Enterasys Networks X-PeditionTM manual Virtual Router Redundancy Protocol

IP Routing Protocols

•Application Level Gateway (ALG) for FTP, ICMP, Netbios over TCP and UDP

–PPTP/GRE ALG for NAPT - allows PPTP traffic to be NATted

•Multiple ISP - NAPT based on the egress interface.

•With NAPT, routing is not automatically filtered out. Use distribution lists to ensure global networks are advertised out of external ports.

•NAT configuration for VPN interfaces.

•Pool NAT (without NAPT).

•Pool NAT with overload - Each address allocated from the pool is used to perform NAPT. When all ports are exhausted, the next address is allocated.

•NAPT with an arbitrary IP address - Any arbitrary IP address can be utilized for NAPT in addition to the interface IP address.

•Interface-specific static NAT - Static NAT is employed on an interface so that only packets that leave/enter that external interface are NATted.

•Port Forwarding - Interface-static NAT is used for port forwarding. When NAPT is configured and an incoming packet does not have a translation entry, interface static NAT will select the private IP address and port based on the packet’s destination port.

•Multiple NATs on an interface - Multiple pool NATs with ACLs, static NAT and NAPT are supported on an interface simultaneously with the NAT type used in the order it is specified.

•IPSec support

–Out-bound packets are processed first by NAT, then forwarded to IPSec for encryption.

–In-bound packets are processed by NAT after IPSec decryption.

Fore more information, refer to “Configuring NAT Examples” on page 5-38.

Virtual Router Redundancy Protocol

The Virtual Router Redundancy Protocol (VRRP) provides redundancy and load sharing of multiple IP default gateways on a single LAN without requiring that LAN's hosts to run a routing protocol. VRRP configures multiple IP routers on one broadcast LAN to form a single Virtual Router (VR), which has both a unique virtual IP and virtual MAC address.

The advantage of this protocol is that hosts on a LAN can switch from one IP router to another (in case of failure) without changing their routing configuration or running additional protocols. Load balancing can also be implemented by configuring multiple VRRP routers across multiple IP routers, with each IP router being the master of a different virtual router.

VRRP is an alternative to dynamic types of router discovery such as proxy ARP, RIP and IRDP in that it specifies a group of statically configured default gateways on the client. For example, Figure 5-8below shows a LAN topology where XSRs 1 and 2 are VRRP routers (running VRRP) comprising one virtual router (VRRP group). The IP address of the VR matches that of the Ethernet interface of XSR1 (10.10.10.1).

XSR User’s Guide 5-27