Tag Archives: ISP

Ping-Times-ISP-Routing-Europe featured image

RTTs with different ISPs

Just a short post this time, but an interesting fact concerning different Internet Service Providers (ISPs) and their routing to/from other countries. I have a customer in Germany that has a remote office in France, connected via a site-to-site VPN. Around April last year the french office decided to change the ISP to a cheaper competitor that offers the same speed/bandwidth and therefore has no disadvantages… Well, I disagree.

Continue reading RTTs with different ISPs

Cisco ASA PBR - featured image

Policy Based Routing on a Cisco ASA

Cisco ASA 9.4 (and later) is now supporting Policy Based Routing. Yeah. Great news, since many customers are requesting something like “HTTP traffic to the left – VoIP traffic to the right”. Coming with a new Cisco ASA 5506-X I was happy to try the policy based routing feature.

The configuration steps through the ASDM GUI are not easy and full of errors, so I try to give some hints within this blog post.

Continue reading Policy Based Routing on a Cisco ASA

Palo Alto PBF w different VRs featured image

Policy Based Forwarding on a Palo Alto with different Virtual Routers

This guide is a little bit different to my other Policy Based Forwarding blog post because it uses different virtual routers for both ISP connections. This is quite common to have a distinct default route for both providers. So, in order to route certain traffic, e.g., http/https, to another ISP connection, policy based forwarding is used.

Continue reading Policy Based Forwarding on a Palo Alto with different Virtual Routers

ScreenOS PBF with VRs featured image

Policy-Based Routing on ScreenOS with different Virtual Routers

I already puslished a blog post concerning policy-based routing on a Juniper firewall within the same virtual router (VR). For some reasons, I was not able to configure PBR correctly when using multiple VRs. Now it works. 😉 So, here are the required steps:

Continue reading Policy-Based Routing on ScreenOS with different Virtual Routers

FortiGate Policy Route featured image

Policy Routing on a FortiGate Firewall

This is a small example on how to configure policy routes (also known as policy-based forwarding or policy-based routing) on a Fortinet firewall, which is really simple at all. Only one single configuration page and you’re done. 😉

Continue reading Policy Routing on a FortiGate Firewall

Basic IPv6 Messages - Featured Image

Basic IPv6 Messages: Wireshark Capture

When explaining IPv6 I am always showing a few Wireshark screenshots to give a feeling on how IPv6 looks like. Basically the stateless autoconfiguration feature (SLAAC), DHCPv6, Neighbor Discovery, and a simple ping should be seen/understood by any network administrator before using the new protocol.

Therefore I captured the basic IPv6 autoconfiguration with a Knoppix Linux behind a Telekom Speedport router (German ISP, dual-stack) and publish this capture file here. I am using this capture to explain the basic IPv6 features.

Continue reading Basic IPv6 Messages: Wireshark Capture

IPv6 Dynamic Prefix - Featured Image

Idea: IPv6 Dynamic Prefix

For dynamic IPv4 addresses, dynamic DNS services such as Dyn or No-IP are well-known. If an ISP issues a single dynamic IPv4 address every 24 hours (or the like), the router or any other device registers the IPv4 address for a DNS record. With port-forwardings on the router, several services on different clients can be accessed.

Since there are some ISPs that offer dynamic IPv6 prefixes as well, I have a suggestion on how to optimize the “dynamic DNS” service for several IPv6 addresses and names. The main idea is to update only the IPv6 prefix, while the host IDs are static configured on the DNS server. This limits the DNS updates and expands the usage of DNS names even for devices that have no “DynDNS update client” built-in.

Continue reading Idea: IPv6 Dynamic Prefix

Cisco Router ISP Load Balancing

Basic ISP Load Balancing with a Cisco Router

“We have two independent DSL connections to the Internet and want to share the bandwidth for our users.” This was the basic requirement for a load balancing solution at the customer’s site. After searching a while for dedicated load balancers and thinking about a Do-It-Yourself Linux router solution, I used an old Cisco router (type 2621, about 40,- € on eBay) with two default routes, each pointing to one of the ISP routers. That fits. 😉

Continue reading Basic ISP Load Balancing with a Cisco Router

Schnellere DSL Synchronisierung featured image

Schnellere DSL Synchronisierung mit neuerer FRITZ!Box

Vor einiger Zeit habe ich bei einem Bekannten eine AVM FRITZ!Box ausgetauscht: Die etwas betagte 7050 musste einer 7170 weichen. Wie immer wurde per Screenshots alles dokumentiert. Erfreulicherweise war die DSL Synchronisierung am exakt gleichen Anschluss danach um einiges höher. Anstatt 7 MBit/s im Download bekam man jetzt 11 MBit/s!

Continue reading Schnellere DSL Synchronisierung mit neuerer FRITZ!Box

SSG PBR

Policy-Based Routing (PBR) on a Juniper ScreenOS Firewall

Here comes an example on how to configure policy-based routing (PBR) on a Juniper ScreenOS firewall. The requirement at the customers site was to forward all http and https connections through a cheap but fast DSL Internet connection while the business relevant applications (mail, VoIP, ftp, …) should rely on the reliable ISP connection with static IPv4 addresses. I am showing the five relevant menus to configure PBR on the ScreenOS GUI.

[UPDATE] I later on wrote an article with policy-based routing with two different virtual routers. See it here.[/UPDATE]

Continue reading Policy-Based Routing (PBR) on a Juniper ScreenOS Firewall

PA PBF

Policy Based Forwarding (PBF) on a Palo Alto Firewall

This is a small example on how to configure policy based forwarding (PBF) on a Palo Alto Networks firewall. The use case was to route all user generated http and https traffic through a cheap ADSL connection while all other business traffic is routed as normal through the better SDSL connection. Since I ran into two problems with this simple scenario, I am showing the solutions here.

[UPDATE] I also wrote an article about policy based forwarding with two different virtual routers on the Palo Alto firewall. See it here.[/UPDATE]

Continue reading Policy Based Forwarding (PBF) on a Palo Alto Firewall