Policy-based routing is evil? Discuss.

Jeff Kell jeff-kell at utc.edu
Sat Oct 12 03:31:41 UTC 2013


As others have pointed out, PBR ...

* Is a fragile configuration.  You're typically forcing next-hop without
a [direct] failover option,
* Often incurs a penalty (hardware cycles, conflicting feature sets, or
outright punting to software),
* Doesn't naturally load-balance (you pick the source ranges you route
where)

However, there are few alternatives in some cases...

* If you are using some provider-owned IP space you often must route to
that provider,
* There may be policies restricting what traffic (sources) can transit a
given provider

There are few alternatives for the latter cases, unless you split the
border across VRFs and assign routing policy on the VRF, which is a
global decision across the VRF, and avoids PBR.

We're doing a little of both, so I clearly don't take sides :)

Jeff


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20131011/9e296215/attachment.sig>


More information about the NANOG mailing list