[c-nsp] VRF-Aware PBR?

christian.macnevin at uk.bnpparibas.com christian.macnevin at uk.bnpparibas.com
Thu Aug 4 08:59:12 EDT 2005


Yeah, that 'set vrf' function is quite weird - only  a few applications I 
can think of for that. Why they didn't implement pbr on vrf interfaces is 
a mystery to me - I guess the algorithm can't yet deal with vpnipv4 
addressing.





Internet
robbie at packetized.org@puck.nether.net - 04/08/2005 13:50
 
Please respond to robbie at packetized.org
Sent by:        cisco-nsp-bounces at puck.nether.net

To:     cisco-nsp
cc: 
Subject:        Re: [c-nsp] VRF-Aware PBR?


For what it's worth, I can find nothing on the 2600XM platform that will
let you PBR within a VRF. You can easily tag non-VRF traffic to enter a
VRF of your choosing (from the global data plane) but you can't actually
PBR traffic that comes into your router on a VRFed interface. Sorry.

(ran into this problem about 4 months ago, had to end up doing PBR on a
CPE firewall split into virtual domains, ick.)


--
Cheers,
Robbie

christian.macnevin at uk.bnpparibas.com wrote:
> Hi,
> Having difficulty finding whether there's now support for 
straight-forward
> vrf-aware PBR. We need to match by protocol and set a next ip hop within
> the vpn. I've seen the 'select vrf based on pbr' feature already, but 
have
> no idea what it's good for (looks like a reesult of customer feature
> requested due to bad design, personally) but can't find anything simply
> letting me do simple PBR.
>
> Anyone?
>
> This message and any attachments (the "message") is
> intended solely for the addressees and is confidential.
> If you receive this message in error, please delete it and
> immediately notify the sender. Any use not in accord with
> its purpose, any dissemination or disclosure, either whole
> or partial, is prohibited except formal approval. The internet
> can not guarantee the integrity of this message.
> BNP PARIBAS (and its subsidiaries) shall (will) not
> therefore be liable for the message if modified.
>
> 
**********************************************************************************************
>
> BNP Paribas Private Bank London Branch is authorised
> by CECEI & AMF and is regulated by the Financial Services
> Authority for the conduct of its investment business in the
> United Kingdom.
>
> BNP Paribas Securities Services London Branch is authorised
> by CECEI & AMF and is regulated by the Financial Services
> Authority for the conduct of its investment business in the
> United Kingdom.
>
> BNP Paribas Fund Services UK Limited is authorised and
> regulated by the Financial Services Authority.
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list