[c-nsp] Hardware accel. paths for policy routing on C6500
Arie Vayner
ariev at netvision.net.il
Wed Feb 16 16:13:53 EST 2005
You have to be very careful not to run out of TCAM!
Every ACL and every route-map would take some of it, and there is not
enough of it for a large number of connections (like in an edge
scenario)
Arie
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tim Stevenson
Sent: Tuesday, February 15, 2005 7:10 PM
To: Sam Stickland
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Hardware accel. paths for policy routing on C6500
As long as you match on DSCP using an ACL, it is in hardware. ie:
access-list 101 permit ip any any dscp cs5
or similar.
Tim
At 08:56 AM 2/15/2005, Sam Stickland averred:
>Is matching against dscp values also in done in software?
>
>Sam
>
>On Tue, 15 Feb 2005, Tim Stevenson wrote:
>
>>Correct, match ip community will force software switching.
>>
>>We support match ip address, set ip next-hop, set ip default next-hop,
>>and set interface null0 in hardware - anything else is in software.
>>
>>Tim
>>
>>At 06:44 AM 2/15/2005, Sam Stickland averred:
>>>On Tue, 25 Jan 2005, Per Carlson wrote:
>>> > Sam Stickland wrote:
>>> >> Measuring traffic from the customer to our peers is easy (simply
>>> provision
>>> >> another BGP session only containing peer route). Traffic from our
>>> peers to
>>> >> our customers is more difficult. Since there'd be two possible
>>> >> paths
>>> from
>>> >> our network to the customers (full and partial), we'd need to
>>> >> route
>>> based
>>> >> on the source address as well as the destination.
>>> >>
>>> >> My thinking is to dscp mark the traffic from our directly
>>> >> connected
>>> peers
>>> >> (at the same point where we apply community tags), and then
>>> >> policy
>>> route on
>>> >> the customers directly attached interface.
>>> >
>>> > afaik, policy routing is enabled on the *ingress* interface. from
>>> > the
>>> cisco
>>> > config guide (http://tinyurl.com/2o5m7 [1])
>>>Oh, of course you're right. Well that makes this a litte bit trickier
>>>doesn't it?
>>> > you would need to create route-maps matching the customer prefixes
>>> with the
>>> > right next-hop, like
>>> >
>>> > route-map partitial permit 10
>>> > match ip address cust1_prefixes
>>> > set ip next-hop 1.1.1.1
>>> > route-map partitial permit 20
>>> > match ip address cust2_prefixes
>>> > set ip next-hop 2.2.2.2
>>>Wouldn't this need to be:
>>>route-map partitial permit 10
>>> match ip community 10
>>> match ip address cust1_prefixes
>>> set ip next-hop 1.1.1.1
>>>route-map partitial permit 20
>>> match ip community 10
>>> match ip address cust2_prefixes
>>> set ip next-hop 2.2.2.2
>>>Since we won't to not only match where the traffic is going, but also
>>>where it is from (ie. direct traffic from directly connected peers to
>>>a different next-hop). It would be nice if we could match this via
>>>community, but once again I fear that this information isn't going to
>>>be available at this point in the hardware?
>>>Sam
>>> > this doesn't scale well, you would need to maintain separate acl's
>>> for each
>>> > customer with all their prefixes. sure it would be maintainable
>>> > with a handful of customers with a handful of prefixes each.
>>> >
>>> > i've been looking into this as well, but more or less given up the
>>> > pbr track.
>>> >
>>> > i'd love if you could do it the following way:
>>> >
>>> > route-map partitial permit 10
>>> > match ip destination as-path 1
>>> > set ip next-hop 1.1.1.1
>>> >
>>> > ip as-path access-list 1 permit 1234
>>> >
>>> > this approach would be rather hard to do in hardware tough :-( if
>>> > the cef-table did have information about the as number, it might
>>> > be
>>> possible...
>>> >
>>> > per
>>> >
>>> > [1]
>>> >
>>> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122c
>>> gcr/fipr_c/ipcprt2/1cfindep.htm#wp1001398
>>> >
>>> >
>>>_______________________________________________
>>>cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>>
>>Tim Stevenson, tstevens at cisco.com
>>Routing & Switching CCIE #5561
>>Technical Marketing Engineer, Catalyst 6500 Cisco Systems,
>>http://www.cisco.com IP Phone: 408-526-6759
>>********************************************************
>>The contents of this message may be *Cisco Confidential* and are
>>intended for the specified recipients only.
Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500 Cisco Systems,
http://www.cisco.com IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential* and are
intended for the specified recipients only.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list