hi,<div><br></div><div>we use PBR on our RXs. it works ok. all hardware switched at 10Gbps. it's easy to set up - ACL, plus route map to set next-hop. we put our route-maps on ve interfaces.</div><div><br></div><div>
it defaults to *not* matching, so if traffic doesn't match your acl it won't have its next-hop adjusted. you don't need a deny at the end.</div><div><br></div><div>dunno about documentation... I find it pretty difficult to find anything other than what's in the manuals, or on this mailing list (or in japanese).</div>
<div><br></div><div>only thing to be aware of is your CAM partitioning - if your ACL reaches not-that-many entries (keeping in mind a single ACL line can render to several entries in the CAM) you'll find your CAM partition filling up and the only way to adjust the partition size (on an RX, anyway) is to set and reboot the switch... if you're thinking about setting up a big, complex ACL .. think carefully about it and make sure you'll have space in your CAM before you go live.</div>
<div><br></div><div>you're not crazy for trying. it's simple and it seems to work. for us. my only advice is - *only* use it where *necessary* - PBR can be a bastard to troubleshoot when it gets complicated :-)</div>
<div><br></div><div>HTH</div><div><br></div><div>Nick</div><div><br><div class="gmail_quote">On Fri, Feb 5, 2010 at 7:49 PM, seph <span dir="ltr"><<a href="mailto:seph@directionless.org">seph@directionless.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">As I continue to tinker with my network, I'm increasing interesting in<br>
PBR. Unfortunately, the only info I can find is in the Configuration<br>
Guide, which seems sparse. I'm hoping folks here might have some advice.<br>
<br>
Given how small a section in the config guide it has, I wonder how<br>
widely used it is. It feels like an afterthought. Do people actually use<br>
it?<br>
<br>
Is there other documentation that I should be reading?<br>
<br>
If I'm using PBR as sort of a firewall, is there a way to set a default<br>
"don't route these packets"<br>
<br>
Am I crazy for trying?<br>
<br>
Thanks for any advice<br>
<br>
seph<br>
<br>
<br>
_______________________________________________<br>
foundry-nsp mailing list<br>
<a href="mailto:foundry-nsp@puck.nether.net">foundry-nsp@puck.nether.net</a><br>
<a href="http://puck.nether.net/mailman/listinfo/foundry-nsp" target="_blank">http://puck.nether.net/mailman/listinfo/foundry-nsp</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Nick Morrison <<a href="mailto:nick@nick.on.net">nick@nick.on.net</a>><br>
</div>