John Diaz
asked on
Force Only Internet Traffic Through Specific Gateway
I have an MPLS network. One site x.x.7.0 is over utilizing the bandwidth on the MPLS with INET traffic.
I have purchased another internet connection with a larger pipe that I want to offload all internet traffic for the location to.
I am trying to use static routes set up on each PC to accomplish this. I have the MPLS gateway as x.x.7.1 I have the INET gateway set up as x.x.7.254. I set up two static routes on each workstation. I would like the default gateway to stay x.x.7.1 so as not to interfere with MPLS traffic. These are the steps I have followed.
1. Set NIC on PC to x.x.7.10 mask 255.255.0.0, gateway x.x.7.1
2. open CMD as admin, route delete 0.0.0.0
3. add route 0.0.0.0 mask 0.0.0.0 x.x.7.254 -p
4. add route x.x.1.0 (mpls traffic) mask 255.255.0.0 x.x.7.1 -p
Step three blows out the default gateway on the NIC and nukes the MPLS traffic. I just need to add the .254 route for Internet traffic while keeping the default gateway on the NIC x.x7.1
What am I missing?
I have purchased another internet connection with a larger pipe that I want to offload all internet traffic for the location to.
I am trying to use static routes set up on each PC to accomplish this. I have the MPLS gateway as x.x.7.1 I have the INET gateway set up as x.x.7.254. I set up two static routes on each workstation. I would like the default gateway to stay x.x.7.1 so as not to interfere with MPLS traffic. These are the steps I have followed.
1. Set NIC on PC to x.x.7.10 mask 255.255.0.0, gateway x.x.7.1
2. open CMD as admin, route delete 0.0.0.0
3. add route 0.0.0.0 mask 0.0.0.0 x.x.7.254 -p
4. add route x.x.1.0 (mpls traffic) mask 255.255.0.0 x.x.7.1 -p
Step three blows out the default gateway on the NIC and nukes the MPLS traffic. I just need to add the .254 route for Internet traffic while keeping the default gateway on the NIC x.x7.1
What am I missing?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ya, I agree with Bryant. I wouldn't try to do this locally on each computer. I would do some thing like this on that site's local router
ip route *internal network and mask* next hop
ip route 0.0.0.0 0.0.0.0 *new network connection*
ip route *internal network and mask* next hop
ip route 0.0.0.0 0.0.0.0 *new network connection*
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Crapper ok so no way to finagle it locally as a temporary solution then?
Perhaps you may not need wan aggregation. but the solution for you is use. firewall gateway with multiple wan support. Do a google search for multi wan gateway/firewall. it is permanent solution. you have to expend some money for new device. almost all Network device vendors have such devices. see the image attached. you can keep such additional device between Lan and your existing WAN routes
Single-WAN-vs.-Dual-WAN.png
Single-WAN-vs.-Dual-WAN.png
have you tried leaving the default gateway to the inet (.254) and just route the mpls traffic?
add route x.x.1.0 (mpls traffic) mask 255.255.0.0 x.x.7.1 -p
add route x.x.1.0 (mpls traffic) mask 255.255.0.0 x.x.7.1 -p
ASKER
Ok sorry for the long delay. I have had Spirit Map the default Route in their router to to the x.x.7.254 Gateway as Andy stated. I have MPLS traffic still routing through the x.x.7.1 Gateway.
I have added four static routes into x.x.7.254 Gateway. .1.0 / .3.0 /.4.0 /.and /.5.0 pointing back to the x.x.7.1 Gateway for MPLS. Do I need to add a 7.0 as well?
I have left the default gateway on the workstations as x.x.7.1 When I do a tracert everything seems to route correctly if MPLS traffic it goes to the .7.1 Gayeway if INET its next hop is 7.254 gateway. My RemoteApp works perfectly over the MPLS as does VOIP and all mapped drives. However, now the Internet is not working correctly. If protocol requires me to open a new question I will so forgive me for asking here as well.
I am able to ping and tracert for any workstation out to the INET with low latency to any website. If however I open a browser and try to surf the web pages either time out or are extremely slow in opening. If I remove the INET modem from bridge mode and direct connect to it with a laptop everything is fine. Internet is super fast with no delays on any web page.
This makes me think return traffic is not routing correctly? Not sure what the next step should be.
I have added four static routes into x.x.7.254 Gateway. .1.0 / .3.0 /.4.0 /.and /.5.0 pointing back to the x.x.7.1 Gateway for MPLS. Do I need to add a 7.0 as well?
I have left the default gateway on the workstations as x.x.7.1 When I do a tracert everything seems to route correctly if MPLS traffic it goes to the .7.1 Gayeway if INET its next hop is 7.254 gateway. My RemoteApp works perfectly over the MPLS as does VOIP and all mapped drives. However, now the Internet is not working correctly. If protocol requires me to open a new question I will so forgive me for asking here as well.
I am able to ping and tracert for any workstation out to the INET with low latency to any website. If however I open a browser and try to surf the web pages either time out or are extremely slow in opening. If I remove the INET modem from bridge mode and direct connect to it with a laptop everything is fine. Internet is super fast with no delays on any web page.
This makes me think return traffic is not routing correctly? Not sure what the next step should be.
if you have one gateway with 2 WAN as WAN1 and WAN2 for your 2 connections. you can define firewall rules protocol/ Port(TCP or UDP) level, Source/Destination level etc.
you have one LAN interface for your Workstations and that interface is the default gateway for workstations
Then outbound traffic go to default gateway
Then Lan firewall rules
you can have firewall rules like
default internet acess rule
action - allow //Source - Lan //destination - anywhere// service ---your services/ports such as http,https,rds,ftp.smtp.pop etc //wan interface -wan1
same as anther rules
you have one LAN interface for your Workstations and that interface is the default gateway for workstations
Then outbound traffic go to default gateway
Then Lan firewall rules
you can have firewall rules like
default internet acess rule
action - allow //Source - Lan //destination - anywhere// service ---your services/ports such as http,https,rds,ftp.smtp.pop etc //wan interface -wan1
same as anther rules
ASKER