Policy-based routing is evil? Discuss.
Leo Bicknell
bicknell at ufp.org
Fri Oct 11 20:27:58 UTC 2013
On Oct 11, 2013, at 12:27 PM, William Waites <wwaites at tardis.ed.ac.uk> wrote:
> I'm having a discussion with a small network in a part of the world
> where bandwidth is scarce and multiple DSL lines are often used for
> upstream links. The topic is policy-based routing, which is being
> described as "load balancing" where end-user traffic is assigned to a
> line according to source address.
Doing this with actual routing, in a way that doesn't become fragile is
hard. It is not impossible as Jared points out, but is non-trivial.
However there is a variant which is much less brittle, but is more
annoying to configure with most tools. The idea is that the gateway
box is a NAT, with an outbound IP on each of the two uplinks. The
box can then make intelligent decisions about which provider to use
based on layer 8+9 information.
I've seen this done multiple times where for instance there is high
bandwidth satellite, and low bandwidth terrestrial services. Latency
sensitive traffic (dns, ssh, etc) are send over the low bandwidth
terrestrial, while bulk downloads go over satellite. It's quite
robust and useful in these situations.
Making open source boxes do this is possible, but quite annoying
in my experience. I don't think it's possible to make a Cisco or
Juniper do this sort of thing in any reasonable way. A number of
manufacturers have developed custom solutions around this idea.
--
Leo Bicknell - bicknell at ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 793 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20131011/c808fc05/attachment.sig>
More information about the NANOG
mailing list