[f-nsp] Policy based routing?
seph
seph at directionless.org
Fri Feb 5 15:43:51 EST 2010
Nick Morrison <nick at nick.on.net> writes:
> you're not crazy for trying. it's simple and it seems to work. for us. my
> only advice is - *only* use it where *necessary* - PBR can be a bastard to
> troubleshoot when it gets complicated :-)
Glad to hear I'm not crazy. Though I'm not sure this would count as
necessary -- I'm trying to use it as a saner acl. Might be the wrong approach.
> it defaults to *not* matching, so if traffic doesn't match your acl it won't
> have its next-hop adjusted. you don't need a deny at the end.
Well, that's one of my problems. I'd like it to *not* default to routing
packets between the interfaces, unless I've explicitly allowed it.
seph
More information about the foundry-nsp
mailing list