Policy-based routing is evil? Discuss.
Jimmy Hess
mysidia at gmail.com
Fri Oct 11 22:22:54 UTC 2013
On Fri, Oct 11, 2013 at 12:27 PM, William Waites <wwaites at tardis.ed.ac.uk>wrote:
> In my opinion the main problems with this are:
> - It's brittle, when a line fails, traffic doesn't re-route
>
Yes, but this is no worse than if you just had one single DSL link.
Manual failover is a perfectly valid solution for very small networks where
a less-than-enterprise-grade solution such as DSL is suitable.
I'd be more concerned about the question of /have you implemented a proper
firewall solution/ ?
- None of the usual debugging tools work properly
> - Adding a new user is complicated because it has to be done in (at
> least) two places
>
Not necessarily.
You might pick a /20 rfc1918 network, and then assign a /24 of source
addresses out of the subnet to each link. Then you won't need to adjust
two places, every time a device is added; just IP it appropriately, or
set the appropriate DHCP reservation, or Best: subnet the local network
based on choice of outgoing WAN link, and select the client's VLAN based
on desired WAN link...
Another alternative to PBR is to have an extra router for each DSL link,
providing a default gateway;
> But I'm having a distinct lack of success locating rants and diatribes
> or even well-reasoned articles supporting this opinion.
>
There are plenty of downsides to PBR in various scenarios, but the PBR
functionality on these devices doesn't exist just at the whim of the device
manufacturer --- operators look for the functionality.
It is perfectly valid and very good to use PBR, as long as you understand
any limitations and drawbacks that apply to your specific situation.
The main drawback is ease-of-maintenance challenges.
-w
--
-JH
More information about the NANOG
mailing list