I have a route-map configured and binded to one of my VLAN interface to route all VLAN traffic to a particular destiantion IP.
We have matched an access list in sequence 10 where in we permit & and deny a few IPs.There is no match for sequence 20 however we have huge packets hitting this. I would like to know what is the role of sequence 20 in this route map & whether there will be any impact if we removet his sequence?
route-map SWG-PROXY, permit, sequence 10
ip address (access-lists): SWG-PROXY-TRAFFIC
ip next-hop 10.226.32.74
Policy routing matches: 6815244 packets, 644209072 bytes
route-map SWG-PROXY, permit, sequence 20
Policy routing matches: 254379497 packets, 771322447 bytes
in a PBR route-map you don't need an empty explicit route-map sequence because what in not matched in the first sequence will simply be routed by RIB. It's totally different from a route-map used in BGP for example.
I don't se the need for this entry then and debug ip policy would show us these traffics to be not policy-routed.
Don't forget to rate helpful posts.
I think I am going to disagree with Reza on this.
If your using this route-map for pure PBR purposes (no route redistribution), then there is no need for a default permit statement at the end of your policy. Since there is no "set" statement, the IOS will be using the routing table for the routing decisions. You will not see any impact if you remove the last sequence.
I have the following route-map on a 6500:
route-map SA permit 10
match ip address 100
set ip next-hop 192.168.x.x
I have nothing other than sequence 10. The traffic that doesn't match access list 100, gets sent to the routing table.
In a 6500 This configuration can cause a HARD_BRIDGE_RESULT to be programmed in the TCAM, causing every packet that doesn’t match the policy to punted to the MSFC resulting in possible high cpu. The amount of increase in the CPU would depend on the rate of the traffic hitting the empty route map. I assume other hardware can have similar issues.
In my experience, it is best not to have the empty sequence.