[166211] in North American Network Operators' Group
Re: Policy-based routing is evil? Discuss.
daemon@ATHENA.MIT.EDU (Octavio Alvarez)
Sat Oct 12 13:47:53 2013
Date: Sat, 12 Oct 2013 10:48:03 -0700
From: Octavio Alvarez <alvarezp@alvarezp.ods.org>
To: William Waites <wwaites@tardis.ed.ac.uk>
In-Reply-To: <20131011.182700.484727119.wwaites@tardis.ed.ac.uk>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 10/11/2013 10:27 AM, William Waites wrote:
> I'm having a discussion with a small network in a part of the world
> where bandwidth is scarce and multiple DSL lines are often used for
> upstream links. The topic is policy-based routing, which is being
> described as "load balancing" where end-user traffic is assigned to a
> line according to source address.
I wouldn't say "evil", I have found it really useful in some cases. You
just need a different approach to the network design.
I'd just say it's not the easiest way and yeah, I try to generally avoid it.
> - It's brittle, when a line fails, traffic doesn't re-route
This depends on how flexible the PBR implementation on your router is.
If your router can have conditionals like this:
* match: source address A && link P available --> send it to link P
* match: source address A --> unconditionally send it to fallback link F
Then your users will converge quite nicely. Also, make sure you prepare
for router redundancy.
Configuration can get pretty complex, though, and link addition can
require redesign of the whole policy.
> - None of the usual debugging tools work properly
No, but then, they can't expect usual debugging tools with unusual
scenario. You may need to develop some new tools and teach them how to
use them.
> - Adding a new user is complicated because it has to be done in (at
> least) two places
With a good design this burden can be significantly lowered to the point
of being not 100% but 80 or 90% effective, so to speak. Consider a good
topology and a good addressing plan.
