-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi all, We use Linux for our edge routers which have multiple interfaces to different BGP peers. Policy based routing allows us to insure that traffic originating from a particular external IP address on the router, goes out the matching network. We have also used in on client systems to force particular protocols out particular providers. It's not that easy to do on Linux, as you need to make sure you have all the proper link routes on place and positioned properly in the rule chain, or you can really break things. Stu On 10/11/2013 11:35 AM, Christopher Morrow wrote:
On Fri, Oct 11, 2013 at 2:13 PM, William Waites <wwaites@tardis.ed.ac.uk> wrote:
On Fri, 11 Oct 2013 10:41:46 -0700, joel jaeggli <joelja@bogus.com> said: > evil is not a synonym for ugly patch placed over a problem that > could be handled better.
Ok, fair enough. My first experience with PBR was as a summer intern in the mid-1990s who inherited management of a large ATM network that had a big VPN-esque thing built entirely that way and with no documentation. It certainly felt evil at the time. ;)
I think really PBR violates this: <http://en.wikipedia.org/wiki/Principle_of_least_astonishment>
I see ISP folks MOSTLY avoid PBR, because it does weird things that NOC/ops folks just plain don't expect. I see Enterprise network folks fall back to PBR often, for reasons that they seem happy with... but man it makes things confusing :)
-chris
- -- "Sometimes I lie awake at night and I ask, "Is life a multiple choice test or is it a true or false test?" ...Then a voice comes to me out of the dark and says, "We hate to tell you this but life is a thousand word essay." -- Charles M. Schulz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJSWEc2AAoJEFKVLITDJSGSDSAP/iW6s1nM56cwAyQAq8djsn3x OlD40O698iluf9r1ZmDABZqO3dWI/JxGktANmhC34b/ux9qMKx27RBEVS+L5Kp9p f5YJxG0vr0lkqhVGngr9pOKTmOLdnLWwDiL0yUyxXngYm7ZG9E5aQ5mbLSz0DxBB +JGoc4DXzI1lNXMSfklxooAZoRP6dbwxhzC8r/TIbExFyRuf/OgsR9bYB3wjpRvQ 7uXdHiLmLIO68pvRmGIIYQUNQ/aUSI9wod2jdleupK6yoO7fAktrndhj1+lD0TCS kZA5/b2u5O+PJ61ocbK20s/mKVt/joVSfEG5IBQxqxKqpcc9N1x7Kr7XzoQuUFo/ M3szoDZnwIq5zgXWDvvt11+AzG5qraZCxfwaTpwHbuRAC9bZMIZkrpd4LLXTGwvG bxuJmWqcY2ktX5XiyLRgvcYzw+Pkz6uNU+PpS9UYI7x9qSwkYGPomoj5iHbaTrs4 nKBQZgAUUcEkr7+kRfXIhq6ZZKsaoaFGCX8u5WeXBQj78GlEiOMxAthFPYr8iU8X Kai4nCBx+c204hjoYdI5K2aFNztqh8Xj2qW3DyxrqwsKld46ZFut/zKs4qcJLvPP jrs2ihtdsIHDn2QLVoRqHJWdpMn2l/TETbygqnRyO9hYUkqub7Zo/fVJwXCGNZDz quDOESz/QwPH5IrOPiub =ww8J -----END PGP SIGNATURE-----