I'm interested to hear from people with experience of engineering high numbers of PBR configs on 4500x (or perhaps any..?) cat switches.
I'm being queried from other (non-network...) technical departments to the possibility of manually PBR'ing 1300 different
source subnets with a "set ip default next-hop X.X.X.X" on a VSS'd 4500x pair we have. Unscalable/unmanageble as far as i am
concerned, but i am interested, has anyone deployed high numbers of manual PBR configs on 4500x's/other Cat's
similarly and if so what was any impact/experience/limits reached ??
It will depend on the number of ACEs required in hardware (ACL TCAM) to program the PBRs on your entire switch. 4500-X supports 128K ACL TCAM entries but the number of TCAM entries depend on so many factors like how optimised your PBR ACL is configured- how you are defining the ACEs permit/deny statement along with L4 ports if any , how many interfaces are configured with PBR, number of class-maps used in a PBR and of-course the size of ACL being used etc. Please note that there are few other features like WCCP etc that also uses the same TCAM.
You need to verify the utilisation of TCAM by using
"sh plat hardware acl statistics utilization brief".
Note that IPV4 PBR requires an enterprise services license. Also keep in mind that you might see little latency and high CPU when you are adding/modifying a big PBR (containing 1200-1300 class-maps) on switch, this is due to few internal processes like Feature Manager, ACL-Flattener etc. The performance was optimised to some great extent through an enhancement bug CSCua59292, make sure you are running a code which has the enhancement integrated.
Info on TCAM commands:
Please rate this post if helpful.
I have issues with PBR on a 4500x.
The Realese notes says that IPv4 PBR is supported with IPBASE licence on version 3.8. I have upgraded my 4500X in VSS to that versión but PBR does not work. All the trafic goes to the default Route.
PBR Support for Multiple Tracking Options
Thank you in advance.