nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Policy-based routing is evil? Discuss.

From: Jon Lewis <jlewis () lewis org>
Date: Fri, 11 Oct 2013 14:19:36 -0400 (EDT)
On Fri, 11 Oct 2013, Jared Mauch wrote:


I think this all depends on how it's configured, and if you can monitor/detect failures.
I've seen folks do things like this with a Linux box with "multiple routing tables". If you have something validate the link is working, you can easily have it "fail over". This is all depending on the admin to do it right.
I've done exactly this with Linux routers doing SNAT and multiple upstream connections (ip route and ip rule are the commands used to setup the "multiple tables" and rules to determine routing policy). Depending on the level of segregation needed, adding a new "user" can be as simple as plugging them into the appropriate network.
Is it ideal? No. But when $ is the deciding factor between a real router with real upstream connections supporting BGP and a Linux router with DSL and cable and no routing protocol, policy routing with some intelligence to fail-over if a link fails (and go back when it recovers) can work acceptably. 

----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
                             |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Previous By Date Next
Previous By Thread Next

Current thread: