cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
896
Views
4
Helpful
2
Replies

Scalabilty of Policy Based Routing on Catalyst 4500X

martynbeck
Level 1
Level 1

I'm interested to hear from people with experience of engineering high numbers of PBR configs on 4500x (or perhaps any..?) cat switches.

I'm being queried from other (non-network...) technical departments to the possibility of manually PBR'ing 1300 different

source subnets with a "set ip default next-hop X.X.X.X"  on a VSS'd 4500x pair we have.  Unscalable/unmanageble as far as i am

concerned, but i am interested, has anyone deployed high numbers of manual PBR configs on 4500x's/other Cat's

similarly and if so what was any impact/experience/limits reached ??

thnks

Martyn

2 Replies 2

Kallol Bosu
Cisco Employee
Cisco Employee

Hello Martyn,

It will depend on the number of ACEs required in hardware (ACL TCAM) to program the PBRs on your entire switch. 4500-X supports 128K ACL TCAM entries but the number of TCAM entries depend on so many factors like how optimised your PBR ACL is configured- how you are defining the ACEs permit/deny statement along with L4 ports if any , how many interfaces are configured with PBR, number of class-maps used in a PBR and of-course the size of ACL being used etc. Please note that there are few other features like WCCP etc that also uses the same TCAM. 

You need to verify the utilisation of TCAM by using

"sh plat hardware acl statistics utilization brief". 

Note that IPV4 PBR requires an enterprise services license. Also keep in mind that you might see little latency and high CPU when you are adding/modifying a big PBR (containing 1200-1300 class-maps) on switch, this is due to few internal processes like Feature Manager, ACL-Flattener etc.  The performance was optimised to some great extent through an enhancement bug CSCua59292, make sure you are running a code which has the enhancement integrated. 

Info on TCAM commands:  

http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4000-series-switches/66978-tcam-cat-4500.html

Please rate this post if helpful.

Regards,

Kallol

I have issues with PBR on a 4500x.

The Realese notes says that IPv4 PBR is supported with IPBASE licence on version 3.8. I have upgraded my 4500X in VSS to that versión but PBR does not work. All the trafic goes to the default Route.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/ol-38xe-4500e.html

Table 5 LAN Base, IP Base, and Enterprise Services Image Support on Cisco Catalyst 4500E Supervisor Engine 7-E, Supervisor Engine 7L-E, Supervisor Engine 8-E, and Supervisor Engine 8L-E

Feature
LAN Base
IP Base
Enterprise Services

PBR Support for Multiple Tracking Options

Yes

Yes

Yes

Thank you in advance.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco