[c-nsp] PBR in hardware on RSP720
Rinse Kloek
rinse.kloek at isp.solcon.nl
Wed Sep 30 10:39:18 EDT 2009
Hmm looks like I discovered some incompatibily.
If I disable the used private hosts layer3 feature, policy routing
works. Looks like privates hosts blocks the traffic for policy routing:
#sh tcam int gi2/1 acl in other module 5
deny other host 0200.0000.0001 any
deny other host 0023.5ed9.7140 any
permit other any 3333.0000.0000 ffff.0000.0000
permit other any 0100.5e00.0000 ffff.ff80.0000
permit other any host 0200.0000.0001 (7 matches)
permit other any host 0023.5ed9.7140
redirect other any host ffff.ffff.ffff
deny other any any
#no private-hosts layer3
sh tcam int gi2/1 acl in other module 5
<empty>
regards Rinse
Peter Rathlev schreef:
> On Wed, 2009-09-30 at 12:45 +0200, Rinse Kloek wrote:
>
>> "The Policy Feature Card (PFC) and any Distributed Feature Cards
>> (DFCs) provide hardware support for policy-based routing (PBR) for
>> route-map sequences that use the match ip address, set ip next-hop,
>> and ip default next-hop PBR keywords."
>>
>> How do I have to read this rule ? Only if I use these 3 commands, the
>> traffic will be policy routed through the PFC ?
>>
>
> That is as I understand it yes.
>
>
>> And what about other rules. It looks like other Policy Routing rules
>> don't even get processed. So the only way the get these rules matched
>> is disabling mls ip on the interface where the route-map is set ?
>>
>
> That also seems right, though I thought it was "mls switching unicast";
> the commands seem to enable/disable each other though.
>
> The switch might process the traffic in software even without disabling
> hardware switching, but that wouldn't always be a good idea, considering
> the perfomance impact.
>
> Regards,
> Peter
>
>
>
More information about the cisco-nsp
mailing list