Re: Policy-based routing is evil? Discuss.

[Leo Bicknell <bicknell () ufp org>]

On Oct 11, 2013, at 12:27 PM, William Waites <wwaites () tardis ed ac uk> wrote:

> I'm having a discussion with a small network in a part of the world
> where bandwidth is scarce and multiple DSL lines are often used for
> upstream links. The topic is policy-based routing, which is being
> described as "load balancing" where end-user traffic is assigned to a
> line according to source address.

Doing this with actual routing, in a way that doesn't become fragile is
hard.  It is not impossible as Jared points out, but is non-trivial.

However there is a variant which is much less brittle, but is more
annoying to configure with most tools.  The idea is that the gateway
box is a NAT, with an outbound IP on each of the two uplinks.  The 
box can then make intelligent decisions about which provider to use
based on layer 8+9 information.

I've seen this done multiple times where for instance there is high
bandwidth satellite, and low bandwidth terrestrial services.  Latency
sensitive traffic (dns, ssh, etc) are send over the low bandwidth
terrestrial, while bulk downloads go over satellite.  It's quite
robust and useful in these situations.

Making open source boxes do this is possible, but quite annoying
in my experience.  I don't think it's possible to make a Cisco or
Juniper do this sort of thing in any reasonable way.  A number of
manufacturers have developed custom solutions around this idea.

-- 
       Leo Bicknell - bicknell () ufp org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail