Policy-based routing is evil? Discuss.

• Previous message (by thread): Policy-based routing is evil? Discuss.
• Next message (by thread): Policy-based routing is evil? Discuss.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 11 Oct 2013, Jared Mauch wrote:

> I think this all depends on how it's configured, and if you can monitor/detect failures.
>
> I've seen folks do things like this with a Linux box with "multiple 
> routing tables".  If you have something validate the link is working, 
> you can easily have it "fail over".  This is all depending on the admin 
> to do it right.

I've done exactly this with Linux routers doing SNAT and multiple upstream 
connections (ip route and ip rule are the commands used to setup the 
"multiple tables" and rules to determine routing policy).  Depending on 
the level of segregation needed, adding a new "user" can be as simple as 
plugging them into the appropriate network.

Is it ideal?  No.  But when $ is the deciding factor between a real router 
with real upstream connections supporting BGP and a Linux router with DSL 
and cable and no routing protocol, policy routing with some intelligence 
to fail-over if a link fails (and go back when it recovers) can work 
acceptably.

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
                              |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

• Previous message (by thread): Policy-based routing is evil? Discuss.
• Next message (by thread): Policy-based routing is evil? Discuss.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]