the address for the Proxy server and also the Proxy port. A User and Password can be specified if the proxy requires them.
[2] | http://en.wikipedia.org/wiki/PPPoE |
Static route table¶
If all the traffic directed to a network must go through a specific gateway, a static gateway is added.
For making a manual configuration of a static route, you have to use Network ‣ Static Routes.
These routes can be overwritten if the DHCP protocol is in use.
Configuring traffic balancing with Zentyal¶
As mentioned previously, a single host can have more than one configured gateway, which leads to a situation where new parameters need to be taken into account during the configuration of a Zentyal server.
The routing rules for more than one gateway, also known as multigateway rules, allow the network to use multiple connections to the Internet, in a transparent way. This can be very useful for organisations that require more bandwidth than can be offered by a single line - or that can not tolerate interruptions to Internet access, which is very common nowadays.
Traffic balancing shares the outgoing connections to the Internet in a distributed way, allowing complete use of the available bandwidth. The simplest configuration is to establish the different weights for each gateway - so that if the connections have different capacities, you can guarantee optimal use. Bear in mind that connection is the minimal unit for balancing. Packets belonging to a same connection are not going to be balanced among different gateways.
Additionally, Zentyal can be configured to always send given types of traffic through a specific router as needed. A common example is to always send e-mail traffic or all the traffic from a pre-determined subnet, through a specific router.
Multigateway rules and balancing can be established in the section Network ‣ Gateways, Traffic balancing tab. In this section rules can be added to ensure certain connections are routed though a specific gateway, depending on the Interface, the Source (it can be an IP address, one Object, the Zentyal server itself or Any), the destination (an IP address or an Object), the Service to which you want to associate this rule and the Gateway to where the specified traffic should be routed.
Configuring wan-failover in Zentyal¶
When performing traffic balancing between two or more gateways, it is recommended to enable the wan-failover feature. In case you are balancing traffic between two routers and one of them suffers a failure, if this feature is not enabled, part of the traffic will still try to use the non-functioning router, causing connectivity problems for the network users.
By using failover configuration, it is possible to define sets of tests for each gateway to check whether it is operative or if there are problems and should no longer be used as an outgoing route to the Internet. These tests can consist of a ping to the gateway, to an external host, DNS resolution or an HTTP request. It is also possible to define how many tests are to be executed and the percentage of acceptance required. If any test fails, not reaching acceptance rate, the associated gateway will be disabled. These tests will continue running, so when the acceptance rates are satisfied again, the gateway will be enabled again.
Disabling a gateway ensures that all the traffic will use the other enabled gateways. The multigateway rules associated with this gateway will be deactivated and the quality of service rules will be consolidated. This way, the network users will not suffer any problems with their Internet connection. Once Zentyal detects that the disabled gateway is operative again, it will restore normal behaviour of the traffic balancing, multigateway rules and quality of service.
To configure these options and test the failover you need to go to the Network ‣ Gateways menu WAN failover tab. It is possible to specify the event period by modifying the value of the option Time between tests. To add a rule click on the Add new option and a form with the following fields will be displayed:
- Enabled:
- Indicates if the rule is to be applied during the connectivity checks of the routers. It is possible to add different rules and enable or disable them depending on your needs, without having to delete and add them.
- Gateway:
- Select the gateway from the list of previously configured gateways.
Type of test: You can choose one of the following values:
- Ping to gateway:
- A control packet is sent from the Zentyal server to the gateway and awaits for a response. This checks that there is connectivity between both hosts and that the gateway is active. This doesn’t check whether the gateway has an Internet connection or not.
- Ping to host:
- This test sends a control packet and waits for a response. This time it is sent to an external host, so not only is the gateway connection tested - the Internet connection is tested too.
- DNS Resolution:
- Obtains the IP address for the specified host name, which requires not only connectivity between the server and the gateway and from the gateway to the Internet - but also, that the DNS servers are still accessible.
- HTTP Request:
- This could be the most complete test, considering that it tries to download the content of a specific web site, which requires all of the former tests to be satisfactory.
Host:
The server that is going to be used for the destination in tests. Not applicable to Ping to gateway.
Number of tests:
Number of times you are going to repeat the test.
Required success rate:
Indicates the rate of successful attempts needed to evaluate a test as ‘passed’.