Cato lets you backhaul Internet traffic to a third-party cloud or proxy-based security service through a Cloud Interconnect site. Use network rules to select the relevant traffic and route it over the private Cloud Interconnect connection to the backhauling gateway site.
For more about Internet traffic backhauling with Cato, see Configuring Internet Traffic Backhauling.
Resiliency for Cloud Interconnect Backhauling
Each Cloud Interconnect backhauling gateway uses two BGP sessions for resiliency. If the primary BGP peer is disconnected, the Cato PoP routes traffic over the secondary path. When the primary peer restores connectivity, the PoP routes traffic through the primary peer again.
If a network rule includes multiple backhauling gateways, the PoP fails over to the next gateway only when both BGP peers for the first gateway are disconnected. If all configured gateways are disconnected, the traffic egresses directly from the Cato PoP to the Internet. When connectivity is restored for any gateway site, the PoP resumes routing traffic through that site.
This section shows the overview of configuring your account to backhaul Internet traffic to a gateway site.
- Define one or more backhauling gateway sites.
- Create Internet network rules that backhaul Internet traffic to the gateway sites.
Define an existing Cloud Interconnect site as the backhauling gateway site.
For each gateway site, enable the site as a backhauling gateway. The PoP in the Cato Cloud forwards matching backhauled Internet traffic to the remote end through the Cloud Interconnect connection.
To define a site as a backhauling gateway:
- From the navigation menu, select Network > Sites, and select the site.
- From the navigation menu, select Site Configuration > Backhauling.
- Select Use this site as backhauling gateway.
- Click Save.
Create an Internet network rule and configure the routing setting to route the traffic to the backhauling gateway. We recommend that you configure more than one backhauling gateway site, so in case the primary gateway site loses connectivity, the Cato PoP backhauls the traffic to the secondary gateway site (and so on if the secondary gateway site is also unreachable).
For network rules that use the Backhaul via option, you can use a combination of different types of backhauling gateway sites in a single rule.
When you define a domain for the App/Category of a network rule, only the traffic for that specific domain is backhauled. Other related traffic flows for different domains aren't backhauled.
Note
Note: For users and sites located in China, make sure that the network rules for the backhauled traffic don't violate China's Internet regulations.
For more about the settings for network rules, see Configuring Network Rules.
For more information about routing options, you can also watch this video tutorial.
To configure a network rule to backhaul Internet traffic:
- From the navigation menu, click Network > Network Rules.
- Click New. The Add Network Rule panel opens.
- Expand the General section, and from the Rule Type drop-down menu select Internet.
- Configure the other General settings.
- Configure the Source and App/Category settings for the rule.
- Expand the Configuration section, and if required, configure the Bandwidth Management and Primary Transport and Secondary Transport settings.
-
In the Routing Method section, configure the rule to route the Internet traffic to the Backhauling Gateway sites:
- In the Route/NAT drop-down menu, select Backhaul via.
- In Backhauling Gateway sites, select the primary site.
-
(Optional) Repeat the previous step for one or more backup sites.
The order of the Backhauling Gateway sites, defines the priority for the sites. The first site is the primary gateway site, the second site is the secondary gateway site, and so on.
- Click Apply, and then click Save.
0 comments
Please sign in to leave a comment.