Interface binding support

The Exinda SD-WANSoftware-Defined Wide Area Network supports binding of specific outbound traffic to a specific WANWide Area Network interface or VLL data tunnel (with the optional VLL feature). This is sometimes useful for some applications or users that require certain traffic to be routed over the same WAN interface or over a certain tunnel.

To configure the interface binding feature, go to the Advanced tab. To configure an interface binding rule, click Add Interface Binding Rule. This generates a pop-up window where the information specifying an interface binding rule can be specified. The rule action is specified by an Interface which can be either WIRED WAN 1, WIRED WAN 2, WIRED WAN 3, WIRED WAN 4, or possibly Cellular WAN 1 if a cellular broadband data modem is plugged into the Exinda SD-WAN. If a remote LANLocal area network connection has been defined (with the optional VLL feature), that can also be specified as an interface.

The specified traffic is preferentially routed over the WAN interface with the index that is selected for the rule, or to the corresponding remote LAN connection.

The traffic specification for the rule consists of a protocol designation, a port number, and an IPInternet protocol address or IP subnet. Only packets which match the corresponding protocol designation, port number, and IP address or IP subnet is affected by the rule (that is, the “and” of these three conditions). A match for the port number occurs when either the Source Port field or the Destination Port field matches with the port numbers specified. A port number specification can be a single integer, but it can also be a range. For example, 56-59 would be the range that includes 56, 57, 58, and 59. Values and ranges can also be separated by commas. For example, 56,59 corresponds to the set containing the values 56 and 59. If the Port Number field is left blank, there is no match condition applied to the Source Port or Destination Port fields, that is, all ports match.

A match for the IP address occurs when either the source IP address of the packet or the destination IP address of the packet matches the given IP address. If an IP subnet is given, a match occurs when the source IP address or the destination IP address of the packet is within the IP subnet. If the IP address / subnet field is left blank then there is no match condition applied to the IP address field, that is, all IP address / subnet values matches.

The protocol designation can be ANY, TCPTransmission Control Protocol, UDPUser Datagram Protocol, IPSEC, PPTPPoint-to-Point Tunneling Protocol, or Other. The ANY choice means any protocol matches. With the Other protocol designation, the corresponding protocol number is also specified.

All of the match conditions, if any, for the port number, the IP address or subnet, and the protocol designation must be met in order to trigger the port forwarding rule. When the port forwarding rule is triggered, the traffic is routed in the manner specified, for example, WIRED WAN 1, WIRED WAN 2, WIRED WAN 3, WIRED WAN 4, Cellular WAN 1 if a cellular broadband data modem is plugged into the Exinda SD-WAN, and Remote LAN 1 if a VLL connection has been configured (with the optional VLL feature).

There are two port numbers that need special consideration for interface binding. Specifically, traffic on port 80 (HTTP) and port 443 (SSL) should be selected for interface binding only with extreme care. Nominally, traffic for these ports should be handled by the same WAN interface.

An optional Note field is provided for convenience and typically is used to document what the interface binding rule is used for (for example, for a particular application or user). Once all the information for an interface binding rule has been entered, click Add to enable the rule.

Multiple interface binding rules can be added in order to provide more flexible binding of traffic. If an interface binding rule that was added previously needs to be deleted, click Delete next to the listed binding rule. If an interface binding rule needs to be edited, the rule can first be deleted and the modified rule can then be entered as before. The Exinda SD-WAN processes outgoing traffic by sequential application of the interface binding rules specified. This means if there are conflicts in the interface binding rules, the rule nearest the top of the list takes precedence. By default, the list of rules is such that rules entered earlier is lower in the list.

VLL Cloud Relay

Each Exinda SD-WAN subscription can have up to 1 VLL connected to our Cloud Relay service. The Cloud Relay Service connects the Exinda SD-WAN device to another GFI hosted Exinda SD-WAN device, hosted on Amazon AWS. The Cloud Relay service utilizes the VLL feature explained above. To set it up, you should contact Support.