[c-nsp] Question on the Use of Policy Based Routing

Oliver Garraux oliver at g.garraux.net
Tue Mar 6 23:56:35 EST 2012


On Tue, Mar 6, 2012 at 11:47 PM, Andrew Miehs <andrew at 2sheds.de> wrote:
> On 07/03/2012, at 1:55 PM, Zach Williams wrote:
>> I'm having a tough time finding best-practices information on the use of
>> PBR and was wondering what cisco-nsp thought of this setup.
>
> I wouldn't use it at all - other than perhaps for a short term migration issue.
> 6 months later, debugging will be a nightmare as no one will remember exactly what was configured.
>
> Does PBR still cause the performance issues it did in the past, forcing every packet through the CPU?
>
> Andrew

I think it varies by platform. IIRC, PBR can usually be done in
hardware, except if denies are used in the ACL's.

We use PBR quite a bit to route return traffic back through our load
balancers.  That's a bit different situation than the poster mentioned
though.

We've run into issues with it periodically on our Nexus 7k's though
due to the buggy version of NX-OS we're on.

Oliver


More information about the cisco-nsp mailing list