[166208] in North American Network Operators' Group
Re: Policy-based routing is evil? Discuss.
daemon@ATHENA.MIT.EDU (Jeff Kell)
Fri Oct 11 23:32:47 2013
Date: Fri, 11 Oct 2013 23:31:41 -0400
From: Jeff Kell <jeff-kell@utc.edu>
To: <bep@whack.org>, Phil Bedard <bedard.phil@gmail.com>
In-Reply-To: <525882CA.3010405@whack.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--B82lm8tDDB2m03iVfId70vvNN6ciRQlm8
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
As others have pointed out, PBR ...
* Is a fragile configuration. You're typically forcing next-hop without
a [direct] failover option,
* Often incurs a penalty (hardware cycles, conflicting feature sets, or
outright punting to software),
* Doesn't naturally load-balance (you pick the source ranges you route
where)
However, there are few alternatives in some cases...
* If you are using some provider-owned IP space you often must route to
that provider,
* There may be policies restricting what traffic (sources) can transit a
given provider
There are few alternatives for the latter cases, unless you split the
border across VRFs and assign routing policy on the VRF, which is a
global decision across the VRF, and avoids PBR.
We're doing a little of both, so I clearly don't take sides :)
Jeff
--B82lm8tDDB2m03iVfId70vvNN6ciRQlm8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iEYEARECAAYFAlJYwqAACgkQiwXJq373XhaN4ACg8OWB6B5/3I1ZHtebcwZANte6
zKwAnjAKDpvECnsk3RCHHWaOCEo52BmX
=PmQG
-----END PGP SIGNATURE-----
--B82lm8tDDB2m03iVfId70vvNN6ciRQlm8--
