These actions correlate with what you choose for the options in Tunnel and Tunnel Down Action. The following diagrams illustrate the consequences for each:
The most important thing to remember is that the only way to optimize traffic is to direct flows to tunnels, either by specifying the tunnel or selecting auto-optimization.
This diagram shows how the appliance processes a flow assigned to a tunnel by the Route Policy. The QoS and Optimization policies are shown only in the interest of providing a broader context for interested users.
 |
|
1
|
First, the Route Policy checks traffic incoming from the LAN against the MATCH criteria in its prioritized entries. Entries 10 and 20 don’t match the traffic, but Entry 30 does.
|
|
2
|
The policy applies the entry’s SET actions to the identified flow. In this case, it directs the flow to Tunnel A. Once traffic matches an entry, no subsequent entries are examined.
|
|
3
|
Before the flow reaches Tunnel A, the QoS Policy checks against its entries and
|
|
•
|
|
7
|
The appliance queues the optimized flow into Tunnel A as it exits the physical WAN interface.
|
When a Route Policy entry has a SET action of auto optimized — as is the case with the default entry — the appliance uses one of three strategies — subnet sharing, TCP-based auto-opt, or IP-based (non-TCP) auto-opt — to direct a flow to the appropriate tunnel.
 |
Once the appliance determines the appropriate tunnel, it processes the flow in the same way as a flow directed to a specific tunnel.
 |
|
1
|
The Route Policy checks traffic incoming from the LAN against the MATCH criteria in its prioritized entries. Entry 40 matches the traffic and tells the appliance to process the flow as shaped, pass-through traffic.
|
|
•
|
ignores the DSCP marking specified for LAN QoS, and
|
 |
|
1
|
The Route Policy checks traffic incoming from the LAN against the MATCH criteria in its prioritized entries. The first three entries don’t match the traffic, but Entry 40 does.
|
Flows that have a SET action of drop follow this path:
 |
|
1
|
The Route Policy checks traffic incoming from the LAN against the MATCH criteria in its prioritized entries. Entries 10 and 20 don’t match the traffic, but Entry 30 does.
|
|
2
|
With a SET action of drop, the appliance stops all processing on the flow.
|
The Continue option in the Tunnel Down Action field enables the appliance to read ensuing entries in the Route Policy in the event that the tunnel used in a previous entry goes down.
Flows that have a Tunnel Down SET action of Continue follow this path:
(We’ve simplified this last diagram, skipping over the sequenced application of Optimization and QoS Policies. To refresh your memory, see “Flow directed to a tunnel”.)
(We’ve simplified this last diagram, skipping over the sequenced application of Optimization and QoS Policies. To refresh your memory, see “Flow directed to a tunnel”.)
 |
|
1
|
First, the Route Policy checks traffic incoming from the LAN against the MATCH criteria in its prioritized entries. Entries 10 and 20 don’t match the traffic, but Entry 30 does.
|
|
2
|
The policy applies the entry’s SET actions to the identified flow. In this case, it sends the flow to Tunnel A. Once any traffic matches an entry, no subsequent entries are examined.
|
|
3
|
If Tunnel A goes down, the Route Policy refers back to the policy entry’s Tunnel Down Action. The action prescribed is to continue to the next applicable MATCH criteria, which is Entry 50, putting all traffic into Tunnel B.
|
|
•
|
If Tunnel A is subsequently restored, the Route Policy directs new flows matching Entry 30 to Tunnel A.
|
|
•
|
Flows that were continued from Entry 30 to Entry 50 (and Tunnel B) persist until complete.
|
