[166184] in North American Network Operators' Group
Re: Policy-based routing is evil? Discuss.
daemon@ATHENA.MIT.EDU (Jon Lewis)
Fri Oct 11 14:22:22 2013
Date: Fri, 11 Oct 2013 14:19:36 -0400 (EDT)
From: Jon Lewis <jlewis@lewis.org>
To: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <8602FB8D-212C-4218-91E2-7BDAB2F62C9C@puck.nether.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, 11 Oct 2013, Jared Mauch wrote:
> I think this all depends on how it's configured, and if you can monitor/detect failures.
>
> I've seen folks do things like this with a Linux box with "multiple
> routing tables". If you have something validate the link is working,
> you can easily have it "fail over". This is all depending on the admin
> to do it right.
I've done exactly this with Linux routers doing SNAT and multiple upstream
connections (ip route and ip rule are the commands used to setup the
"multiple tables" and rules to determine routing policy). Depending on
the level of segregation needed, adding a new "user" can be as simple as
plugging them into the appropriate network.
Is it ideal? No. But when $ is the deciding factor between a real router
with real upstream connections supporting BGP and a Linux router with DSL
and cable and no routing protocol, policy routing with some intelligence
to fail-over if a link fails (and go back when it recovers) can work
acceptably.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
| therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
