[c-nsp] Policy based routing - Packets being punted to CPU
Pete Lumbis
alumbis at gmail.com
Mon Apr 16 21:31:37 EDT 2012
On the 6k/Sup720 only "match ip address <acl>" (permits only and without
log statements) and "set ip next-hop" are supported in hardware. Anything
else will be punted.
On Mon, Apr 16, 2012 at 8:55 PM, Andy S <tswmmeejsdad at gmail.com> wrote:
> Hi There,
>
> A quick questions in relation to the following policy based routing
> configuration for a Cisco 6500.
>
> Example:
>
> interface TenGigabitEthernet9/8
> ip address 10.10.10.10 255.255.255.252
> no ip redirects
> ip directed-broadcast
> ip route-cache flow
> ip policy route-map MY-TEST
> !
> route-map MY-TEST permit 10
> match ip address MY-TEST-ACL
> set ip next-hop 192.168.255.10
> set ip df 0
> !
> route-map MY-TEST permit 20
>
> 1/ Does having the permit 20 rule cause all my packets to be punted to the
> CPU???
>
> According to the output below, I believe this is happening as a result of
> the permit 20 rule.
>
> #show tcam interface tenGigabitEthernet 9/8 acl in ip
>
> * Global Defaults shared
>
> Entries from Bank 0
>
> Entries from Bank 1
>
> permit ip any 224.0.0.0 15.255.255.255
> punt ip any any
>
> 2/ If point one is true, can I just remove the permit 20 rule which I
> believe will stop all packets being punted to the CPU?
>
> I don't believe policy-maps have an implicit deny at the end, so packets
> that don't match permit 10 should continue to be routed using the routing
> table. Is this true also?
>
> Thanks.
>
> Andy
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list