• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 93
  • Last Modified:

Force Only Internet Traffic Through Specific Gateway

I have an MPLS network.  One site x.x.7.0 is over utilizing the bandwidth on the MPLS with INET traffic.

I have purchased another internet connection with a larger pipe that I want to offload all internet traffic for the location to.

I am trying to use static routes set up on each PC to accomplish this.  I have the MPLS gateway as x.x.7.1 I have the INET gateway set up as x.x.7.254.  I set up two static routes on each workstation.  I would like the default gateway to stay x.x.7.1 so as not to interfere with MPLS traffic.  These are the steps I have followed.

1. Set NIC on PC to x.x.7.10 mask, gateway x.x.7.1
2. open CMD as admin, route delete
3. add route mask x.x.7.254 -p
4. add route x.x.1.0 (mpls traffic) mask  x.x.7.1 -p

Step three blows out the default gateway on the NIC and nukes the MPLS traffic.  I just need to add the .254 route for Internet traffic while keeping the default gateway on the NIC x.x7.1
What am I missing?
2 Solutions
Bryant SchaperCommented:
Is it a carrier managed router?  I would recommend your own router that has a default route to the internet and other routes for the MPLS either learned, BGP or other protocol, or static
Pe12f3cT_d12uGAuthor Commented:
Yes it is a Spirit Comm router that is under contract.  It takes up to 72 hours for any requested changes to go through and I need this up today.  Why I am trying to set it up on each PC for now.
Andy BartkiewiczNetwork AnalystCommented:
Ya, I agree with Bryant. I wouldn't try to do this locally on each computer. I would do some thing like this on that site's local router
ip route *internal network and mask* next hop
ip route *new network connection*
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Pushpakumara MahagamageVPCommented:
Seems now you need a Gateway/Router with wan wan aggregation,

Then you can plug both WAN Lines MPLS and Larger internet Line, and Define  gateway groups Like MPLS = Gateway1 and 2nd Internet Line as Gateway 2 in same box
and then create LAN firewall rules as your requrement.

I'm doing same wan aggregation for Expensive very reliable thin line and cheep shared big pipe with pfsense. That is open source firewall.

Then you just define one default gateway in PC and it route through correct channel from Gateway itself.
Pe12f3cT_d12uGAuthor Commented:
Crapper ok so no way to finagle it locally as a temporary solution then?
Pushpakumara MahagamageVPCommented:
Perhaps you may not need wan aggregation. but the solution for you is use. firewall gateway with multiple wan support. Do a google search for multi wan gateway/firewall. it is permanent solution. you have to expend some money for new device. almost all  Network device  vendors  have such devices. see the image attached.  you can keep such additional device between Lan and your existing WAN routes
have you tried leaving the default gateway to the inet (.254) and just route the mpls traffic?

add route x.x.1.0 (mpls traffic) mask  x.x.7.1 -p
Pe12f3cT_d12uGAuthor Commented:
Ok sorry for the long delay.  I have had Spirit Map the default Route in their router to to the x.x.7.254 Gateway as Andy stated.  I have MPLS traffic still routing through the x.x.7.1 Gateway.  

I have added four static routes into x.x.7.254 Gateway.  .1.0 / .3.0 /.4.0 /.and /.5.0 pointing back to the x.x.7.1 Gateway for MPLS.  Do I need to add a 7.0 as well?  

I have left the default gateway on the workstations as x.x.7.1  When I do a tracert everything seems to route correctly if MPLS traffic it goes to the .7.1 Gayeway  if INET its next hop is 7.254 gateway.  My RemoteApp works perfectly over the MPLS as does VOIP and all mapped drives. However, now the Internet is not working correctly.  If protocol requires me to open a new question I will so forgive me for asking here as well.

I am able to ping and tracert for any workstation out to the INET with low latency to any website.  If however I open a browser and try to surf the web pages either time out or are extremely slow in opening.  If I remove the INET modem from bridge mode and direct connect to it with a laptop everything is fine.  Internet is super fast with no delays on any web page.

This makes me think return traffic is not routing correctly?  Not sure what the next step should be.
Pushpakumara MahagamageVPCommented:
if you have one gateway with 2 WAN as WAN1 and WAN2 for your 2 connections. you can define firewall rules protocol/  Port(TCP or UDP) level, Source/Destination level etc.
you have one LAN interface for your Workstations and that interface is the default gateway for workstations

Then outbound traffic go to default gateway

Then Lan firewall rules

you can have firewall rules like

default internet acess rule

action - allow //Source - Lan //destination - anywhere// service ---your services/ports  such as http,https,rds,ftp.smtp.pop etc //wan interface -wan1

same as anther rules
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now