From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer

OECG – Chapter 7

342 Words. Plan about 2 minute(s) to read this.

Policy routing is what you do when you need to be absolutely sure that your network is difficult to troubleshoot. Uh…I mean to say…policy routing is what you do when you want the router to make a forwarding decision based on something other than the destination IP address. And, from lots of practical experience with policy routing, I can also tell you that if you’re injudicious in your use of policy routing and/or lousy at documentation, policy routing can be a real pain in the butt. It’s powerful, don’t get me wrong…but if you think policy routing is the answer to whatever the question is, you may need to ask some other questions. Like “Why is my network such that policy routing is the only way I can solve this problem?” Maybe policy routing is your answer…but I can’t recommend highly enough that you use it sparingly and document it to death with very intuitive policy names and remarked ACL’s. You’ll thank yourself 6 months from now when you’re troubleshooting the router.

Using the “ip policy” command on interface let’s the router know he’ll have to think a bit harder before fowarding the packet. You define a policy with a series of clauses that define a condition and an action to perform if that condition is matched. You could send all packets with a source IP of 172.16.254.0/24 to a next-hop of your choosing, for instance. Or you could classify all packets coming from your IP phone VLAN with IP precedence bits to make sure they are prioritized when they hit the WAN cloud.

Let’s say you want to set a next-hop to 12.13.14.15. You’re set statement would be “set ip next-hop 12.13.14.15”. Alternatively, you could “set ip default next-hop 12.13.14.15”, the difference being that the “default” keyword tells the router to attempt to forward the traffic based on the routing table, and will forward to 12.13.14.15 if there’s no routing table match.

(Do you start to see how this could be potentially evil if you go crazy with this on your network?)