I have a route-map setup on a 3560, as shown below:
ip access-list ext 117 10 deny ip any 192.168.0.0 0.0.255.255 (this is to stop any traffic destined for internal subnets being policy routed) 20 permit ip any any (anything that gets past the deny statement is destined for the outside and should be policy routed)
route-map VLAN17 permit 10 match ip address 117 set ip next-hop 192.168.0.14
ip address 192.168.180.254 255.255.255.0
ip policy route-map VLAN17
The purpose of the route-map is to send traffic destined for the outside world that is recieved on int vlan18 via the next-hop of 192.168.0.14, instead of via an OSPF default route being advertised by another router.
Access-list 117 is denying 192.168.0.0 0.0.255.255 so that traffic destined for any internal network will not get policy routed to 192.168.0.14.
The route-map works as expected, but the performance hit from the route-map is enormous. Using QCheck i get about 15Mbps when testing from a vlan 18 host to a host on another internal subnet (192.168.66.0). All interface involved are Gigabit.
The weird thing is that when i remove the deny statement from acl 117, i get expected results in QCheck (even though it is being policy routed the long way via 192.168.0.14).
Is all i can figure out so far is that the performance hit happens when traffic matches the deny statement in acl 117.
Why would traffic matching the deny statement be causing such problems?
Let me know if you need any more info about my setup.
The cat's out of the bag! In October 2020, Cisco announced the Next Generation of Enterprising Routing Platforms: the Catalyst 8000 Edge Platforms Family including the Catalyst 8200, Catalyst 8300, Catalyst 8500, and Catalyst 8000V. The new family of Cats...
Community Live- Smart Licensing Using Policy (Routing) – A Simplified Licensing Approach
(Live event - Tuesday, 18 May, 2021 at 9:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)
This event will have place on Tuesday 18th, May 2021 at 9:00 hrs PDT&nb...
Welcome to the overview guide that covers the latest in Cisco Networking and Data Center innovations and new product introductions. You'll find information on Intent Based Networking updates, special promotions and free trials, as well as exclusive upcom...
Listen: https://smarturl.it/CCRS8E13 99% of organizations use certifications to make hiring decisions. The reason is simple: Cisco certifications bring valuable, measurable rewards to certified IT professionals and the organizations that employ them....
Cisco AI Endpoint Analytics – Deployment guide
This deployment guide is meant for Cisco AI Endpoint Analytics adoption for customers, partners and everyone focusing on Endpoint Visibility and to how achieve it with Endpoint Analytics. It has sections that...