[f-nsp] Policy based routing?

Nick Morrison nick at nick.on.net
Fri Feb 5 15:02:42 EST 2010


hi,

we use PBR on our RXs.  it works ok.  all hardware switched at 10Gbps.  it's
easy to set up - ACL, plus route map to set next-hop. we put our route-maps
on ve interfaces.

it defaults to *not* matching, so if traffic doesn't match your acl it won't
have its next-hop adjusted.  you don't need a deny at the end.

dunno about documentation... I find it pretty difficult to find anything
other than what's in the manuals, or on this mailing list (or in japanese).

only thing to be aware of is your CAM partitioning - if your ACL reaches
not-that-many entries (keeping in mind a single ACL line can render to
several entries in the CAM) you'll find your CAM partition filling up and
the only way to adjust the partition size (on an RX, anyway) is to set and
reboot the switch...  if you're thinking about setting up a big, complex ACL
.. think carefully about it and make sure you'll have space in your CAM
before you go live.

you're not crazy for trying.  it's simple and it seems to work.  for us.  my
only advice is - *only* use it where *necessary* - PBR can be a bastard to
troubleshoot when it gets complicated :-)

HTH

Nick

On Fri, Feb 5, 2010 at 7:49 PM, seph <seph at directionless.org> wrote:

> As I continue to tinker with my network, I'm increasing interesting in
> PBR. Unfortunately, the only info I can find is in the Configuration
> Guide, which seems sparse. I'm hoping folks here might have some advice.
>
> Given how small a section in the config guide it has, I wonder how
> widely used it is. It feels like an afterthought. Do people actually use
> it?
>
> Is there other documentation that I should be reading?
>
> If I'm using PBR as sort of a firewall, is there a way to set a default
> "don't route these packets"
>
> Am I crazy for trying?
>
> Thanks for any advice
>
> seph
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>



-- 
Nick Morrison <nick at nick.on.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20100205/0b8eff26/attachment.html>


More information about the foundry-nsp mailing list