Introduction

In simple use cases, a device manages two local networks only: The intranet and the DMZ. In more complex environments, however, it is often desirable to realize more than one intranet and one DMZ with a device, for example to provide Internet access to multiple IP networks by means of a central device. Depending on the model, current devices support up to 64 different IP networks.

Various scenarios are possible when realizing multiple IP networks:

The realization of these scenarios is facilitated by advanced routing and forwarding (ARF), which provides very flexible options in the definition of IP networks and the assignment of these networks to the interfaces. The diagram below illustrates the network/interface assignment at various levels. The configuration options applied here are described in the following chapters.





The assignment of IP networks to interfaces proceeds as follows:

The definition of routing tags for IP networks as described above is one of the main advantages of Advanced Routing and Forwarding. This option allows "virtual routers" to be realized. By using the interface tag, a virtual router uses only a part of the routing table for an IP network, and in this way controls the routing specifically for that one IP network. This method allows, for example, several default routes to be defined in the routing table, each of which is given a routing tag. Virtual routers in the IP networks use the tags to select the default route which applies to the IP network with the appropriate interface tag. The separation of IP networks via virtual routers even permits multiple IP networks with one and the same address range to be operated in parallel on a single device.

An example: Within an office building, a number of companies have to be connected to the Internet via a central device, even though each of these companies has its own Internet provider. All of the companies want to use the popular IP network '10.0.0.0' with the netmask '255.255.255.0'. To implement these requirements, each company is given an IP network '10.0.0.0/255.255.255.0' with a unique name and a unique interface tag. In the routing table, a default route with the corresponding routing tag is created for each Internet provider. This allows the clients in the different company networks, all of which use the same IP addresses, to access the Internet via their own provider. Employing VLANs enables logical networks to be separated from one another even though they use the same physical medium (Ethernet).

The differences between routing tags and interface tags

Routing tags as assigned by the firewall and interface tags as defined by the IP networks have a great deal in common, but also some important differences:

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo