[166982] in North American Network Operators' Group
Re: Policy-based routing is evil? Discuss.
daemon@ATHENA.MIT.EDU (Michael Smith)
Mon Nov 25 02:44:46 2013
From: Michael Smith <mksmith@mac.com>
In-reply-to: <CALgc3C6sgyOOb6wUgHpmxnUGzPXrSLFFkSbwR1AwxJ8QUiuzUA@mail.gmail.com>
Date: Sun, 24 Nov 2013 23:43:54 -0800
To: Eugeniu Patrascu <eugen@imacandi.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Nov 24, 2013, at 10:36 PM, Eugeniu Patrascu <eugen@imacandi.net> =
wrote:
> On Fri, Oct 11, 2013 at 8:27 PM, William Waites =
<wwaites@tardis.ed.ac.uk>wrote:
>=20
>> I'm having a discussion with a small network in a part of the world
>> where bandwidth is scarce and multiple DSL lines are often used for
>> upstream links. The topic is policy-based routing, which is being
>> described as "load balancing" where end-user traffic is assigned to a
>> line according to source address.
>>=20
>> In my opinion the main problems with this are:
>>=20
>> - It's brittle, when a line fails, traffic doesn't re-route
>>=20
>=20
> You can always know what IPs are on the other end of the link, add =
static
> routes for them to make sure they're reachable and based on ping =
results
> use the link or not. It works fairly well if 1-2 minutes of downtime =
is not
> an issue. I've done this using Linux and a bash script and it worked =
to
> balance traffic across two links with up/down detection. iproute2 does
> wonders.
>=20
Or you could run FreeBSD with PF and ifstated and it would be an almost =
instantaneous failover.
>=20
>> - None of the usual debugging tools work properly
>>=20
>=20
> As long as you don't have asymmetric routing in place, debugging will =
be
> the same. Even so, you can (at least on Linux) do a "tcpdump -i any" =
and
> see what goes in/out of your box :)
>=20
>=20
Asymmetric routing is a fact of life and is fairly common.
>> - Adding a new user is complicated because it has to be done in (at
>> least) two places
>>=20
>>=20
> I agree it's not scaleable, but for when all you have are DSL lines or =
low
> capacity lines over which you cannot run an IGP, you'll have make it =
work
> with what you have :)
>=20
>=20
>> But I'm having a distinct lack of success locating rants and =
diatribes
>> or even well-reasoned articles supporting this opinion.
>>=20
>>=20
> I would go for the "right tools for the right job" idea and say that =
PBR in
> the case you're mentioning of a valid use and probably the most =
effective
> way of doing business for them.
>=20
> Also take into consideration that in many parts of the world, the =
effort of
> configuring and maintaining a setup like this fall in the the day to =
day
> job of one or several network admins. Also, most of the time is =
cheaper to
> hire more people than go and buy let's say professional networking
> equipment.
Hmm, really? The professional networking equipment required for this =
type of thing would be in the ~10k new and significantly cheaper used. =
That's not a lot of salary.
Mike=
