Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
472
Views
5
Helpful
4
Replies

PBR question

S891
Level 2
Level 2

ā€Ž04-28-2015 06:09 AM - edited ā€Ž03-05-2019 01:21 AM

I am trying to setup a PBR on Catalyst 6500 SVI. It is basically a simple requirement but I wanted to check the config an d if there is any performance impact. The requirement is that only for traffic initiating from source ip 172.20.10.200 when it reaches the interface vlan 200 it will be sent to next hop address 200.200.200.1. Traffic from any other source should be dealt with normally and routed as per Routing table entries.

*************************************

interface Vlan200

ip address 172.20.30.209 255.255.255.248

ip policy route-map abc

 

access-list 1 permit 172.20.10.200

 route-map abc permit 10
  match ip address 1
  set ip default next-hop 200.200.200.1


 route-map abc permit 20

 

**************************************

 

Now my question is if the "route-map abc permit 20" is required or not?

Is it going to impact on the rest of the traffic for performance as I believe PBR will be software switches? 

Any other consideration?

Thanks

Labels:
0 Helpful
4 Replies 4

Mark Malone
VIP Alumni
VIP Alumni

ā€Ž04-28-2015 06:53 AM

The fact your setting it for next-hop you don't need the permit 20 statement , you would however require this if the route-map was being used for redistribution , i would also use an extended acl if possible

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

ā€Ž04-28-2015 08:30 AM

Your set command is wrong -

"set ip default next-hop 200.200.200.1" means use the routing table first and if only if there isn't a route in the routing table then use the next hop in your set command.

You want to override the routing table so it should be -

"set ip next-hop 200.200.200.1"

PBR is done in hardware on the 6500. There are some commands not supported and some configurations of PBR can cause packets to be sent to the main CPU but you should be okay with your above configuration.

Edit - I also agree with Mark in that I always use extended acls with PBR.

Jon

S891
Level 2
Level 2
In response to Jon Marshall

ā€Ž04-28-2015 08:41 AM

Thanks Jon. Good catch !! So y config will now look like this No need for route-map 20. 

 

interface Vlan200

ip address 172.20.30.209 255.255.255.248

ip policy route-map abc

 

access-list 1 permit 172.20.10.200

 route-map abc permit 10
  match ip address 1
  set ip next-hop 200.200.200.1

 

 

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to S891

ā€Ž04-28-2015 08:51 AM

Yes as long as the vlan 200 interface is where the packets arrive it should work.

As Mark pointed out there is no need for second route map entry with PBR.

I have never used PBR with a standard acl so can't guarantee it would work but can't see why not.

If it doesn't -

access-list 101 permit ip 172.20.10.200 any

Jon

0 Helpful
Customers Also Viewed These Support Documents