🏝️SD-WAN: DNS Split Tunneling examples on Fusion's SD-WAN for a Local Use Case Breakout🥥

It is possible to send traffic over a specified link using Fusion's SD-WAN. The mechanism used is known as classification and local breakout can be implemented using IP addresses, ports, or any other protocol marking available via tc. By default it is easy when using IPs but what if you want to use DNS?

Well hold onto your hats, we going to show you how to do this for YouTube! This is achieved using either the nftables or iptables functionality available in DNSMASQ. DNSMASQ is the DNS and DHCP network configuration engine available using Fusion's SD-WAN.

sudo ipset create split hash:ip timeout 3600


In custom DNSMASQ add the following:

ipset=/youtube.com/split


In the startup script, fusionreboot.sh add:

/usr/sbin/ipset create split hash:ip
/usr/sbin/iptables -t mangle -I PREROUTING 1 -m set --match-set split dst -j MARK --set-mark 241

Ensure you have tunnel bypass active.

To view the bypass rules and see the list of IPs:

sudo iptables -t mangle -L -v --line-numbers -n

sudo ipset list split

You can use any domain and add it to the DNSMASQ configuration. You can even force a whole country on local break out. Here we add Mauritius:

ipset=/youtube.com/mu/split

This results in all traffic to any Mauritius domain going local.

Ronald Bartels ensures that Internet inhabiting things are connected reliably online at Fusion Broadband South Africa - the leading specialized SD-WAN provider in South Africa. 👉 Contact Fusion