The conventional routing logic described so far operates very much like any conventional router, with the addition of some handling for bonding and duplicate subnets.
However the FB9000 also allows the possibility of route overrides which control routing in more more detail. This feature is part of session tracking functionality, and so applies on a per-session basis (contrasting with the per-packet basis for the conventional routing). For details on sessions, and session-tracking, refer to Chapter 7.
When establishing a session it is possible to scan an ordered list of rules which can consider not only the target IP but also source IP, protocol, ports, and interfaces being used. The result is (typically) to set a routing target IP for the session (and possibly a routing table to jump between tables).
The destination IP in the packet header is not modified - rather, an 'overriding' routing target IP address is stored in the session-table entry.
This is done for each direction on the session and remembered. This new target IP is then used on a per packet basis in the same way as above instead of the destination IP address of the packet. This is the same as set-gateway
in the normal session tracking logic.
However, routing overrides are applied at the end of checking rule-sets and applied both ways, allowing, in effect, a set-reverse-gateway.
Because the route-override just sets a new target routing IP and does not allow you to set a specific tunnel or such, you may want to have a dummy single IP address routed down a tunnel, and then use route-override rules to tell specific sessions to use that IP as the gateway. Future software releases may provide a means to specify a tunnel as a routing gateway more directly.