Routing

Static Routes

Static routes are used to route traffic to various interfaces which were not learned via the routing protocols such as OSPF. For example, route specific subnet via the WAN, LAN or Tunnel. Follow the steps detailed below to add static routes to flexiEdge.

In order to define a static route for a given flexiEdge device, navigate to the device settings and click on the “Static Routes” tab. From there, click on “Add Route” button.

Static Routes

The following static route options can be configured:

Destination

Subnet and mask of the destination route

Gateway IP

Gateway used for the route. Can be set using the dropdown or manually specified

Interface

The outgoing interface. If the gateway is within a subnet of one of the router interfaces, the interface specification is optional.

Metric

Route metric - optional

Redistribute via OSPF

enables propagating the static routes to other sites connected via tunnels, using OSPF.

Redistribute via BPG

enables propagating the static routes to other sites connected via tunnels, using BGP.

Static Routes 2

After creating a static route, make sure to click “Update device”, which will send a new job to the device.

Static Routes 2

OSPF Configuration

OSPF can be configured by clicking on the OSPF Configuration from the Routing tab.

OSPF Configuration Option

Users can configure the router-id and area for LAN network along with authentication. Users can adjust OSPF parameters based on their network requirements as shown in the next figure.

OSPF Advanced Configuration
Router-Id

Unique ID for each device, used for identification

Hello Interval

In seconds, mention how frequent the hello message negotiates

Dead Interval

In seconds where it wait to announce the peer is dead

Authentication and area ID can be viewed or configured for each interface by clicking on settings from the ‘Actions’ column.

OSPF Advanced Configuration
Area ID

A number to indentify are and network.

MD5 Key ID

MD5 Key Identification to configure the OSPF authentication

MD5 Key

MD5 Secert Key for the OSPF authentication

The following topology shows the typical OSPF configuration with different areas configured for LAN. Pleae note, tunnel interface is part of the Backbone (area 0) without configuration options. Static routes can be redistributed via the OSPF as explained in the earlier sections.

@startuml
   skinparam linetype ortho
   node "Routing" as Routing {
     top to bottom direction
     node "OSPF1" as OSPF1 {
       left to right direction
       node "Branch1" as BR1 {
         usecase "Computer 1\n<size:10>area 1\n(10.0.1.10/24)" as C1
         usecase "LAN 1\n<size:10>area 1\n(10.0.1.1)" as LAN1
         node "Tunnel 1\n<size:10>area 0</size>\n(10.100.0.4/30)" as Tunnel1
       }
     }
     top to bottom direction
     node "OSPF2" as OSPF2 {
       left to right direction
       node "Branch2" as BR2 {
         node "Tunnel 2\n<size:10>area 0</size>\n(10.100.0.5/30)" as Tunnel2
         usecase "LAN 2\n<size:10>area 2\n(10.0.2.1)" as LAN2
         usecase "Computer 2\n<size:10>area 2\n(10.0.2.10/24)" as C2
       }
     }
   }
   C1 -- LAN1
   LAN1 -- Tunnel1
   Tunnel1 --- Tunnel2
   Tunnel2 -- LAN2
   LAN2 -- C2
@enduml

BGP Configuration

Navigate to a device and click on Routing tab. From there click on BGP Configuration.

BGP config

From the next screen BGP can be enabled and configured.

BGP config 1

BGP is disabled by default, once enabling it the following settings can be configured:

Local ASN

Enter private AS Number, use from 64512 to 65535. Obligatory field.

Router ID

Set an IPv4 address, must be unique and not conflict other edges.

Redistribute OSPF routes

Optional, use when combining OSPF and BGP together on LAN interface.

Keepalive interval

Default is 30, configures period of time between keepalive messages.

Hold interval

Default is 90, configures time when no response received until the peer is considered as unreachable (usually set to 3 times the keepalive interval)

BGP Peers

When tunnel is established with BGP, flexiWAN will automatically configure the BGP peer neighbors to other flexiEdge sites. For non tunnel peering, BGP neighbors can be manually specified by via Add button.

BGP config 2
Remote IP

Specify IP of remote router this edge will peer with.

Remote ASN

set AS Number from remote router

MD5 key

Use for authenticating with remote router

Inbound / Outbound filter

Apply filtering filters, see below for more information.

Routing filters

Routing filters can be used with BGP in order to filter traffic between peers. To configure routing filters navigate to Routing tab and click on Routing filters.

Routing filters 1

The following page shows filters, click on Add to create a new filter.

Routing filters 2

Enter filter name, description and select default action. Under default action two options are available:

Deny all

Traffic from rules added under Network will be allowed, the rest is denied.

Allow all

Traffic from rules added under Network will be denied, rest is allowed.

Routing filters 2

Finally,under Network section set an IP with mask to allow or deny traffic.

Routing filters 2