Multipath Rules
On the Interfaces & Routing > Interfaces > Multipath Rules tab you can set rules for uplink balancing. The rules are applied to the active interfaces on the Uplink Balancing tab when there is more than one interface to balance traffic between. Without multipath rules, all services are balanced by source, i.e., all traffic coming from one source uses the same interface, whereas traffic from another source can be sent to another interface. Multipath rules allow you to change this default interface persistence.
Note – Multipath rules can be set up for the service types TCP, UDP, or IP.
To create a multipath rule, proceed as follows:
-
On the Multipath Rules tab, click New Multipath Rule.
The Add Multipath Rule dialog box opens.
-
Specify the following settings:
Name: Enter a descriptive name for the multipath rule.
Position: The position number, defining the priority of the rule. Lower numbers have higher priority. Rules are matched in ascending order. Once a rule has matched, rules with a higher number will not be evaluated anymore. Place the more specific rules at the top of the list to make sure that more vague rules match last.
Source: Select or add a source IP address or network to match.
Service: Select or add the network service to match.
Destination: Select or add a destination IP address or network to match.
Tip – For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.
Itf. persistence: Interface persistence is a technique which ensures that traffic having specific attributes is always routed over the same uplink interface. Persistence has a default timeout of one hour, however you can change this timeout on the Uplink Balancing tab. You can decide what should be the basis for persistence:
- By connection: (default) Balancing is based on the connection, i.e., all traffic belonging to a particular connection uses the same interface, whereas traffic of another connection can be sent to another interface.
- By source: Balancing is based on the source IP address, i.e., all traffic coming from one source uses the same interface, whereas traffic from another source can be sent to another interface.
Note – Basically, persistence by source cannot work when using a proxy because the original source information is lost. The HTTP proxy however is an exception: Traffic generated by the HTTP proxy will match against the original client source IP address and thus complies with interface persistence rules By source, too.
- By destination: Balancing is based on the destination IP address, i.e., all traffic going to one destination uses the same interface, whereas traffic to another destination can be sent to another interface.
- By source/destination: Balancing is based on the source/destination IP address combination, i.e., all traffic coming from a specific source A and going to a specific destination B uses the same interface. Traffic with another combination can be sent to another interface. Also, please notice the note above.
- By interface: Select an interface from the Bind Interface drop-down list. All traffic applying to the rule will be routed over this interface. In case of an interface failure and if no subsequent rules match, the connection falls back to default behavior.
Comment (optional): Add a description or other information.
-
Optionally, make the following advanced settings:
Balanced to (not with persistence by interface): Add an interface group to the field. All traffic applying to the rule will be balanced over the interfaces of this group. By default, Uplink Interfaces is selected, so connections are balanced over all uplink interfaces.
Skip rule on interface error (only available if the Itf. Persistence is set to By Interface): If selected, in case of an interface failure, the next matching multipath rule will be used for the traffic. If unselected, no other multipath rule will be used for the defined traffic in case of an interface failure. This for example makes sense when you want to ensure that SMTP traffic is only sent from a specific static IP address to prevent your emails from being classified as spam by the recipients due to an invalid sender IP address.
-
Click Save.
The new multipath rule is added to the Multipath Rules list.
-
Enable the multipath rule.
The new rule is disabled by default (toggle switch is gray). Click the toggle switch to enable the rule.The rule is now enabled (toggle switch is green).