[c-nsp] Hardware PBR on Sup720/PFC3BXL

Peter Rathlev peter at rathlev.dk
Tue Jan 19 13:39:39 EST 2010 

Hi Robert,

On Mon, 2010-01-18 at 13:14 +0100, Robert Hass wrote:
> I have to implement some Policy-Based Routing (PBR) route-map's on few
> Catalyst 6500. We currently using Sup720/PFC3BXL with IOS
> 12.2(33)SXH6, but we can migrate to SXI if it helps. Are below PBR
> route-map's are supported in hardware on PFC3B/DFC3B ?
> 
> route-map pbr2 permit 10
>  set global
> !
> route-map pbr permit 10
>  match ip address 160
>  set vrf r2
> !
> access-list 160 permit tcp any x.x.0.0 0.0.255.255 eq 780
> access-list 160 permit tcp any x.x.0.0 0.0.255.255 eq 782
> access-list 160 permit tcp any x.x.0.0 0.0.255.255 eq 787
> access-list 160 permit tcp any x.x.0.0 0.0.255.255 eq 790
> access-list 160 permit tcp any x.x.0.0 0.0.255.255 eq 796
> access-list 160 permit tcp any x.x.0.0 0.0.255.255 range 50000 51000

A Sup720-10G running SXI will at least eat the commands. I'm afraid I
don't have enough of a setup to test throughput, but it doesn't give any
warnings at least.

I'm also no expert in Feature Manager output, but as far as I can see it
should be supported in hardware:

R1(config)#ip vrf r2
R1(config-vrf)#rd 1:1
R1(config-vrf)#exit
R1(config)#access-list 160 permit tcp any 10.6.0.0 0.0.255.255 eq 780
R1(config)#access-list 160 permit tcp any 10.6.0.0 0.0.255.255 eq 782
R1(config)#access-list 160 permit tcp any 10.6.0.0 0.0.255.255 eq 787
R1(config)#access-list 160 permit tcp any 10.6.0.0 0.0.255.255 eq 790
R1(config)#access-list 160 permit tcp any 10.6.0.0 0.0.255.255 eq 796
R1(config)#access-list 160 permit tcp any 10.6.0.0 0.0.255.255 range 50000 51000
R1(config)#route-map pbr2 permit 10
R1(config-route-map)#set global
R1(config-route-map)#exit
R1(config)#route-map pbr permit 10
R1(config-route-map)#match ip address 160
R1(config-route-map)#set vrf r2
R1(config-route-map)#exit
R1(config)#interface Gi4/20
R1(config-if)#no shutdown
00094: Jan 19 19:10:39.653 CET: %LINK-3-UPDOWN: Interface GigabitEthernet4/20, changed state to down
R1(config-if)#
000095: Jan 19 19:10:39.656 CET: %LINK-SP-3-UPDOWN: Interface GigabitEthernet4/20, changed state to down
R1(config-if)#
000096: Jan 19 19:10:39.660 CET: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface GigabitEthernet4/20, changed state to down
R1(config-if)#ip addr 10.6.7.1 255.255.255.252
R1(config-if)#ip policy route-map pbr
000097: Jan 19 19:10:54.897 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface VRF_2_vlan4076, changed state to up
R1(config-if)#^Z
000098: Jan 19 19:11:54.169 CET: %SYS-5-CONFIG_I: Configured from console by someone on vty0 (x.x.x.x)
R1#
R1#sh fm features  bri | begin ^Interface: Gi.*4/20
Interface: GigabitEthernet4/20 IP is enabled
  hw_state[INGRESS] = not reduced, hw_state[EGRESS] = not reduced
  mcast = 0
  priority = 0
  flags = 0x4
  parent[INGRESS] = none
  inbound label: 36
    Feature PBR - Policy Based Routing:
      Route-Map : pbr
        Sequence 65536 	Result: FM_RESULT_PERMIT
        Sequence 10 	Result: FM_RESULT_ADJREDIRECT
        Sequence 65537 	Result: FM_RESULT_PERMIT
    Feature IPV4 Default Result Feature:

    Feature OTHER Default Result Feature:

[...]
R1#

The full output of "show fm interface Gi4/20" and "show fm fie interface
Gi4/20" also seem to support this being hardware switched.

HTH

-- 
Peter

More information about the cisco-nsp mailing list