1. Home
  2. Wanos Admin Guide
  3. Deployment
  4. Router Mode

Router Mode

Note: Router mode is deprecated and replaced by tunnel mode. See tunnel mode for configuration examples.

Overview

In router mode, only the wan0 interface is used. In this mode Wanos supports two or more ip addresses on the same interface. Primary wan0 and one or more Secondary virtual lan0 addresses. Primary and secondary addresses bind to the physical wan0 interface. The primary connects to the router and secondary to the switch.

Traffic from the wan should be directed to the standard wan0 ip address.

Traffic from the lan should be directed to the virtual lan0 ip address.

All sites can be in router mode or a mix of router mode and bridge mode.

 

Basic Configuration

 

In bridge mode (Layer2), the inside and outside interfaces indicate the source of the traffic. In router mode (Layer3), the same concept applies, but two IP addresses are used on the same physical wan0 interface. In router mode, only the wan0 physical interface is used. Both inside virtual lan0 and outside wan0 IP addresses bind to the physical wan0 interface.

To enable router mode, select router mode and configure the secondary virtual lan0 IP Address and mask e.g. 172.16.1.201/24.

 

Screenshot on Local Web User Interface. Navigate to Configure > System Settings > Network Settings.

 

Screenshot on Wanos Central Manager. Navigate to Device > Configure > System Settings > Network settings.

 

 

After applying the change, the virtual IP address will be accessible on the wan0 interface along with the primary address. Traffic from the lan needs to be directed to the lan0 virtual ip address. Traffic from the wan needs to be redirected to the primary wan0 address.

The secondary ip address can be on the same range as the primary e.g.: Wan0 = 172.16.1.200 Lan0 = 172.16.1.201

Verification

While pinging a host at the remote site. tcpdump should produce the following output on wan0: sudo tcpdump -i wan0 host x.x.x.x

router-mode-troubleshooting

 

Remember to enable promiscuous / mac spoofing or equivalent.

STOP HERE for the initial configuration. The secondary virtual lan0 IP address is the only configuration required on Wanos. The challenge with Router Mode is to configure Routers, Firewalls to direct traffic from the remote site to wan0 and the L3 Switches or Servers to send traffic from the LAN to the virtual lan0 address. This requires advance knowledge of routing WAN inbound to Wanos. For almost all purposes use Tunnel Mode over Router Mode.

 

Advance setup with multiple subnets: (Optional)

Multiple secondary lan0 networks are also supported, if the workstations will direct their default gateways directly to the virtual gateways configured on Wanos. To configure these multiple additional virtual lan0 networks, these extra networks can be added to /tce/etc/wanos/virtual_lan.

e.g:
10.1.1.1/24
10.2.2.1/24
10.3.3.1/24

All these networks will be available as secondary virtual IP addresses to be used as gateways for the workstations or servers.

Example 1:

In the diagram the Wan Accelerator is deployed out of path at the main site. Traffic from the wan is directed to the wan0 address 10.0.0.2. Traffic from the lan that needs to be optimized is directed to the virtual lan address 10.0.0.1.

wan-optimizer-pbr-policy-based-routing-out-of-path.jpg

Example 2:

In the following diagram the data center wan accelerator primary address shares a segment with the gateway router. Traffic from the wan is directed to the wan0 address 10.0.0.2. Devices on the lan have their default gateways set to be the wan accelerator virtual lan addresses 10.1.1.1 and 10.2.2.1. High availability is possible by configuring secondary routes.

wan-optimizer-router-out-of-path.jpg

Example 3:

Another PBR example.

The router has an IP address of 10.0.0.254. Wanos has 10.0.0.1 for wan0 and secondary virtual address 10.0.0.2. Both bind on the physical wan0. Here the router is used to channel IP traffic from the WAN interface to 10.0.0.1. The router has a second policy to channel IP traffic from the lan servers to 10.0.0.2.

out-of-path-pbr

The Wanos addresses can be tracked to disable the policy redirect. Remember to not enable PBR on the same router sub-interface that Wanos is connected to, else traffic from Wanos will be redirected to itself. Since Router mode requires routing on the network, it is recommended to use the simple bridge mode where possible.

ip sla 1
icmp-echo 10.0.0.2
frequency 4
ip sla schedule 1 life forever start-time now
!
ip access-list extended lan0
deny ip host 10.0.0.2 any
permit tcp 10.1.1.0/24 192.168.1.0/24
ip access-list extended wan0
permit ip 192.168.1.0/24 10.1.1.0/24
!
route-map lan0
match ip address lan0
set ip next-hop verify-availability 10.0.0.1 1 track 1
!
route-map wan0
match ip address wan0
set ip next-hop verify-availability 10.0.0.2 1 track 1
!
interface fastEthernet0
description LAN
ip policy lan0
interface Serial0
description WAN
ip policy wan0
!



Tags ,
Was this article helpful to you? Yes 1 No 2

How can we help?