[c-nsp] PBR on 6500
Darius L
darius4cisco at gmail.com
Thu Jul 10 15:25:11 EDT 2008
Hello All,
I have a question about policy based routing on Cat6500. I want to
split HTTP traffic and route it through proxy and route rest of the
traffic straight to the internet. The only thing that worries me is
will 6500 with sup720 be powerful enough to route 1-10Gbps of traffic
with PBR. I know that sup720 does PBR in hardware (PFC) but I want to
mach with acl on destination port so it will be L4 decision and I'm
not sure will it forward in hardware or will fallback to process
switching. My configuration would look like this:
Access-list 123 permit tcp any any eq 80
Access-list 123 permit tcp any any eq 443
Access-list 123 permit tcp any any eq ftp
!
Route-map WEB permit 10
Match ip address 123
Set ip netx-hop 1.2.3.4
!
Interface vlan123
Ip vrf TESTS1
Ip address 2.3.4.5 255.255.255.0
Ip policy route-map WEB
Ip route-cache policy
!
I thought I would add another VRF in front of FWSM in 6500 and will
put PBR on it.
My physical design looks like this:
IP Cloud) <=>(Cisco SCE2020) <=>
(Cat6513Sup720<->FWSM<->VRF<->ACE<->(OUT VRF)[rt import/export](VRF
Intenet))<=>ASA55xx
Maybe it's worth to mark "interesting" traffic on SCE with DSCP or
something but I checked that on Cat6500 I can only do mach in
route-map on access-list …
All suggestions appreciated.
Regards,
Darius
More information about the cisco-nsp
mailing list