[166194] in North American Network Operators' Group
Re: Policy-based routing is evil? Discuss.
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Fri Oct 11 16:31:23 2013
From: Leo Bicknell <bicknell@ufp.org>
In-Reply-To: <20131011.182700.484727119.wwaites@tardis.ed.ac.uk>
Date: Fri, 11 Oct 2013 15:27:58 -0500
To: William Waites <wwaites@tardis.ed.ac.uk>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Apple-Mail=_58A3C1D2-4655-4A76-86FE-6C7134E9DBD1
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
On Oct 11, 2013, at 12:27 PM, William Waites <wwaites@tardis.ed.ac.uk> wrote:
> I'm having a discussion with a small network in a part of the world
> where bandwidth is scarce and multiple DSL lines are often used for
> upstream links. The topic is policy-based routing, which is being
> described as "load balancing" where end-user traffic is assigned to a
> line according to source address.
Doing this with actual routing, in a way that doesn't become fragile is
hard. It is not impossible as Jared points out, but is non-trivial.
However there is a variant which is much less brittle, but is more
annoying to configure with most tools. The idea is that the gateway
box is a NAT, with an outbound IP on each of the two uplinks. The
box can then make intelligent decisions about which provider to use
based on layer 8+9 information.
I've seen this done multiple times where for instance there is high
bandwidth satellite, and low bandwidth terrestrial services. Latency
sensitive traffic (dns, ssh, etc) are send over the low bandwidth
terrestrial, while bulk downloads go over satellite. It's quite
robust and useful in these situations.
Making open source boxes do this is possible, but quite annoying
in my experience. I don't think it's possible to make a Cisco or
Juniper do this sort of thing in any reasonable way. A number of
manufacturers have developed custom solutions around this idea.
--
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--Apple-Mail=_58A3C1D2-4655-4A76-86FE-6C7134E9DBD1
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
iQIVAwUBUlhfUbN3O8aJIdTMAQJ3Xg//WATBRfacZu7WSYiV3IzyRhwomRtM/Ih1
CnnjH8XXQZ/OJvVBJ4VFsnr7j8Ps69916VkwbLDn0aUcxPQh75Qk1mWjNrr16+zT
HQnESsKL6s8N8+AXBgvVgosy4WoNc42z9qEmUpRK7We4VQUNkn4fwVdUa1wmKMgF
o6Wc7pF9hl/sWv89/28Qdb09Kxg1NiPuHRw+/p3Nn2y3v1z4Bxvq0AyVVc5aWknr
SYPu1CyoyN+HkGc++f3d8yOJnAUovCuBZesAQos+C9Nyev9KY+DAT+1ZnVhjRWHk
E/U9O4ogAbqeWxOvNzwvIPpNGdenuholVGcdm5PXt7+iDD8l9eG1ztr5mAnAEcml
U3jAO7fYDAkjPw8HzGNugfOBrFxqGbtMLN73JMk0geBRTAKAdveu2tPAe5R1DnQK
Gk+sFZiULUQOGKsi9UjLus4dfNo5Ywoxo1uAA18cqIbylEZ+cRE3EF2R1RpN6GAd
F/23YMpZMwb2fUyFAQsUUXpFnzeTE0phMBzMxaF0anGNu7Jlyt+epxO96wT5nFkG
AVyCgO0if448KEb6WhWUhWLSnFbXHeizoumpNcq2EMQtfwRqWXHRfn/ehyKJIJ6S
znktFHPgT23vKMtPptooqwASC8sdHzKud0DWvbFL+YDAGjzdOT5IHciD4+q2OOOY
rUg7uDC1soI=
=daT+
-----END PGP SIGNATURE-----
--Apple-Mail=_58A3C1D2-4655-4A76-86FE-6C7134E9DBD1--
