Is there any point in your network where RTR1 and RTR2 can talk to both carriers?
That is, all hosts use one default gateway address, but the router decides which carrier to use based on the host's IP address.
For example, at home I have one router connected to 2 ISPs (cable & DSL).
I can setup a policy route on my router to determine which PC uses which ISP.
There is a new feature in MWG 7.5.0 that lets you specify the Outbound.IP address on it.
I can have a rule that states if Client.IP is in range 192.168.0.0/24, the proxy sends it web request out its primary IP address (192.168.1.10) to the default gateway (192.168.1.1).
I then have another rule that states if the Client.IP is in 192.168.2.0/24 send the traffic the default gateway using an alias IP of 192.168.1.11.
My router has a policy route that sends all traffic from source IP 192.168.1.10 to Cable and everything from source IP 192.168.1.11 to DSL. But the MWG still uses the single default gateway of 192.168.1.1.
Thank you for the quick response. MWG version 7.5 supports some sort of policy based routing? Basically what you have stated is I can set up a policy on the MWG and force a specific gateway to be used for web requests based on the source IP (in this case LAN 1 or LAN 2). Is this accurate? Are you using WCCP for the redirection in your topology?
MWG doesn't do the policy routing to the router. It always sends to the single default GW. There is no avoiding that at all.
What i'm saying is that if that single default gateway on the router has a way to policy route based on the source IP (the MWG's ip address) you can configure the router to send to the correct carrier.
MWG 7.5.0 can send traffic from a specific source IP alias on the NIC based on the Client.IP of the user.
WCCP shouldn't matter. All internet traffic initiates a new TCP session from the MWGs IP address (or one of it's Outbound.IP addresses) even with WCCP.
i implemented a solution in a 6000 user environment. We used WCCP.
First of all, load balancing and failover are default features of the WCCP protocol.
- Configure the WCCP configuration on the router. If no WCCP device (MWG) connects to the WCCP router no packets are redirected.
- Based on the Cicso Hardware you can define several ports per WCCP group.
- Important, different WCCP groups should be configured for UDP/TCP traffic.
- Afterwards configure the same WCCP groups with the same Ports on MWG.
- Activate WCCP on MWG
After activating WCCP MWG and Router are doing a "andshake" If this works, the router sends the traffic based on configuration to MWG.
- If one MWG fails, no problem. The WCCP router acknowledges this and redirecting the traffic to any available WCCP device. If any WCCP device is missing, the router automatically disables WCCP.
MWG forwards, as eelsasser told, any traffic to the configured default gateway. If you network environment is managing the carriers, everything is fine and you don´t have to configure anything else on MWG.
Some information when using WCCP
- Authentication is only possible with the "Try Authentication" ruleset. We implemented this in a POC at a customer and it worked fine.
- WCCP makes some load on the router. Keep this monitored.
Hope this helps,
Thanks for the explanation. I think the below topology will work but of course testing is needed. I can do policy based routing to a specific gateway address from a specific host address on the layer 3 switch. Then the layer 3 switch will use it’s own default gateway to the correct carrier. What configuration is needed on the MWG to make this work? Is the “source IP alias” configured anywhere else on the MWG?
I think you got it.
Here's what i see according to your diagram:
IP Address: 192.168.1.5
Default GW: 192.168.1.1
Forward Traffic [✔] Enabled [✘] Disabled in Cloud
Applies to: [✔] Requests [✘] Responses [✘] Embedded Objects
Enabled Rule Action Events Comments [✔] Enabled MWG1: Outbound.IP
1: System.HostName equals "MWG1"
2: AND Client.IP is in range 10.10.20.0/24
Continue Enable Outbound Source IP Override(192.168.1.6) [✔] Enabled MWG2: Outbound.IP
1: System.HostName equals "MWG2"
2: AND Client.IP is in range 10.10.10.0/24
Continue Enable Outbound Source IP Override(192.168.1.14)
Thank you! I believe you have cleared up some of my confusion. We will be testing hopefully this week. I will update on our progress once completed.