Re: Policy-based routing is evil? Discuss.

[Jared Mauch <jared () puck nether net>]

On Oct 11, 2013, at 1:27 PM, William Waites <wwaites () tardis ed ac uk> wrote:

> I'm having a discussion with a small network in a part of the world
> where bandwidth is scarce and multiple DSL lines are often used for
> upstream links. The topic is policy-based routing, which is being
> described as "load balancing" where end-user traffic is assigned to a
> line according to source address.
>
> In my opinion the main problems with this are:
>
>  - It's brittle, when a line fails, traffic doesn't re-route
>  - None of the usual debugging tools work properly

I think this all depends on how it's configured, and if you can monitor/detect failures.

I've seen folks do things like this with a Linux box with "multiple routing tables".  If you have something validate 
the link is working, you can easily have it "fail over".  This is all depending on the admin to do it right.

>  - Adding a new user is complicated because it has to be done in (at
>    least) two places

This all depends on the tool set in use/available.

> But I'm having a distinct lack of success locating rants and diatribes
> or even well-reasoned articles supporting this opinion.
>
> Am I out to lunch?

No, but most people I've seen either

a) set it up, it works (or seems to) and cross their fingers and move to the next fire
b) try to over-engineer the crap out of it so it's got what they feel is "100% availability" but isn't sustainable or 
maintainable by someone other than themselves.

The simple answer is: rfc1925 7.a & 8 apply

- Jared