[c-nsp] PBR in hardware on RSP720

Rinse Kloek rinse.kloek at isp.solcon.nl
Wed Sep 30 10:39:18 EDT 2009


Hmm looks like I discovered some incompatibily.
If I disable the used private hosts layer3 feature, policy routing 
works. Looks like privates hosts blocks the traffic for policy routing:

#sh tcam int gi2/1 acl in other module 5

    deny         other host 0200.0000.0001 any
    deny         other host 0023.5ed9.7140 any
    permit       other any 3333.0000.0000 ffff.0000.0000
    permit       other any 0100.5e00.0000 ffff.ff80.0000
    permit       other any host 0200.0000.0001 (7 matches)
    permit       other any host 0023.5ed9.7140
    redirect     other any host ffff.ffff.ffff
    deny         other any any

#no private-hosts layer3
sh tcam int gi2/1 acl in other module 5
<empty>

regards Rinse

Peter Rathlev schreef:
> On Wed, 2009-09-30 at 12:45 +0200, Rinse Kloek wrote:
>   
>> "The Policy Feature Card (PFC) and any Distributed Feature Cards
>> (DFCs) provide hardware support for policy-based routing (PBR) for
>> route-map sequences that use the match ip address, set ip next-hop,
>> and ip default next-hop PBR keywords."
>>
>> How do I have to read this rule ? Only if I use these 3 commands, the 
>> traffic will be policy routed through the PFC ?
>>     
>
> That is as I understand it yes.
>
>   
>> And what about other rules. It looks like other Policy Routing rules 
>> don't even get processed. So the only way the get these rules matched
>> is disabling mls ip on the interface where the route-map is set ?
>>     
>
> That also seems right, though I thought it was "mls switching unicast";
> the commands seem to enable/disable each other though.
>
> The switch might process the traffic in software even without disabling
> hardware switching, but that wouldn't always be a good idea, considering
> the perfomance impact.
>
> Regards,
> Peter
>
>
>   


More information about the cisco-nsp mailing list