6 Replies Latest reply on Sep 29, 2015 9:25 PM by totti10

    Gateway in Netlink?

    totti10

      Hi all,

       

      I have a question about Netlink: What does the Gateway option in the Static Netlink mean?

      NetLink.jpg

       

      Thanks and Regards!

        • 1. Re: Gateway in Netlink?

          The second line in that dialog? It is the next hop router associated with this netlink (usually ISP link so this is the ISP router). When you use netlinks in routing, the actual route chosen for the packets using that netlink is the gateway defined.

          • 2. Re: Gateway in Netlink?
            totti10

            Hi,

            Thanks for your answer. So can i use two netlink with the same Network but different Gateway for the topology like this:

            NetLink1.jpg

             

             

            And use these two netlinks for diferrent outbound Multi-Link. Can we do this?

             

            Thanks and Regards!

            • 3. Re: Gateway in Netlink?
              thyvarin

              This is possible, but in your example if you create Netlink for two routers 10.0.1.2 and 10.0.1.3, and you use the 10.0.1.0/24 network as "Network" in both of them, the Multi-Link will not work in the same way as with routers from two different networks. The reason for this is that the "Network" definition in Netlink element properties specify source IP address matching criteria that is used after NAT is done to select which Netlink to use and which next-hop router to send traffic to. So now if you use 10.0.1.0/24 network in both Netlinks, and then define different NAT IP from this network for two Netlinks in Multi-Link element properties, source IP after NAT via both Netlinks will match "Network" on both Netlinks, and thus all connections will be sent out using the first Netlink (whichever is the first one in configuration SMC generated for FW).

               

              To get traffic using both Netlinks you could use e.g. 10.0.1.0/25 as "Network" for Netlink via 10.0.1.2 router, and then with this Netlink NAT traffic to IP that's part of 10.0.1.0/25 network. For second Netlink via router 10.0.1.3, you would use 10.0.1.128/25 network, and use NAT IP from this network. I have not tested setup like this so can't say for 100% certainty that it would work, but I don't see any reason why it would not. In fact you can use basically any network/subnet as "Network" in Netlink properties as long as external routing is setup so that packets to network used are routed to firewall. So in your example you could use e.g. network 50.60.70.0/24 as "Network" in properties of netlink for router 10.0.1.3 as long as that router is configured to route packets with destination IP 50.60.70.x to the firewall, i.e. router would have route telling that to reach 50.60.70.0/24 network send packets to 10.0.1.1, and of course also routers behind 10.0.1.3 would need to have routing setup so that 50.60.70.0/24 packets are sent to this router.

               

              BR,

              Tero

              • 4. Re: Gateway in Netlink?
                totti10

                Hi,

                I use these two netlinks for different outbound Multi-Link.

                Draw1.jpg

                 

                For LAN1, i use Outbound MultiLink1:

                • Netlink1: Network 10.0.1.0/24, Gateway 10.0.1.2, NAT ip is 10.0.1.10
                • Netlink 2: Gateway is R3

                For LAN2, i use Outbound MultiLink 2:

                • Netlink 1: Network 10.0.1.0/24, Gateway 10.0.1.3, NAT ip is 10.0.1.10
                • Netlink 2: Gateway is R3

                 

                Then create NAT rule:

                • From Firewall to LAN1 NAT to MultiLink1
                • From Firewall to LAN2 NAT to MultiLink2

                Will this works?

                 

                Regards!

                • 5. Re: Gateway in Netlink?
                  thyvarin

                  Hi,

                   

                  If routes through netlinks with GWs 10.0.1.2 and 10.0.1.3 both are default routes (i.e. to Any network), then I don't think that this will work. If the routes are more specific for LAN1 network via 10.0.1.2 and LAN2 network via 10.0.1.3, then it might work, but even then I'm not sure about it.

                   

                  [EDIT] I did quick testing in lab. I first added following:

                  - Netlink for two routers in external network (both routers in same /22 network)

                  - Default route via both netlinks

                  - Two multi-links: one for 1st netlink and one for 2nd netlink

                  - Two NAT rules where first one used multi-link 1 and matched only DST IP 8.8.8.8, and second one using multi-link 2 and matching only DST IP 8.8.4.4. Both used same NAT IP (external CVI IP of the FW)

                  ==> Pings to 8.8.8.8 and 8.8.4.4 were sent to 1st netlink router, i.e. all traffic was sent based on 1st netlink default route. The reason for this is that both default routes are put to same routing table and then first one listed is used.

                   

                  For second scenario I changed the netlink routes so that netlink 1 had route only to 8.8.8.8 and netlink 2 had route only to 8.8.4.4. With this setup pings to 8.8.8.8 were sent to netlink 1 router, while pings to 8.8.4.4 were sent to netlink 2 router so this worked the way that you would want it to work in your setup.

                  [/EDIT]

                   

                  BR,

                  Tero

                  • 6. Re: Gateway in Netlink?
                    totti10

                    Hi,

                     

                    Thanks for your answer. I will try to test this in my lab to confirm this. Thanks for your supports

                     

                    Regards!